Author: brane
Date: Sun Jan 4 17:45:33 2026
New Revision: 1931107
Log:
Fix warnings and errors when building with LibreSSL and OpenSSL 1.1.1w.
* buckets/ssl_buckets.c
(ssl_x509_ex_data_idx): Make conditional on SERF_HAVE_OSSL_STORE_OPEN_EX.
* test/test_ssl.c
(client_cert_uri_conn_setup): Likewise, make conditional.
(SERF__OPENSSL_VERSION_PREREQ): Define this macro to expand to false if
OPENSSL_VERSION_PREREQ is not defined, otherwise make it an alias.
(test_ssl_revoked_server_cert,
test_ssl_ocsp_verify_response_no_signer): Use our new ...PREREQ macro
instead of the previous invalid usage that broke compiling with older
versions of OpenSSL.
Modified:
serf/trunk/buckets/ssl_buckets.c
serf/trunk/test/test_ssl.c
Modified: serf/trunk/buckets/ssl_buckets.c
==============================================================================
--- serf/trunk/buckets/ssl_buckets.c Sun Jan 4 15:15:46 2026
(r1931106)
+++ serf/trunk/buckets/ssl_buckets.c Sun Jan 4 17:45:33 2026
(r1931107)
@@ -126,7 +126,9 @@ DEFINE_STACK_OF(EVP_PKEY)
*
*/
+#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)
static int ssl_x509_ex_data_idx = -1;
+#endif
typedef struct bucket_list {
serf_bucket_t *bucket;
Modified: serf/trunk/test/test_ssl.c
==============================================================================
--- serf/trunk/test/test_ssl.c Sun Jan 4 15:15:46 2026 (r1931106)
+++ serf/trunk/test/test_ssl.c Sun Jan 4 17:45:33 2026 (r1931107)
@@ -36,6 +36,14 @@
#include <openssl/ocsp.h>
#endif
+/* The OPENSSL_VERSION_PREREQ macro is only available from 3.0 onwards,
+ so we'll "backport" it here for older versions. */
+#ifdef OPENSSL_VERSION_PREREQ
+#define SERF__OPENSSL_VERSION_PREREQ(m, n) OPENSSL_VERSION_PREREQ((m), (n))
+#else
+#define SERF__OPENSSL_VERSION_PREREQ(m, n) (0)
+#endif
+
/* Test setting up the openssl library. */
static void test_ssl_init(CuTest *tc)
{
@@ -1174,6 +1182,7 @@ static void test_ssl_client_certificate(
EndVerify
}
+#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)
static apr_status_t
client_cert_uri_conn_setup(apr_socket_t *skt,
serf_bucket_t **input_bkt,
@@ -1201,6 +1210,7 @@ client_cert_uri_conn_setup(apr_socket_t
return APR_SUCCESS;
}
+#endif
static void test_ssl_client_certificate_uri(CuTest *tc)
{
@@ -1394,7 +1404,7 @@ static void test_ssl_revoked_server_cert
certificate. OpenSSL may call the application multiple times per depth,
e.g. once to tell that the cert is revoked, and a second time to tell
that the certificate itself is valid. */
-#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3, 6)
+#if SERF__OPENSSL_VERSION_PREREQ(3, 6)
/* In OpenSSL 3.6, error handling changed so that only the
first instance of CERT_UNABLE_TO_GET_CRL is reported. */
CuAssertStrEquals(tc,
@@ -2794,7 +2804,7 @@ static void test_ssl_ocsp_verify_respons
{
#ifndef OPENSSL_NO_OCSP
apr_status_t status = verify_ocsp_response(tc, 1, 0, 0, 0);
-#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3, 0)
+#if SERF__OPENSSL_VERSION_PREREQ(3, 0)
/* OCSP responses MUST be signed, and on newer versions of OpenSSL we
can't even create one without a signature. This error doesn't come
from response validation but because OCSP_response_create() fails. */
