From b3814c2ca8a8c28a890f8f50e0a35d5247222a12 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Thu, 19 Dec 2019 12:54:13 -0800 Subject: [PATCH] BUG/MINOR: ssl: openssl-compat: Fix getm_ defines LIBRESSL_VERSION_NUMBER evaluates to 0 under OpenSSL, making the condition always true. Check for the define before checking it. Signed-off-by: Rosen Penev [wt: to be backported as far as 1.9] --- include/common/openssl-compat.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h index 25102fbe3..31971bd9e 100644 --- a/include/common/openssl-compat.h +++ b/include/common/openssl-compat.h @@ -278,7 +278,8 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey) #define TLSEXT_signature_ecdsa 3 #endif -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L) +#if ((HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) ||\ + defined(OPENSSL_IS_BORINGSSL) #define X509_getm_notBefore X509_get_notBefore #define X509_getm_notAfter X509_get_notAfter #endif