From: Theo Buehler <tb@theobuehler.org>
Subject: Re: [PATCH] libressl: Clean up OPENSSL_NO_xxx
To: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Cc: tech@openbsd.org
Date: Wed, 26 Feb 2025 10:10:20 +0100

On Wed, Feb 26, 2025 at 05:52:19PM +0900, Kenjiro Nakayama wrote:
> This patch removes unnecessary OPENSS_NO_xxx such as OPENSSL_NO_LHASH,
> OPENSSL_NO_STACK and OPENSSL_NO_X509.

Thanks. In what sense are they unnecessary? For example, ssl.h requires
x509.h because ssl.h uses STACK_OF(X509) which is declared in x509.h:

x509/x509.h:151:DECLARE_STACK_OF(X509)

so it should include it directly.

While I agree with some of the other changes, the problem with committing
such a diff is that applications might rely on such implicit inclusions
and thus fail to compile. For example, err.h used to depend on lhash and
it is difficult to know whether some application out there relied on that.

So the cost of doing this might well outweigh the benefit.