On 09/15/2016 02:03 AM, Andreas Karlsson wrote:
> On 09/12/2016 06:51 PM, Heikki Linnakangas wrote:
>> Changes since last version:
>>
>> * Added more error checks to the my_BIO_s_socket() function. Check for
>> NULL result from malloc(). Check the return code of BIO_meth_set_*()
>> functions; looking at OpenSSL sources, they always succeed, but all the
>> test/example programs that come with OpenSSL do check them.
>>
>> * Use BIO_get_new_index() to get the index number for the wrapper BIO.
>>
>> * Also call BIO_meth_set_puts(). It was missing in previous patch
>> versions.
>>
>> * Fixed src/test/ssl test suite to also work with OpenSSL 1.1.0.
>>
>> * Changed all references (in existing code) to SSLEAY_VERSION_NUMBER
>> into OPENSSL_VERSION_NUMBER, for consistency.
>>
>> * Squashed all into one patch.
>>
>> I intend to apply this to all supported branches, so please have a look!
>> This is now against REL9_6_STABLE, but there should be little difference
>> between branches in the code that this touches.
>
> This patch no longer seems to apply to head after the removed support of
> 0.9.6. Is that intentional?
Never mind. I just failed at reading.
Now for a review:
It looks generally good but I think I saw one error. In
fe-secure-openssl.c your code still calls SSL_library_init() in OpenSSL
1.1. I think it should be enough to just call
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) like you do in be-secure.
Andreas