Subject: Re: CVS commit: src/crypto/dist/openssl/ssl
To: None <>
From: Johnny C. Lam <>
List: source-changes
Date: 10/11/2005 14:27:46
Tracy Di Marco White wrote:
> Module Name:	src
> Committed By:	gendalia
> Date:		Tue Oct 11 18:07:40 UTC 2005
> Modified Files:
> 	src/crypto/dist/openssl/ssl: s23_srvr.c
> Log Message:
> fix openssl 2.0 rollback, CAN-2005-2969
> approved by: agc

If we're not going to import OpenSSL 0.9.7h into src, I think we're 
going to need add a preprocessor symbol to <openssl/opensslv.h> so that 
we can distinguish NetBSD's "fixed" openssl-0.9.7g from vanilla 
openssl-0.9.7g.  In the past, we've used the following (see revision of src/crypto/dist/openssl/crypto/opensslv.h):

/* The following macro indicates that this version of OpenSSL
  * contains the security-related diffs between 0.9.6l and 0.9.6m
  * that were pulled up to the netbsd-1-6 branch on 2004-04-01.
#define OPENSSL_HAS_20040401_FIX

So I would imagine we need something similar, e.g. OPENSSL_HAS_20051011_FIX.


	-- Johnny Lam <>