TLS Server IP address detection broken
(1) By Ashish SHUKLA (ashish) on 2019-03-29 18:06:24 [source]
Since [f517cb7f], TLS server IP address detection is broken again (which was unbroken through my provided patch in [8a4ad5cb]) on OpenSSL 1.1.x platform, as
BIO_get_conn_address is defined as a C pre-processor macro:
Also I think
BIO_get_conn_address are only introduced in OpenSSL v1.1, so probably it's safe to check only for presence of
BIO_ADDR_hostname_string function, in short, revert [f517cb7f].
Also, we can rely on
HAVE_BIO_ADDR_HOSTNAME_STRING, instead of defining redundant
I'm testing on FreeBSD 12 (amd64).
Done. That gave me a chance to finally try out "fossil merge --backout" so we can see the nifty dashed line rendering: https://www.fossil-scm.org/index.html/timeline?c=2019-03-30+15:40:18 Also, regarding HAVE_BIO_ADDR_HS vs HAVE_BIO_ADDR_HOSTNAME_STRING, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what way HAVE_BIO_ADDR_HS is redundant. Or did you mean that we could rely on BIO_get_conn_address instead of having Fossil detect BIO_ADDR_hostname_string? For example: #ifdef BIO_get_conn_address ... #else ... #endif Thanks, Andy
Thank you for reverting.
HAVE_BIO_ADDR_HOSTNAME_STRING, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what way
It seems like it gets defined, courtesy:
cc-check-function-in-lib, when the function in question is successfully found. Following is an excerpt from
autoconfig.h on my host after configuring Fossil for building while at checkout
#define FOSSIL_ENABLE_TH1_DOCS 1 #define FOSSIL_ENABLE_TH1_HOOKS 1 #define FOSSIL_HAVE_FUSEFS 1 #define HAVE_ARPA_NAMESER_H 1 /* #undef HAVE_BACKTRACE */ /* #undef HAVE_BIND_RESOLV_H */ #define HAVE_BIO_ADDR_HOSTNAME_STRING 1 #define HAVE_BIO_ADDR_HS 1 #define HAVE_DLOPEN 1 #define HAVE_DN_EXPAND 1
Indeed cc-check-function-in-lib does so automatically---though I was not aware of this behavior---so I've cleaned it up further and removed the redundancy. I tested it on a system that has OpenSSL 1.1.0 and verified that nm reports the symbol for BIO_ADDR_hostname_string(). Thanks, Andy