OpenWrt – Blame information for rev 4
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
4 | office | 1 | From 7c90c93c0b061da81f69fabdd57125b2783c15fb Mon Sep 17 00:00:00 2001 |
2 | From: Bernard Spil <brnrd@FreeBSD.org> |
||
3 | Date: Mon, 2 Apr 2018 19:04:06 +0200 |
||
4 | Subject: [PATCH] openssl: fix build with LibreSSL 2.7 |
||
5 | |||
6 | - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API |
||
7 | |||
8 | Fixes #2319 |
||
9 | Closes #2447 |
||
10 | Closes #2448 |
||
11 | |||
12 | Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> |
||
13 | --- |
||
14 | lib/vtls/openssl.c | 15 +++++++++------ |
||
15 | 1 file changed, 9 insertions(+), 6 deletions(-) |
||
16 | |||
17 | --- a/Utilities/cmcurl/lib/vtls/openssl.c |
||
18 | +++ b/Utilities/cmcurl/lib/vtls/openssl.c |
||
19 | @@ -104,7 +104,8 @@ |
||
20 | #endif |
||
21 | |||
22 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \ |
||
23 | - !defined(LIBRESSL_VERSION_NUMBER) |
||
24 | + !(defined(LIBRESSL_VERSION_NUMBER) && \ |
||
25 | + LIBRESSL_VERSION_NUMBER < 0x20700000L) |
||
26 | #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER |
||
27 | #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */ |
||
28 | #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ |
||
29 | @@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num |
||
30 | #endif |
||
31 | |||
32 | #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \ |
||
33 | - !defined(LIBRESSL_VERSION_NUMBER) |
||
34 | + !(defined(LIBRESSL_VERSION_NUMBER) && \ |
||
35 | + LIBRESSL_VERSION_NUMBER < 0x20700000L) |
||
36 | #define HAVE_X509_GET0_SIGNATURE 1 |
||
37 | #endif |
||
38 | |||
39 | @@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num |
||
40 | * Whether SSL_CTX_set_keylog_callback is available. |
||
41 | * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287 |
||
42 | * BoringSSL: supported since d28f59c27bac (committed 2015-11-19) |
||
43 | - * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it |
||
44 | + * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it |
||
45 | * lies and pretends to be OpenSSL 2.0.0). |
||
46 | */ |
||
47 | #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ |
||
48 | @@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl, |
||
49 | if(!session || !keylog_file_fp) |
||
50 | return; |
||
51 | |||
52 | -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
||
53 | +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ |
||
54 | + !(defined(LIBRESSL_VERSION_NUMBER) && \ |
||
55 | + LIBRESSL_VERSION_NUMBER < 0x20700000L) |
||
56 | /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that |
||
57 | * we have a valid SSL context if we have a non-NULL session. */ |
||
58 | SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); |
||
59 | @@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struc |
||
60 | case CURL_SSLVERSION_TLSv1_2: |
||
61 | case CURL_SSLVERSION_TLSv1_3: |
||
62 | /* it will be handled later with the context options */ |
||
63 | -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ |
||
64 | - !defined(LIBRESSL_VERSION_NUMBER) |
||
65 | +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
||
66 | req_method = TLS_client_method(); |
||
67 | #else |
||
68 | req_method = SSLv23_client_method(); |