0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-29 10:12:39 +01:00

Use new TLS method APIs with new LibreSSL

OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits a4c8c827 and 1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.

Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
This commit is contained in:
Aaron Jones 2015-10-23 16:05:33 +00:00
parent 172b58fee9
commit 3ae24413ca
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4

View file

@ -35,6 +35,19 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/opensslv.h>
/*
* This is a mess but what can you do when the library authors
* refuse to play ball with established conventions?
*/
#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
# define LRB_HAVE_TLS_METHOD_API 1
#else
# if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
# define LRB_HAVE_TLS_METHOD_API 1
# endif
#endif
static SSL_CTX *ssl_server_ctx; static SSL_CTX *ssl_server_ctx;
static SSL_CTX *ssl_client_ctx; static SSL_CTX *ssl_client_ctx;
@ -307,7 +320,7 @@ rb_init_ssl(void)
SSL_library_init(); SSL_library_init();
libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL); libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) #ifndef LRB_HAVE_TLS_METHOD_API
ssl_server_ctx = SSL_CTX_new(SSLv23_server_method()); ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
#else #else
ssl_server_ctx = SSL_CTX_new(TLS_server_method()); ssl_server_ctx = SSL_CTX_new(TLS_server_method());
@ -322,7 +335,7 @@ rb_init_ssl(void)
long server_options = SSL_CTX_get_options(ssl_server_ctx); long server_options = SSL_CTX_get_options(ssl_server_ctx);
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) #ifndef LRB_HAVE_TLS_METHOD_API
server_options |= SSL_OP_NO_SSLv2; server_options |= SSL_OP_NO_SSLv2;
server_options |= SSL_OP_NO_SSLv3; server_options |= SSL_OP_NO_SSLv3;
#endif #endif
@ -356,7 +369,7 @@ rb_init_ssl(void)
} }
#endif #endif
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) #ifndef LRB_HAVE_TLS_METHOD_API
ssl_client_ctx = SSL_CTX_new(TLSv1_client_method()); ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
#else #else
ssl_client_ctx = SSL_CTX_new(TLS_client_method()); ssl_client_ctx = SSL_CTX_new(TLS_client_method());