On 07/30/2017 01:05 AM, [email protected] wrote: > Author: ylavic > Date: Sat Jul 29 23:05:02 2017 > New Revision: 1803396 > > URL: http://svn.apache.org/viewvc?rev=1803396&view=rev > Log: > mod_ssl, ab: compatibility with LibreSSL. PR 61184. > > LibreSSL defines OPENSSL_VERSION_NUMBER = 2.0, but is not compatible with > all of the latest OpenSSL 1.1 API. > > Address this by defining MODSSL_USE_OPENSSL_PRE_1_1_API which is true for > anything but OpenSSL >= 1.1 (for now). > > Proposed by: Bernard Spil <brnrd freebsd.org> > Reviewed by: ylavic > > > Modified: > httpd/httpd/trunk/modules/ssl/mod_ssl.c > httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c > httpd/httpd/trunk/modules/ssl/ssl_engine_init.c > httpd/httpd/trunk/modules/ssl/ssl_engine_io.c > httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c > httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c > httpd/httpd/trunk/modules/ssl/ssl_private.h > httpd/httpd/trunk/modules/ssl/ssl_util.c > httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h > httpd/httpd/trunk/support/ab.c >
> Modified: httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c?rev=1803396&r1=1803395&r2=1803396&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c Sat Jul 29 23:05:02 2017 > @@ -32,7 +32,7 @@ static apr_status_t verify_signature(sct > return APR_EINVAL; > } > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here? > ctx = EVP_MD_CTX_create(); > #else > ctx = EVP_MD_CTX_new(); > @@ -41,7 +41,7 @@ static apr_status_t verify_signature(sct > ap_assert(1 == EVP_VerifyUpdate(ctx, sctf->signed_data, > sctf->signed_data_len)); > rc = EVP_VerifyFinal(ctx, sctf->sig, sctf->siglen, pkey); > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here? > EVP_MD_CTX_destroy(ctx); > #else > EVP_MD_CTX_free(ctx); > Regards RĂ¼diger
