On Wed, Mar 16, 2016 at 10:52:39PM +0000, Richard Moore wrote:
> On 16 March 2016 at 22:39, Viktor Dukhovni <openssl-users at dukhovni.org>
> wrote:
>
> > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> > with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled
> > features, not deleted code.
> >
>
> ?That's the major flaw of the current design of flagging when features are
> disabled rather than when they're present. I'm sure you'll get plenty more
> reports like this.
Use feature probing via autoconf, or just:
#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_NO_SSL2)
/* SSLv2 available */
#else
/* SSLv2 not available */
#endif
Better yet, drop support for SSLv2, and then you don't care whether OpenSSL
provides it or not.
--
Viktor.
