From 7bc932a9059bafb5d12b28bc24f8075ec195f7f5 Mon Sep 17 00:00:00 2001
From: rim <11380091+rozhuk-im@users.noreply.github.com>
Date: Mon, 15 May 2023 02:38:58 +0300
Subject: [PATCH] Fix build with libressl 3.6+ (#1198)

Tested on FreeBSD 13/stable
---
 src/apps/relay/mainrelay.c             | 7 ++-----
 src/apps/relay/mainrelay.h             | 2 +-
 src/apps/relay/netengine.c             | 3 ++-
 src/apps/relay/ns_ioalib_engine_impl.c | 8 +++-----
 4 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index e1920d68..6892865c 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -43,10 +43,7 @@
 #define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
 #endif
 
-#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
-#undef OPENSSL_VERSION_NUMBER
-#define OPENSSL_VERSION_NUMBER 0x1000107FL
-#elif (!defined OPENSSL_VERSION_1_1_1)
+#if (!defined OPENSSL_VERSION_1_1_1)
 #define OPENSSL_VERSION_1_1_1 0x10101000L
 #endif
 
@@ -3528,7 +3525,7 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
 
   if (!(turn_params.cipher_list[0])) {
     strncpy(turn_params.cipher_list, DEFAULT_CIPHER_LIST, TURN_LONG_STRING_SIZE);
-#if TLSv1_3_SUPPORTED
+#if defined(DEFAULT_CIPHERSUITES)
     strncat(turn_params.cipher_list, ":", TURN_LONG_STRING_SIZE - strlen(turn_params.cipher_list));
     strncat(turn_params.cipher_list, DEFAULT_CIPHERSUITES, TURN_LONG_STRING_SIZE - strlen(turn_params.cipher_list));
 #endif
diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
index b150959c..ccaf6c92 100644
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@@ -109,7 +109,7 @@ extern "C" {
 #endif
 #else
 #define DEFAULT_CIPHER_LIST "DEFAULT"
-#if TLSv1_3_SUPPORTED
+#if TLSv1_3_SUPPORTED && defined(TLS_DEFAULT_CIPHERSUITES)
 #define DEFAULT_CIPHERSUITES TLS_DEFAULT_CIPHERSUITES
 #endif
 #endif
diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c
index 3e0334c2..f5fc8783 100644
--- a/src/apps/relay/netengine.c
+++ b/src/apps/relay/netengine.c
@@ -31,7 +31,8 @@
 #include "mainrelay.h"
 
 //////////// Backward compatibility with OpenSSL 1.0.x //////////////
-#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L ||                                                                           \
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3040000fL))
 #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
 #endif
 
diff --git a/src/apps/relay/ns_ioalib_engine_impl.c b/src/apps/relay/ns_ioalib_engine_impl.c
index d521eef4..2aa71963 100644
--- a/src/apps/relay/ns_ioalib_engine_impl.c
+++ b/src/apps/relay/ns_ioalib_engine_impl.c
@@ -1364,13 +1364,11 @@ static void set_socket_ssl(ioa_socket_handle s, SSL *ssl) {
       SSL_set_app_data(ssl, s);
       SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
       SSL_set_options(ssl,
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-                      SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-#endif
-#else
 #if defined(SSL_OP_NO_RENEGOTIATION)
                       SSL_OP_NO_RENEGOTIATION
+#else
+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+                      SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
 #endif
 #endif
       );