$OpenBSD: patch-src_common_h,v 1.1 2016/11/09 23:14:31 gsoares Exp $ --- a/src/common.h.orig Mon Jun 27 04:29:32 2016 +++ b/src/common.h Thu Nov 3 23:57:29 2016 @@ -448,7 +448,7 @@ extern char *sys_errlist[]; #define OPENSSL_NO_TLS1_2 #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) #ifndef OPENSSL_NO_SSL2 #define OPENSSL_NO_SSL2 #endif /* !defined(OPENSSL_NO_SSL2) */ @@ -474,7 +474,7 @@ extern char *sys_errlist[]; #include #ifndef OPENSSL_NO_DH #include -#if OPENSSL_VERSION_NUMBER<0x10100000L +#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); #endif /* OpenSSL older than 1.1.0 */ #endif /* !defined(OPENSSL_NO_DH) */ $OpenBSD: patch-src_ctx_c,v 1.5 2017/09/12 16:15:24 gsoares Exp $ Index: src/ctx.c --- a/src/ctx.c.orig +++ b/src/ctx.c @@ -295,7 +295,7 @@ NOEXPORT int matches_wildcard(char *servername, char * #ifndef OPENSSL_NO_DH -#if OPENSSL_VERSION_NUMBER<0x10100000L +#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { return ctx->cipher_list; } @@ -398,7 +398,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { /**************************************** initialize OpenSSL CONF */ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) SSL_CONF_CTX *cctx; NAME_LIST *curr; char *cmd, *param; $OpenBSD: patch-src_ssl_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $ Index: src/ssl.c --- a/src/ssl.c.orig +++ b/src/ssl.c @@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt; int index_session_authenticated, index_session_connect_address; int ssl_init(void) { /* init TLS before parsing configuration file */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); #else @@ -86,7 +86,7 @@ int ssl_init(void) { /* init TLS before parsing config } #ifndef OPENSSL_NO_DH -#if OPENSSL_VERSION_NUMBER<0x10100000L +#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 * to be linked against the older versions */ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { $OpenBSD: patch-src_sthreads_c,v 1.3 2017/09/12 16:15:24 gsoares Exp $ Index: src/sthreads.c --- a/src/sthreads.c.orig +++ b/src/sthreads.c @@ -216,7 +216,7 @@ void stunnel_rwlock_destroy_debug(struct CRYPTO_dynloc struct CRYPTO_dynlock_value stunnel_locks[STUNNEL_LOCKS]; -#if OPENSSL_VERSION_NUMBER<0x10100004L +#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() #endif $OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $ Index: src/verify.c --- a/src/verify.c.orig +++ b/src/verify.c @@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback cert=X509_STORE_CTX_get_current_cert(callback_ctx); subject=X509_get_subject_name(cert); -#if OPENSSL_VERSION_NUMBER<0x10100006L +#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs #endif /* modern API allows retrieving multiple matching certificates */ --- a/src/options.c +++ b/src/options.c @@ -3656,7 +3656,7 @@ } #endif /* engines can add new algorithms */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); #else