Skip to content

Resolve "BIND is not compatible with LibreSSL 3.5.0"

Arаm Sаrgsyаn requested to merge 3172-libressl-3.5.0-compat into main

Remove EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() shims.

LibreSSL 3.5.0 fails to compile with these shims. We could have just removed the LibreSSL check from the pre-processor condition, but it seems that these shims are no longer needed because all the supported versions of OpenSSL and LibreSSL have those functions.

According to EVP_ENCRYPTINIT(3) manual page in LibreSSL, EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() first appeared in OpenSSL 0.9.8b, and have been available since OpenBSD 4.5.

Also, use autoconf check for BN_GENCB_new().

BIND unconditionally uses shims for BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() for all LibreSSL versions and, correctly, for OpenSSL <1.1.0 versions.

This breaks LibreSSL compilation starting with LibreSSL 3.5.0.

Use autoconf check instead to check whether the family of the functions are available.

Closes #3172 (closed)

Merge request reports