httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Two questions on mod_ssl source code details
Date Fri, 22 May 2015 16:46:31 GMT
On Fri, May 22, 2015 at 6:29 PM, Rainer Jung <rainer.jung@kippdata.de> wrote:
>
> 2) In modules/ssl/ssl_private.h I see
>
> /**
>   * The following features all depend on TLS extension support.
>   * Within this block, check again for features (not version numbers).
>   */
> #if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
>
> #define HAVE_TLSEXT

I guess this was (one of) the first TLS extention added to OpenSSL,
hence OPENSSL_NO_TLSEXT was probably defined at the same time as
SSL_set_tlsext_host_name.
This code checks if extensions are not disabled (OPENSSL_NO_TLSEXT),
but that's relevent only if they exist in OpenSSL
(SSL_set_tlsext_host_name).

>
> Should we switch the code to:
>
> /**
>   * The following features all depend on TLS extension support.
>   * Within this block, check again for features (not version numbers).
>   */
> #if !defined(OPENSSL_NO_TLSEXT)

That would be true before OPENSSL_NO_TLSEXT existed...

Regards,
Yann.

Mime
View raw message