Le 28/08/2019 à 18:19, Stefan Strogin a écrit :
LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
See also: https://bugs.gentoo.org/668060
---
modules/ssl/ssl_engine_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 73ab07d64b..63ecf4cc48 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
modssl_pk_proxy_t *pkp = mctx->pkp;
STACK_OF(X509) *chain;
X509_STORE_CTX *sctx;
X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
/* For OpenSSL >=1.1.1, turn on client cert support which is
* otherwise turned off by default (by design).
* https://github.com/openssl/openssl/issues/6933 */
SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
#endif
Hi Stefan,
Thanks for the patch.
in order to avoid loosing tracks of patches, our bugzilla is a much
better place for submitting patches? Otherwise, it is likely to get
forgotten in the mail flow of the list.
See [1].
Best regards.
CJ
[1]: https://httpd.apache.org/dev/patches.html#submitting-your-patch
