On Thu, Aug 3, 2017 at 9:25 AM, Ruediger Pluem <[email protected]> wrote: > > On 07/30/2017 01:05 AM, [email protected] wrote: >> >> Modified: httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c?rev=1803396&r1=1803395&r2=1803396&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c (original) >> +++ httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c Sat Jul 29 23:05:02 2017 >> @@ -32,7 +32,7 @@ static apr_status_t verify_signature(sct >> return APR_EINVAL; >> } >> >> -#if OPENSSL_VERSION_NUMBER < 0x10100000L >> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > > Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here? > >> ctx = EVP_MD_CTX_create(); >> #else >> ctx = EVP_MD_CTX_new(); >> @@ -41,7 +41,7 @@ static apr_status_t verify_signature(sct >> ap_assert(1 == EVP_VerifyUpdate(ctx, sctf->signed_data, >> sctf->signed_data_len)); >> rc = EVP_VerifyFinal(ctx, sctf->sig, sctf->siglen, pkey); >> -#if OPENSSL_VERSION_NUMBER < 0x10100000L >> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > > Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here?
#including "ssl_private.h" in "ssl_ct_sct.c" doesn't work; the former defines MODSSL_USE_OPENSSL_PRE_1_1 but also APLOG_USE_MODULE(ssl), the latter has AP_DECLARE_MODULE(ssl_ct). There are surely ways to address this, but I don't know how for now... Regards, Yann.
