Remove defines for LibreSSL < 2.7. #95
Conversation
Only LibreSSL 2.7 and 2.8 are currently supported by the LibreSSL project. The compile time check for 2.2 and 2.5 is not necessary for an up-to-date system. LibreSSL developers recommend to remove the untested ifdef maze for unsupported libraries.
|
Before merging this, I'd like to better understand possible effects of this change. For example, are there systems that ship with LibreSSL < 2.7 that are supported by their vendor? I know that MacOS 10.14 (Mojave) comes with LibreSSL 2.6.4 but it does not include headers, so that's not a concern. This is closest I know but are there others that would need the ifdefs? If the above is not a problem, I'm fine with dropping unnecessary ifdefs. |
|
As far as I'm aware, the only OS we support that ships with a full copy of LibreSSL is OpenBSD - it's an experimental option on other supported OSes (FreeBSD, Gentoo, possibly others) but their documentation explicitly says to expect breakage by replacing OpenSSL with LibreSSL, so I think it's safe to assume that anyone who does that is capable of building an up-to-date LibreSSL package or otherwise sorting out the mess themselves. Since OpenBSD 6.2-release is the last version containing LibreSSL <= 2.6 and that's no longer supported, I'm fine with merging this. |
|
The OpenBSD and LibreSSL philosophy is to have few #ifdef, especially for certain versions. We think this results in a lot of untested code variations. The better solution is to update the underlying library. So the LibreSSL developers pushed me in that direction. As there are some concerns in Net::SSLeay, I did not push this further. Note that in the meantime there is one more version dependent #ifdef for LibreSSL 2.5 in your code. |
Only LibreSSL 2.7 and 2.8 are currently supported by the LibreSSL
project. The compile time check for 2.2 and 2.5 is not necessary
for an up-to-date system. LibreSSL developers recommend to remove
the untested ifdef maze for unsupported libraries.