Please raise your patch as a PR so that it can properly reviewed. You'll also need to submit a CLA: https://www.openssl.org/policies/cla.html Thanks Matt On 11/01/2021 22:19, Steffen Nurpmeso wrote: > Hello. > > Matt Caswell wrote in > <eea19b85-2030-15ed-c1d0-d8594c8cd097@xxxxxxxxxxx>: > |On 09/01/2021 23:24, Steffen Nurpmeso wrote: > |> Hello. > |> > |> I do use SSL_CONF_cmd() (and modules) possibility if it exists, > |> since it allow users to simply use the features of the newest > |> OpenSSL library without any code changes on my side. > |> This is great, and i think i applauded in the past. > |> > |> I discovered security_level(), needless to say i thought > |> @SECLEVEL= of ciphers(1) was broken until i discovered -s is > |> required to make it functional (..and do not get me started on > |> -ciphersuites..). > |> > |> Wouldn't it make sense to offer SecurityLevel as a keyword for > |> SSL_CONF_cmd(), and therefore also SSL_CTX_config(), too -- since > |> it seems (from the manual) to extend to more than what i would > |> assume to be covered by a @SECLEVEL member of CipherString aka > |> ..Ciphersuites...? > | > |This is probably a good idea. I'd support it if someone wanted to add that. > > Please find a simple add-on attached, it could be it ("having no > idea of the codebase"..). It compiles, but when linking against > 678cae0295e3f (master from today) plus the patch i get errors: > > In file included from /home/steffen/src/nail.git/src/mx/xtls.c:60: > /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected declaration specifiers or '...' before 'ossl_check_const_GENERAL_NAME_sk_type' > 402 | DEFINE_STACK_OF(GENERAL_NAME) > | ^~~~~~~~~~~~~~~ > /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected ')' before '*' token > 402 | DEFINE_STACK_OF(GENERAL_NAME) > | ^~~~~~~~~~~~~~~ > /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected ')' before 'OPENSSL_sk_value' > 402 | DEFINE_STACK_OF(GENERAL_NAME) > | ^~~~~~~~~~~~~~~ > In file included from /home/steffen/usr-kent-linux-x86_64/opt/.ossl3/include/openssl/crypto.h:35, > from /home/steffen/src/nail.git/src/mx/xtls.c:53: > /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected identifier or '(' before 'struct' > 402 | DEFINE_STACK_OF(GENERAL_NAME) > | ^~~~~~~~~~~~~~~ > In file included from /home/steffen/src/nail.git/src/mx/xtls.c:60: > /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected ')' before 'OPENSSL_sk_new' > 402 | DEFINE_STACK_OF(GENERAL_NAME) > | ^~~~~~~~~~~~~~~ > /home/steffen/src/nail.git/src/mx/xtls.c:402:1: error: macro "sk_GENERAL_NAME_new_null" passed 1 arguments, but takes just 0 > 402 | DEFINE_STACK_OF(GENERAL_NAME) > | ^ ~~~~~~~~~~~~~~~~~~~~~ > In file included from /home/steffen/src/nail.git/src/mx/xtls.c:60: > /home/steffen/usr-kent-linux-x86_64/opt/.ossl3/include/openssl/x509v3.h:225: note: macro "sk_GENERAL_NAME_new_null" defined here > 225 | #define sk_GENERAL_NAME_new_null() ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_new_null()) > | > > I have not tested OpenSSL 3.0 for a while, but it was clean when > i tried it last, my last commit was "Be truly > OPENSSL_NO_DEPRECATED_3_0 clean" on 2020-07-19. I used > > ./config --prefix=/home/steffen/usr-kent-linux-x86_64/opt/.ossl3 \ > zlib-dynamic shared no-deprecated no-async threads no-tests \ > -Wl,-rpath,'$(LIBRPATH)' > > on a current glibc Linux (CRUX-Linux 3.6). > > Ciao from Germany, > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) >
