RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUILD/MEDIUM: Fixing the build using LibreSSL 

Fixing the build using LibreSSL as OpenSSL implementation.
Currently, LibreSSL 2.4.4 provides the same API of OpenSSL 1.0.1x,
but it redefine the OpenSSL version number as 2.0.x, breaking all
checks with OpenSSL 1.1.x.
The patch solves the issue checking the definition of the symbol
LIBRESSL_VERSION_NUMBER when Openssl 1.1.x features are requested.
This commit is contained in:
Luca Pizzamiglio 2016-12-12 10:56:56 +01:00 committed by Willy Tarreau
parent a73e59b690
commit 578b169dcb
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/proto/openssl-compat.h
View File

@ -86,9 +86,9 @@ static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned ch
#endif
#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
/*
* Functions introduced in OpenSSL 1.1.0
* Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
*/
static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)

8
src/ssl_sock.c
View File

@ -1790,7 +1790,7 @@ static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, char *name,
/* The following code is used for loading multiple crt files into
* SSL_CTX's based on CN/SAN
*/
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
/* This is used to preload the certifcate, private key
* and Cert Chain of a file passed in via the crt
* argument
@ -3524,7 +3524,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
conn->flags &= ~CO_FL_WAIT_L4_CONN;
if (!conn->err_code) {
int empty_handshake;
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
empty_handshake = state == TLS_ST_BEFORE;
#else
@ -3594,7 +3594,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
return 0;
}
else if (ret == SSL_ERROR_SYSCALL) {
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
OSSL_HANDSHAKE_STATE state;
#endif
int empty_handshake;
@ -3602,7 +3602,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
conn->flags &= ~CO_FL_WAIT_L4_CONN;
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
state = SSL_get_state((SSL *)conn->xprt_ctx);
empty_handshake = state == TLS_ST_BEFORE;
#else