The addition of a new TLS capability (SNI) seems to have left CentOS 5.x
out in the cold. C5x comes with (by now a heavily patched) openssl 0.9.8e,
which does not support SNI. Quoting from
http://stackoverflow.com/questions/7340784/easy-install-pyopenssl-error :
"Support for SNI was introduced in OpenSSL 0.9.8f. Thus, pyOpenSSL 0.13
will build with OpenSSL 0.9.8f or later, but not OpenSSL 0.9.8e or earlier,
where the APIs it expects to be wrapping do not exist."
The compile fails as per the following. Ignore the ugly includes of srs
and srs/src, I do some trickery in my spec file and build these libs into
modules and package it all together.
gcc -c -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I/usr/include
-I/usr/include -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -DSPF -DSRS
-fpie -DSPF -I../src -I../../src -I../src/srs/src -I../../src/srs/src
-I../../src/srs -std=gnu99 -I. -I/usr/kerberos/include tls.c
In file included from tls.c:97:
tls-openssl.c: In function 'tls_servername_cb':
tls-openssl.c:546: warning: implicit declaration of function
'SSL_get_servername'
tls-openssl.c:546: error: 'TLSEXT_NAMETYPE_host_name' undeclared (first use
in this function)
tls-openssl.c:546: error: (Each undeclared identifier is reported only once
tls-openssl.c:546: error: for each function it appears in.)
tls-openssl.c:546: warning: initialization makes pointer from integer
without a cast
tls-openssl.c:552: error: 'SSL_TLSEXT_ERR_OK' undeclared (first use in this
function)
tls-openssl.c:574: error: 'SSL_TLSEXT_ERR_NOACK' undeclared (first use in
this function)
tls-openssl.c:584: warning: implicit declaration of function
'SSL_CTX_set_tlsext_servername_callback'
tls-openssl.c:585: warning: implicit declaration of function
'SSL_CTX_set_tlsext_servername_arg'
tls-openssl.c:605: warning: implicit declaration of function
'SSL_set_SSL_CTX'
tls-openssl.c: In function 'tls_client_start':
tls-openssl.c:1244: warning: implicit declaration of function
'SSL_set_tlsext_host_name'
make[1]: *** [tls.o] Error 1
make[1]: Leaving directory
`/home/tlyons/RPM/BUILD/exim-4.80_RC2/build-Linux-x86_64'
make: *** [all] Error 2
Do we need to add some detection of openssl version or is this also going
to be a backwards incompatible change?
...Todd
--
Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. -- Martin Golding