> On 19 Oct 2021, at 12:52, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Tue, Oct 19, 2021 at 10:34:10AM +0200, Daniel Gustafsson wrote:
>> I think we can tighten the check for GetOpenSSLVersion() a bit since we now now
>> the range of version in the 1.x.x series. For these checks we know we want
>> 1.1.x or 3.x.x, but never 2.x.x etc.
>>
>> How about the (untested) attached which encodes that knowledge, as well as dies
>> on too old OpenSSL versions?
>
> One assumption hidden behind the scripts of src/tools/msvc/ is that we
> have never needed to support OpenSSL <= 1.0.1 these days
Right, I was going off the version stated in the documentation which doesn't
list per OS requirements.
> ..(see for
> example HAVE_X509_GET_SIGNATURE_NID always set to 1, introduced in
> 1.0.2) because the buildfarm has no need for it and there is no MSI
> for this version for years (except if compiling from source, but
> nobody would do that for an older version anyway with their right
> mind). If you try, you would already get a compilation failure pretty
> quickly. So I'd rather keep the code as-is and not add the extra
> sudden-death check.
Fair enough, there isn't much use in protecting against issues that will never
happen.
The other proposal, making sure that we don't see a version 2.x.x creep in (in
case a packager decides to play cute like how has happened in other OS's) seem
sane to me, but I'm also not very well versed in Windows so you be the judge
there.
--
Daniel Gustafsson https://vmware.com/