On Thu, Oct 20, 2022 at 6:43 PM Ævar Arnfjörð Bjarmason
<avarab@xxxxxxxxx> wrote:
> Since [1] the default SHA-1 backend on OSX has been
> APPLE_COMMON_CRYPTO. Per [2] we'll skip using it on anything older
> than Mac OS X 10.4 "Tiger"[3].
>
> When "DC_SHA1" was made the default in [4] this interaction between it
> and APPLE_COMMON_CRYPTO seems to have been missed in. Ever since
> DC_SHA1 was "made the default" we've still used Apple's CommonCrypto
> instead of sha1collisiondetection on modern versions of Darwin and
> OSX.
>
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
> ---
> diff --git a/Makefile b/Makefile
> @@ -519,6 +519,11 @@ include shared.mak
> +# Define NO_APPLE_COMMON_CRYPTO on OSX to opt-out of using the
> +# "APPLE_COMMON_CRYPTO" backend for SHA-1, which is currently the
> +# default on that OS. We'll define NO_APPLE_COMMON_CRYPTO on Mac OS
> +# 10.4 or older ("Tiger", released in early 2005).
I found the "we'll define..." part somewhat confusing. I might have
written it as:
On macOS 01.4 (Tiger) or older, NO_APPLE_COMMON_CRYPTO
is defined by default.
or:
...is defined automatically.
Probably not worth a reroll.
