Bug#848652: [Pkg-openssl-devel] Bug#848652: build fails on ppc64el, double free or corruption, stack suggests libssl

[Daniel Pocock]

On 19/12/16 23:05, Kurt Roeckx wrote:

> 
> You should use SSL_COMP_free_compression_methods() so that we can
> put the internal pointer to NULL.
>

Thanks for suggesting that, I notice that method is only available with
OpenSSL 1.0.2 and I'm also trying to build backports for jessie (OpenSSL
1.0.1)

Is there anything I can do that will be 1.0.1 compatible?

Maybe I could also do this:

#if OPENSSL_VERSION_NUMBER < 0x01000200f
  ErrLog(<<"Unable to free compression methods on OpenSSL < 1.0.2");
#else
  SSL_COMP_free_compression_methods()
#endif


so that the code will compile with either OpenSSL version, but people
stuck with an older OpenSSL will potentially have the leak.

I saw some other discussions of this API method in various Github issues:
https://github.com/curl/curl/issues/905
https://github.com/curl/curl/issues/817

Regards,

Daniel