Re: [PATCHES] Add support for LibreSSL 2.5.1

Piotr Kubaj Tue, 14 Mar 2017 07:35:05 -0700

I have reworked the patches, so that they don't cause any warning to appear.


-- 
 _____________________________________ 
/ In real love you want the other     \
| person's good. In romantic love you |
| want the other person.              |
|                                     |
\ -- Margaret Anderson                /
 ------------------------------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

--- include/proto/openssl-compat.h.orig	2017-03-14 14:25:36 UTC
+++ include/proto/openssl-compat.h
@@ -183,7 +183,7 @@ static inline int EVP_PKEY_base_id(EVP_P
 #endif
 
 /* This function does nothing in 1.1.0 and doesn't exist in boringssl */
-#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (LIBRESSL_VERSION_NUMBER < 0x2050100fL) && (defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
 #undef  SSL_CTX_set_ecdh_auto
 #define SSL_CTX_set_ecdh_auto(ctx, onoff)
 #endif

--- src/ssl_sock.c.orig	2017-03-13 17:26:05 UTC
+++ src/ssl_sock.c
@@ -768,7 +768,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
 	unsigned char *p;
 	pem_password_cb *passwd_cb;
 	void *passwd_cb_userdata;
-	void (*callback) (void);
+	void (*callback) (void) = NULL;
 
 	snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
 
@@ -841,10 +841,14 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
 	if (iocsp == ocsp)
 		ocsp = NULL;
 
-#ifndef SSL_CTX_get_tlsext_status_cb
-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
-	*cb = (void (*) (void))ctx->tlsext_status_cb;
+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
 #endif
+
+#ifndef SSL_CTX_get_tlsext_status_arg
+	long temp_callback = SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, 0, callback);
+	callback = (void*) &temp_callback;
+#else
 	SSL_CTX_get_tlsext_status_cb(ctx, &callback);
 
 	if (!callback) {
@@ -871,7 +875,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
 		int key_type;
 		EVP_PKEY *pkey;
 
-#ifdef SSL_CTX_get_tlsext_status_arg
+#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER)
+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
+#endif
 		SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
 #else
 		cb_arg = ctx->tlsext_status_arg;
@@ -4146,7 +4153,7 @@ int ssl_sock_handshake(struct connection
 					OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
 					empty_handshake = state == TLS_ST_BEFORE;
 #else
-					empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
+					empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
 #endif
 					if (empty_handshake) {
 						if (!errno) {
@@ -5683,7 +5690,7 @@ smp_fetch_ssl_fc_cl_xxh64(const struct a
 static int
 smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_SSL_TRACE)
+#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(OPENSSL_NO_SSL_TRACE) && !defined(LIBRESSL_VERSION_NUMBER)
 	struct chunk *data;
 	SSL_CIPHER cipher;
 	int i;

signature.asc
Description: PGP signature

Re: [PATCHES] Add support for LibreSSL 2.5.1

Reply via email to