mirror of
https://github.com/matrix-construct/construct
synced 2024-11-29 10:12:39 +01:00
Use new TLS method APIs with new LibreSSL
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to what they claim it is by implementing the new TLS client and server method APIs. Therefore, in furtherance of commitsa4c8c827
and1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0 or LibreSSL 2.2.2. Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
This commit is contained in:
parent
172b58fee9
commit
3ae24413ca
1 changed files with 16 additions and 3 deletions
|
@ -35,6 +35,19 @@
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
|
#include <openssl/opensslv.h>
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This is a mess but what can you do when the library authors
|
||||||
|
* refuse to play ball with established conventions?
|
||||||
|
*/
|
||||||
|
#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
|
||||||
|
# define LRB_HAVE_TLS_METHOD_API 1
|
||||||
|
#else
|
||||||
|
# if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||||
|
# define LRB_HAVE_TLS_METHOD_API 1
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
static SSL_CTX *ssl_server_ctx;
|
static SSL_CTX *ssl_server_ctx;
|
||||||
static SSL_CTX *ssl_client_ctx;
|
static SSL_CTX *ssl_client_ctx;
|
||||||
|
@ -307,7 +320,7 @@ rb_init_ssl(void)
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);
|
libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);
|
||||||
|
|
||||||
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
#ifndef LRB_HAVE_TLS_METHOD_API
|
||||||
ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
|
ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
|
||||||
#else
|
#else
|
||||||
ssl_server_ctx = SSL_CTX_new(TLS_server_method());
|
ssl_server_ctx = SSL_CTX_new(TLS_server_method());
|
||||||
|
@ -322,7 +335,7 @@ rb_init_ssl(void)
|
||||||
|
|
||||||
long server_options = SSL_CTX_get_options(ssl_server_ctx);
|
long server_options = SSL_CTX_get_options(ssl_server_ctx);
|
||||||
|
|
||||||
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
#ifndef LRB_HAVE_TLS_METHOD_API
|
||||||
server_options |= SSL_OP_NO_SSLv2;
|
server_options |= SSL_OP_NO_SSLv2;
|
||||||
server_options |= SSL_OP_NO_SSLv3;
|
server_options |= SSL_OP_NO_SSLv3;
|
||||||
#endif
|
#endif
|
||||||
|
@ -356,7 +369,7 @@ rb_init_ssl(void)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
#ifndef LRB_HAVE_TLS_METHOD_API
|
||||||
ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
|
ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
|
||||||
#else
|
#else
|
||||||
ssl_client_ctx = SSL_CTX_new(TLS_client_method());
|
ssl_client_ctx = SSL_CTX_new(TLS_client_method());
|
||||||
|
|
Loading…
Reference in a new issue