On Thu, 19 Dec 2019 at 21:54, Rosen Penev <ros...@gmail.com> wrote: > > LIBRESSL_VERSION_NUMBER evaluates to 0 under OpenSSL, making the condition > always true. Check for the define before checking it. > > Signed-off-by: Rosen Penev <ros...@gmail.com> > --- > v3: Added BoringSSL support > v2: Switched to HA_OPENSSL_VERSION_NUMBER as it's cleaner. > include/common/openssl-compat.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h > index 25102fbe3..31971bd9e 100644 > --- a/include/common/openssl-compat.h > +++ b/include/common/openssl-compat.h > @@ -278,7 +278,8 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey) > #define TLSEXT_signature_ecdsa 3 > #endif > > -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < > 0x20700000L) > +#if ((HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER < > 0x2070000fL)) ||\ > + defined(OPENSSL_IS_BORINGSSL) > #define X509_getm_notBefore X509_get_notBefore > #define X509_getm_notAfter X509_get_notAfter > #endif > -- > 2.23.0
Ack. Should be backported to 1.9. lukas