On Mon, Apr 13, 2026 at 12:11:38PM +0200, Theo Buehler wrote:
> This adds two compat implementations for the OpenSSL 4 API that is
> required to deal with opaque strings. This API will eventually land in
> libcrypto but I did not manage to do that in this cycle for various
> reasons.

OK job@

one question below

> Once LibreSSL provides this, the file will move to portable, but for
> now this way is simplest to ensure that rpki-client as expected with all
> libcrypto versions we care about.
> 
> I did not guard the prototypes in extern.h because there's no need.
> 
> The openssl bit in regress isn't for commit. I did it this way to keep
> the diff small if anyone wants to test that. You'll need to build and
> install the security/openssl/4.0 and security/openssl/libretls4 ports.

with the regress piece in my tree, i didn't seem to need libretls4 to
run make in /usr/src/regress/usr.sbin/rpki-client/openssl/ - are you and
I testing something else? :)