aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2016-11-07 09:51:06 +0200
committerTimo Teräs <timo.teras@iki.fi>2016-11-07 09:51:06 +0200
commit4a4776379ec19429dda0153467b4efdae4fe1bb5 (patch)
tree3dd9ff8d14278d913fac242219583eb44a15af0a /main
parentbfbbc4254ea59cb538d4ea741bccc1aa93709df4 (diff)
downloadaports-4a4776379ec19429dda0153467b4efdae4fe1bb5.tar.bz2
aports-4a4776379ec19429dda0153467b4efdae4fe1bb5.tar.xz
main/strongswan: fix libressl support, remove deprecated patch
Diffstat (limited to 'main')
-rw-r--r--main/strongswan/2002-vici-add-deprecated-async-parameter.patch49
-rw-r--r--main/strongswan/APKBUILD12
-rw-r--r--main/strongswan/libressl.patch201
3 files changed, 200 insertions, 62 deletions
diff --git a/main/strongswan/2002-vici-add-deprecated-async-parameter.patch b/main/strongswan/2002-vici-add-deprecated-async-parameter.patch
deleted file mode 100644
index 577532867c..0000000000
--- a/main/strongswan/2002-vici-add-deprecated-async-parameter.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d3c1585742909cbf306da1bf489b7f1560e8dab5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Mon, 21 Sep 2015 13:42:15 +0300
-Subject: [PATCH 5/5] vici: add (deprecated) async parameter
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is obsoleted by the new "timeout=-1" option that achieves
-the same. Only for compatibility with old versions of quagga-nhrp.
-
-Signed-off-by: Timo Teräs <timo.teras@iki.fi>
----
- src/libcharon/plugins/vici/vici_control.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
-index 55b8c99..eba7640 100644
---- a/src/libcharon/plugins/vici/vici_control.c
-+++ b/src/libcharon/plugins/vici/vici_control.c
-@@ -195,7 +195,7 @@ CALLBACK(initiate, vici_message_t*,
- host_t *my_host = NULL, *other_host = NULL;
- char *child, *ike, *my_host_str, *other_host_str;
- int timeout;
-- bool limits;
-+ bool limits, async;
- controller_cb_t log_cb = NULL;
- log_info_t log = {
- .dispatcher = this->dispatcher,
-@@ -206,6 +206,7 @@ CALLBACK(initiate, vici_message_t*,
- ike = request->get_str(request, NULL, "ike");
- timeout = request->get_int(request, 0, "timeout");
- limits = request->get_bool(request, FALSE, "init-limits");
-+ async = request->get_bool(request, FALSE, "async");
- log.level = request->get_int(request, 1, "loglevel");
- my_host_str = request->get_str(request, NULL, "my-host");
- other_host_str = request->get_str(request, NULL, "other-host");
-@@ -214,7 +215,7 @@ CALLBACK(initiate, vici_message_t*,
- {
- return send_reply(this, "missing configuration name");
- }
-- if (timeout >= 0)
-+ if (timeout >= 0 && !async)
- {
- log_cb = (controller_cb_t)log_vici;
- }
---
-2.5.0
-
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 18c07cf5ea..72d5e34d75 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.5.1
_pkgver=${pkgver//_rc/rc}
-pkgrel=0
+pkgrel=1
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -22,7 +22,6 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-for-individual-sa-state-changes.patch
2001-support-gre-key-in-ikev1.patch
- 2002-vici-add-deprecated-async-parameter.patch
libressl.patch
strongswan.initd
@@ -119,8 +118,7 @@ dc38d5a2e8bf98e3137cc5608d4d1392 1001-charon-add-optional-source-and-remote-ove
1d174dd2c9fcfdc9e2260a249395ab8d 1002-vici-send-certificates-for-ike-sa-events.patch
167c525d4945d4e9a36fe75aabbbb895 1003-vici-add-support-for-individual-sa-state-changes.patch
97bb0e061ba1576bab0e053afc2a4a72 2001-support-gre-key-in-ikev1.patch
-31f4bda273d364095e9e6167da417e08 2002-vici-add-deprecated-async-parameter.patch
-3e64f8272f98199234b5ea98748090a7 libressl.patch
+360c16bcd6c03505b4f3ca308dd4932d libressl.patch
72a956819c451931d3d31a528a0d1b9c strongswan.initd
a7993f28e4eacc61f51722044645587e charon.initd"
sha256sums="720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7 strongswan-5.5.1.tar.bz2
@@ -129,8 +127,7 @@ sha256sums="720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7 st
