1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
$OpenBSD: patch-src_modules_tls_tls_init_c,v 1.1 2017/07/03 22:14:20 sthen Exp $
Index: a/src/modules/tls/tls_init.c
--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
@@ -139,7 +139,7 @@ const SSL_METHOD* ssl_methods[TLS_METHOD_MAX];
*/
-
+#ifndef LIBRESSL_VERSION_NUMBER
inline static char* buf_append(char* buf, char* end, char* str, int str_len)
{
if ( (buf+str_len)<end){
@@ -317,6 +317,7 @@ static void ser_free(void *ptr, const char *fname, int
}
#endif
+#endif /* LIBRESSL_VERSION_NUMBER */
/*
* Initialize TLS socket
@@ -360,7 +361,7 @@ static void init_ssl_methods(void)
ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
/* only specific SSL or TLS version */
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
#ifndef OPENSSL_NO_SSL2
ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
@@ -378,13 +379,13 @@ static void init_ssl_methods(void)
ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
@@ -393,11 +394,11 @@ static void init_ssl_methods(void)
/* ranges of TLS versions (require a minimum TLS version) */
ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS;
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
#endif
}
@@ -408,6 +409,7 @@ static void init_ssl_methods(void)
*/
static int init_tls_compression(void)
{
+#ifndef LIBRESSL_VERSION_NUMBER
#if OPENSSL_VERSION_NUMBER < 0x010100000L
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
int n, r;
@@ -494,6 +496,7 @@ static int init_tls_compression(void)
end:
#endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */
#endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */
+#endif /* LIBRESSL_VERSION_NUMBER */
return 0;
}
@@ -504,6 +507,7 @@ end:
*/
int tls_pre_init(void)
{
+#ifndef LIBRESSL_VERSION_NUMBER
#if OPENSSL_VERSION_NUMBER < 0x010100000L
void *(*mf)(size_t) = NULL;
void *(*rf)(void *, size_t) = NULL;
@@ -530,6 +534,7 @@ int tls_pre_init(void)
" (can be loaded first to be safe)\n");
return -1;
}
+#endif /* LIBRESSL_VERSION_NUMBER */
if (tls_init_locks()<0)
return -1;
@@ -563,7 +568,7 @@ int init_tls_h(void)
{
/*struct socket_info* si;*/
long ssl_version;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
int lib_kerberos;
int lib_zlib;
int kerberos_support;
@@ -607,7 +612,7 @@ int init_tls_h(void)
}
/* check kerberos support using compile flags only for version < 1.1.0 */
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
#ifdef TLS_KERBEROS_SUPPORT
kerberos_support=1;
|
