Bug 53512 - OPENSSL_NO_SSL_INTERN should not be defined with OPENSSL_VERSION_NUMBER 0x10001000
OPENSSL_NO_SSL_INTERN should not be defined with OPENSSL_VERSION_NUMBER 0x100...
Status: RESOLVED WONTFIX
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl
2.4.2
All NetBSD
: P2 normal (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2012-07-05 13:09 UTC by Ryo ONODERA
Modified: 2012-09-01 06:40 UTC (History)
0 users



Attachments
Exclude 0x10001000 (517 bytes, application/octet-stream)
2012-07-05 13:09 UTC, Ryo ONODERA
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ryo ONODERA 2012-07-05 13:09:36 UTC
Created attachment 29033 [details]
Exclude 0x10001000

OPENSSL_VERSION_NUMBER 0x10001000 (pre-beta snapshot of OpenSSL 1.0.1) does not have some functions, for example SSL_SESSION_get_compress_id.
PLease exclude 0x10001000 from the conditional of OPENSSL_NO_SSL_INTERN definition.

NetBSD 6.99.8 and 6.0_BETA2 are shipped with OPENSSL_VERSION_NUMBER 0x10001000.
Please see http://gnats.netbsd.org/46655 .
Comment 1 Kaspar Brand 2012-07-08 10:00:02 UTC
Increasing the version check to require 1.0.1-beta1 is a way to address this, that's right, but frankly, the proper fix is for NetBSD to pick up a *released* version of OpenSSL.

Both 6.0_BETA2 and 6.99.8 seem to have a snapshot from 5 June 2011 (http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssl/dist/crypto/opensslv.h?rev=HEAD) - which lacks numerous fixes compared to 1.0.1, and of course even more compared to 1.0.1c: see e.g. http://cvs.openssl.org/filediff?f=openssl/CHANGES&v1=1.1481.2.56&v2=1.1481.2.56.2.103.

I would really urge NetBSD to pull up a more recent OpenSSL *release* (and not repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I was really hoping for this to be a one-time screw up).
Comment 2 Kaspar Brand 2012-09-01 06:40:02 UTC
(In reply to comment #1)
> I would really urge NetBSD to pull up a more recent OpenSSL *release* (and
> not repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I
> was really hoping for this to be a one-time screw up).

Hurrah, seems like someone has listened:

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssl/dist/crypto/opensslv.h?rev=1.3.4.1&content-type=text/x-cvsweb-markup
http://releng.netbsd.org/cgi-bin/req-6.cgi?show=491