e2de070bdb5fd9e19d02d18829ad9684e3a9fa64f0bc45015249c7f1f738f7be 1002-vici-send-certificates-for-ike-sa-events.patch
c92a8641093e343f1f652213fb4469622a82f9f3c759e065b2b553ef3cf8cfec 1003-vici-add-support-for-individual-sa-state-changes.patch
f038cadddde9f0ea2f36df03f81445b2f6a6d6b09cf4a21bfcdb61c62706a66b 2001-support-gre-key-in-ikev1.patch
-fec398ec01dbc3f10693ec128b0f39b90284c89ae65cad6230fd277e6f67e023 2002-vici-add-deprecated-async-parameter.patch
-0ed364080e84f58915548c2ea9812fe7c354bdcf3c640fabe24e47ae58fa61ba libressl.patch
+c2e94e169bd5923fe90f4cfdd2568b0bc6accd8fb9c1a32a07e795dd8a3fe7f9 libressl.patch
fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4 strongswan.initd
7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a charon.initd"
sha512sums="051352a941a02ae227f3a7d4ee9d6d5651daa0fb4d01b7086c3bb18815ea94f63b5f94f29e6ef46ef3360666f7c95936cbfde9393d6a0c677de64850056519b9 strongswan-5.5.1.tar.bz2
@@ -139,7 +136,6 @@ e97382673d807dc09a64c617af4ec4879386cfab9ebcc843ee517388c5cedca6fc37f3df2649dd5b
f1aa4eed2258527dcc787ef41af7fdb9d6eb83e18d1ac2d8eebace47d0f41d5b719f80508691f271e67f2fac2f041b57a02cfea4a289eb38b3619c3ae2e18b9a 1002-vici-send-certificates-for-ike-sa-events.patch
9c94dd2063265581aff60960f795e7e5a7f8992dfb875d2bceff8028ae1c45afd6ec48a0729a0da14e86245b5017c85cdd33b1baa5b7faff4edc1783b5ffedcc 1003-vici-add-support-for-individual-sa-state-changes.patch
1544a409ad08f46a5dffbe3b4e8cf0e973c58140bf225f7c4e9b29be7fe6178f63d73730d1b2f7a755ed0d5dc09ee9fa0a08ac35761b01c5914d9bde1044ce7a 2001-support-gre-key-in-ikev1.patch
-769536476e941882c3a244b3c47eb4cc8ab1ec026862acfa1e00469114b532f8965890b21ff2e9e129778ead9b273ce47923b9bc0e788be3c0292023f5a32ee5 2002-vici-add-deprecated-async-parameter.patch
-d51b39ab2bc6f8771da3f1ade959db35576ad94c8a55dc082b211405e02109b060e687dff5c696b4e8b4232800b5a39752bb2982003eb9a4c066dc9d529106a8 libressl.patch
+8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4 libressl.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd"
diff --git a/main/strongswan/libressl.patch b/main/strongswan/libressl.patch
index b01eff3e4a..9973b20cee 100644
--- a/main/strongswan/libressl.patch
+++ b/main/strongswan/libressl.patch
@@ -1,8 +1,133 @@
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 3e3b986..ada218c 100644
---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -573,7 +573,7 @@ plugin_t *openssl_plugin_create()
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c 2016-06-30 17:20:10.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c 2016-11-07 09:43:34.386040269 +0200
+@@ -46,7 +46,7 @@
+ #include <collections/enumerator.h>
+ #include <credentials/certificates/x509.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+ if (psig) { *psig = crl->signature; }
+ if (palg) { *palg = crl->sig_alg; }
+@@ -281,7 +281,7 @@
+ return FALSE;
+ }
+ /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
+ #else
+ tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
+@@ -524,7 +524,7 @@
+
+ X509_CRL_get0_signature(NULL, &alg, this->crl);
+ X509_ALGOR_get0(&oid, NULL, NULL, alg);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ if (!chunk_equals(
+ openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm),
+ openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm)))
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c 2016-06-30 17:20:10.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c 2016-11-07 09:43:49.292891861 +0200
+@@ -27,7 +27,7 @@
+ #include <utils/debug.h>
+
+ /* these were added with 1.1.0 when DH was made opaque */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key)
+ OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g)
+ #define DH_set_length(dh, len) ({ (dh)->length = len; 1; })
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c 2016-10-08 15:17:09.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c 2016-11-07 09:43:54.582957491 +0200
+@@ -28,7 +28,7 @@
+ #include <openssl/ecdsa.h>
+ #include <openssl/x509.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
+ #endif
+
