From 1a4e224a4ed2f6e29299401d9029404359de21f7 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Thu, 25 Jun 2015 13:57:07 +0000 Subject: [PATCH] LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the feature set they support (2.0 even!), deliberately breaking backward compatibility. Therefore, in order to fix a regression introduced by commit a4c8c827 with regard to LibreSSL's stupidity, unconditionally use the old TLS API if building against LibreSSL. --- libratbox/src/openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 911dbb61..874c5bf1 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -307,7 +307,7 @@ rb_init_ssl(void) SSL_library_init(); libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) ssl_server_ctx = SSL_CTX_new(SSLv23_server_method()); #else ssl_server_ctx = SSL_CTX_new(TLS_server_method()); @@ -322,7 +322,7 @@ rb_init_ssl(void) long server_options = SSL_CTX_get_options(ssl_server_ctx); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) server_options |= SSL_OP_NO_SSLv2; server_options |= SSL_OP_NO_SSLv3; #endif @@ -356,7 +356,7 @@ rb_init_ssl(void) } #endif -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) ssl_client_ctx = SSL_CTX_new(TLSv1_client_method()); #else ssl_client_ctx = SSL_CTX_new(TLS_client_method());