On 2009-10-16 at 04:14 -0700, Phil Pennock wrote:
> Crap. This is my code. Although the actual commit is revision 1.16 or
> tls-openssl.c, which adds the reference to EVP_sha256(). That's for
> Bugzilla #674.
>
> You're linking against OpenSSL, right?
>
> What does running:
> openssl version
> say?
>
> EVP_sha256() was added in 2004; surely any version of OpenSSL old enough
> to lack this support has major security issues and is a danger to the
> system it's running on?
>
> It looks like it might be 0.9.8-onwards. But I can't find any
> authoritative statement to that effect, only third-party comments.
Found statement in the changelog file inside an OpenSSL distribution.
(Where I should perhaps have looked before using a search-engine.)
Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
[...]
*) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
[Andy Polyakov and a number of other people]
So, tiny patch attached to:
http://bugs.exim.org/show_bug.cgi?id=674
If you grab the one called:
Make SHA256 loading conditional upon OpenSSL >= 0.9.8
and apply it, do your build problems go away?
-Phil
