On 02/05/2024 13:24, Daniel Gustafsson wrote:
>> On 2 May 2024, at 11:30, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
>> And I don't see the symbol in a fresh checkout of the portable libressl repository at
https://github.com/libressl/portable.
>
> The portable repo only contains the portable parts, did you pull the libssl
> code with ./autogen?
Ah, ok, I did not.
If so you should be able to see it, like below:
>
> :~/dev/tls/libressl $ git clone git@github.com:libressl/portable.git
> :~/dev/tls/libressl $ cd portable/
> :~/dev/tls/libressl/portable (master) $ git checkout OPENBSD_7_0
> branch 'OPENBSD_7_0' set up to track 'origin/OPENBSD_7_0'.
> Switched to a new branch 'OPENBSD_7_0'
> :~/dev/tls/libressl/portable (OPENBSD_7_0) $ ./autogen.sh
> ...
> :~/dev/tls/libressl/portable (OPENBSD_7_0) $ cd openbsd/
> :~/dev/tls/libressl/portable/openbsd (OPENBSD_7_0) $ git grep SSL_AD_NO_APPLICATION_PROTOCOL
> src/lib/libssl/ssl.h:#define SSL_AD_NO_APPLICATION_PROTOCOL 120
> src/lib/libssl/ssl_tlsext.c: *alert = SSL_AD_NO_APPLICATION_PROTOCOL;
>
> This makes targeting 7.0 as the lowest LibreSSL version appealing in my
> patchset for removing support for old OpenSSL and LibreSSL versions.
Works for me. Although there's little harm in keeping the "#ifdef
SSL_AD_NO_APPLICATION_PROTOCOL" either, if that's the only thing missing
from 6.9.
--
Heikki Linnakangas
Neon (https://neon.tech)