From 578b169dcb653feb74d827238b879217b7220b89 Mon Sep 17 00:00:00 2001 From: Luca Pizzamiglio Date: Mon, 12 Dec 2016 10:56:56 +0100 Subject: [PATCH] BUILD/MEDIUM: Fixing the build using LibreSSL Fixing the build using LibreSSL as OpenSSL implementation. Currently, LibreSSL 2.4.4 provides the same API of OpenSSL 1.0.1x, but it redefine the OpenSSL version number as 2.0.x, breaking all checks with OpenSSL 1.1.x. The patch solves the issue checking the definition of the symbol LIBRESSL_VERSION_NUMBER when Openssl 1.1.x features are requested. --- include/proto/openssl-compat.h | 4 ++-- src/ssl_sock.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h index b137e7a1f..5a31f02f0 100644 --- a/include/proto/openssl-compat.h +++ b/include/proto/openssl-compat.h @@ -86,9 +86,9 @@ static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned ch #endif -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) /* - * Functions introduced in OpenSSL 1.1.0 + * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL */ static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index baaa0a107..0a06adbbe 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1790,7 +1790,7 @@ static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, char *name, /* The following code is used for loading multiple crt files into * SSL_CTX's based on CN/SAN */ -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL +#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER) /* This is used to preload the certifcate, private key * and Cert Chain of a file passed in via the crt * argument @@ -3524,7 +3524,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) conn->flags &= ~CO_FL_WAIT_L4_CONN; if (!conn->err_code) { int empty_handshake; -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); empty_handshake = state == TLS_ST_BEFORE; #else @@ -3594,7 +3594,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) return 0; } else if (ret == SSL_ERROR_SYSCALL) { -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) OSSL_HANDSHAKE_STATE state; #endif int empty_handshake; @@ -3602,7 +3602,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) if (!errno && conn->flags & CO_FL_WAIT_L4_CONN) conn->flags &= ~CO_FL_WAIT_L4_CONN; -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) state = SSL_get_state((SSL *)conn->xprt_ctx); empty_handshake = state == TLS_ST_BEFORE; #else