[PATCH] BUILD/MEDIUM: Fixing the build using LibreSSL

Mon, 12 Dec 2016 14:05:06 -0800 

Fixing the build using LibreSSL as OpenSSL implementation.
Currently, LibreSSL 2.4.4 provides the same API of OpenSSL 1.0.1x,
but it redefine the OpenSSL version number as 2.0.x, breaking all
checks with OpenSSL 1.1.x.
The patch solves the issue checking the definition of the symbol
LIBRESSL_VERSION_NUMBER when Openssl 1.1.x features are requested.

--- include/proto/openssl-compat.h.orig	2016-12-07 14:48:03 UTC
+++ include/proto/openssl-compat.h
@@ -86,7 +86,7 @@ static inline int X509_PUBKEY_get0_param
 
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
 /*
  * Functions introduced in OpenSSL 1.1.0
  */

--- src/ssl_sock.c.orig	2016-12-07 14:47:29 UTC
+++ src/ssl_sock.c
@@ -1790,7 +1790,7 @@ static int ssl_sock_add_cert_sni(SSL_CTX
 /* The following code is used for loading multiple crt files into
  * SSL_CTX's based on CN/SAN
  */
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
 /* This is used to preload the certifcate, private key
  * and Cert Chain of a file passed in via the crt
  * argument
@@ -3524,7 +3524,7 @@ int ssl_sock_handshake(struct connection
 					conn->flags &= ~CO_FL_WAIT_L4_CONN;
 				if (!conn->err_code) {
 					int empty_handshake;
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
 					OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
 					empty_handshake = state == TLS_ST_BEFORE;
 #else
@@ -3594,7 +3594,7 @@ int ssl_sock_handshake(struct connection
 			return 0;
 		}
 		else if (ret == SSL_ERROR_SYSCALL) {
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
 			OSSL_HANDSHAKE_STATE state;
 #endif
 			int empty_handshake;
@@ -3602,7 +3602,7 @@ int ssl_sock_handshake(struct connection
 			if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
 				conn->flags &= ~CO_FL_WAIT_L4_CONN;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
 			state = SSL_get_state((SSL *)conn->xprt_ctx);
 			empty_handshake = state == TLS_ST_BEFORE;
 #else

Reply via email to