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c 2016-06-30 17:20:10.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c 2016-11-07 09:43:58.653007980 +0200
+@@ -27,7 +27,7 @@
+ #include <openssl/ecdsa.h>
+ #include <openssl/x509.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
+ #endif
+
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c 2016-06-30 17:20:10.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c 2016-11-07 09:44:46.043595875 +0200
+@@ -70,7 +70,7 @@
+ */
+ HMAC_CTX *hmac;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /**
+ * Static context for OpenSSL < 1.1.0
+ */
+@@ -140,7 +140,7 @@
+ METHOD(mac_t, destroy, void,
+ private_mac_t *this)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ HMAC_CTX_free(this->hmac);
+ #else
+ HMAC_CTX_cleanup(&this->hmac_ctx);
+@@ -178,7 +178,7 @@
+ return NULL;
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ this->hmac = HMAC_CTX_new();
+ #else
+ HMAC_CTX_init(&this->hmac_ctx);
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c 2016-07-08 11:57:18.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c 2016-11-07 09:44:58.337081716 +0200
+@@ -29,7 +29,7 @@
+
+ #include <openssl/cms.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; })
+ #endif
+
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-10-08 15:17:09.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-11-07 09:45:31.187489232 +0200
+@@ -68,7 +68,7 @@
+ /**
+ * OpenSSL is thread-safe since 1.1.0
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ /**
+ * Array of static mutexs, with CRYPTO_num_locks() mutex
+@@ -568,7 +568,7 @@
+ /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
+ * can't call it as we couldn't re-initialize the library (as required by the
+ * unit tests and the Android app) */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_IS_BORINGSSL
+ CONF_modules_free();
+ OBJ_cleanup();
+@@ -623,7 +623,7 @@
},
);
@@ -11,3 +136,69 @@ index 3e3b986..ada218c 100644
/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
* as we couldn't initialize the library again afterwards */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c 2016-10-08 15:17:09.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c 2016-11-07 09:45:57.407814497 +0200
+@@ -36,7 +36,7 @@
+ */
+ #define PUBLIC_EXPONENT 0x10001
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+ OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
+ OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c 2016-09-27 11:40:31.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c 2016-11-07 09:46:02.771214366 +0200
+@@ -28,7 +28,7 @@
+ #include <openssl/rsa.h>
+ #include <openssl/x509.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+ #endif
+
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c 2016-06-30 17:20:10.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c 2016-11-07 09:46:15.918044119 +0200
+@@ -23,7 +23,7 @@
+ #include <openssl/x509.h>
+
+ /* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define OBJ_get0_data(o) ((o)->data)
+ #define OBJ_length(o) ((o)->length)
+ #endif
+diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c
+--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c 2016-06-30 17:20:10.000000000 +0300
++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c 2016-11-07 09:46:51.818489485 +0200
+@@ -61,7 +61,7 @@
+ #endif
+
+ /* added with 1.0.2 */
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) {
+ if (psig) { *psig = x->signature; }
+ if (palg) { *palg = x->sig_alg; }
+@@ -69,7 +69,7 @@
+ #endif
+
+ /* added with 1.1.0 when X509 etc. was made opaque */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; })
+ #define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; })
+ #define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
+@@ -434,7 +434,7 @@
+ return FALSE;
+ }
+ /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ tbs = openssl_i2chunk(re_X509_tbs, this->x509);
+ #else
+ tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);