On 07/30/2017 01:05 AM, yla...@apache.org wrote:
> Author: ylavic
> Date: Sat Jul 29 23:05:02 2017
> New Revision: 1803396
> 
> URL: http://svn.apache.org/viewvc?rev=1803396&view=rev
> Log:
> mod_ssl, ab: compatibility with LibreSSL.  PR 61184.
> 
> LibreSSL defines OPENSSL_VERSION_NUMBER = 2.0, but is not compatible with
> all of the latest OpenSSL 1.1 API.
> 
> Address this by defining MODSSL_USE_OPENSSL_PRE_1_1_API which is true for
> anything but OpenSSL >= 1.1 (for now).
> 
> Proposed by: Bernard Spil <brnrd freebsd.org>
> Reviewed by: ylavic
> 
> 
> Modified:
>     httpd/httpd/trunk/modules/ssl/mod_ssl.c
>     httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
>     httpd/httpd/trunk/modules/ssl/ssl_private.h
>     httpd/httpd/trunk/modules/ssl/ssl_util.c
>     httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
>     httpd/httpd/trunk/support/ab.c
> 

> Modified: httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c?rev=1803396&r1=1803395&r2=1803396&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c Sat Jul 29 23:05:02 2017
> @@ -32,7 +32,7 @@ static apr_status_t verify_signature(sct
>          return APR_EINVAL;
>      }
>  
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here?

>      ctx = EVP_MD_CTX_create();
>  #else
>      ctx = EVP_MD_CTX_new();
> @@ -41,7 +41,7 @@ static apr_status_t verify_signature(sct
>      ap_assert(1 == EVP_VerifyUpdate(ctx, sctf->signed_data,
>                                      sctf->signed_data_len));
>      rc = EVP_VerifyFinal(ctx, sctf->sig, sctf->siglen, pkey);
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here?

>      EVP_MD_CTX_destroy(ctx);
>  #else
>      EVP_MD_CTX_free(ctx);
> 

Regards

RĂ¼diger

Reply via email to