SSL_CONF_cmd(): SecurityLevel keyword, by chance?
Matt Caswell
matt at openssl.org
Tue Jan 12 11:26:39 UTC 2021
Please raise your patch as a PR so that it can properly reviewed. You'll
also need to submit a CLA:
https://www.openssl.org/policies/cla.html
Thanks
Matt
On 11/01/2021 22:19, Steffen Nurpmeso wrote:
> Hello.
>
> Matt Caswell wrote in
> <eea19b85-2030-15ed-c1d0-d8594c8cd097 at openssl.org>:
> |On 09/01/2021 23:24, Steffen Nurpmeso wrote:
> |> Hello.
> |>
> |> I do use SSL_CONF_cmd() (and modules) possibility if it exists,
> |> since it allow users to simply use the features of the newest
> |> OpenSSL library without any code changes on my side.
> |> This is great, and i think i applauded in the past.
> |>
> |> I discovered security_level(), needless to say i thought
> |> @SECLEVEL= of ciphers(1) was broken until i discovered -s is
> |> required to make it functional (..and do not get me started on
> |> -ciphersuites..).
> |>
> |> Wouldn't it make sense to offer SecurityLevel as a keyword for
> |> SSL_CONF_cmd(), and therefore also SSL_CTX_config(), too -- since
> |> it seems (from the manual) to extend to more than what i would
> |> assume to be covered by a @SECLEVEL member of CipherString aka
> |> ..Ciphersuites...?
> |
> |This is probably a good idea. I'd support it if someone wanted to add that.
>
> Please find a simple add-on attached, it could be it ("having no
> idea of the codebase"..). It compiles, but when linking against
> 678cae0295e3f (master from today) plus the patch i get errors:
>
> In file included from /home/steffen/src/nail.git/src/mx/xtls.c:60:
> /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected declaration specifiers or '...' before 'ossl_check_const_GENERAL_NAME_sk_type'
> 402 | DEFINE_STACK_OF(GENERAL_NAME)
> | ^~~~~~~~~~~~~~~
> /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected ')' before '*' token
> 402 | DEFINE_STACK_OF(GENERAL_NAME)
> | ^~~~~~~~~~~~~~~
> /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected ')' before 'OPENSSL_sk_value'
> 402 | DEFINE_STACK_OF(GENERAL_NAME)
> | ^~~~~~~~~~~~~~~
> In file included from /home/steffen/usr-kent-linux-x86_64/opt/.ossl3/include/openssl/crypto.h:35,
> from /home/steffen/src/nail.git/src/mx/xtls.c:53:
> /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected identifier or '(' before 'struct'
> 402 | DEFINE_STACK_OF(GENERAL_NAME)
> | ^~~~~~~~~~~~~~~
> In file included from /home/steffen/src/nail.git/src/mx/xtls.c:60:
> /home/steffen/src/nail.git/src/mx/xtls.c:402:4: error: expected ')' before 'OPENSSL_sk_new'
> 402 | DEFINE_STACK_OF(GENERAL_NAME)
> | ^~~~~~~~~~~~~~~
> /home/steffen/src/nail.git/src/mx/xtls.c:402:1: error: macro "sk_GENERAL_NAME_new_null" passed 1 arguments, but takes just 0
> 402 | DEFINE_STACK_OF(GENERAL_NAME)
> | ^ ~~~~~~~~~~~~~~~~~~~~~
> In file included from /home/steffen/src/nail.git/src/mx/xtls.c:60:
> /home/steffen/usr-kent-linux-x86_64/opt/.ossl3/include/openssl/x509v3.h:225: note: macro "sk_GENERAL_NAME_new_null" defined here
> 225 | #define sk_GENERAL_NAME_new_null() ((STACK_OF(GENERAL_NAME) *)OPENSSL_sk_new_null())
> |
>
> I have not tested OpenSSL 3.0 for a while, but it was clean when
> i tried it last, my last commit was "Be truly
> OPENSSL_NO_DEPRECATED_3_0 clean" on 2020-07-19. I used
>
> ./config --prefix=/home/steffen/usr-kent-linux-x86_64/opt/.ossl3 \
> zlib-dynamic shared no-deprecated no-async threads no-tests \
> -Wl,-rpath,'$(LIBRPATH)'
>
> on a current glibc Linux (CRUX-Linux 3.6).
>
> Ciao from Germany,
>
> --steffen
> |
> |Der Kragenbaer, The moon bear,
> |der holt sich munter he cheerfully and one by one
> |einen nach dem anderen runter wa.ks himself off
> |(By Robert Gernhardt)
>
More information about the openssl-users
mailing list