99 lines
3.8 KiB
Diff
99 lines
3.8 KiB
Diff
--- src/ctx.c 2015-11-26 13:32:51.458101892 +0100
|
|
+++ src/ctx.c 2015-11-26 13:36:05.918181575 +0100
|
|
@@ -349,7 +349,7 @@
|
|
/**************************************** initialize OpenSSL CONF */
|
|
|
|
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
SSL_CONF_CTX *cctx;
|
|
NAME_LIST *curr;
|
|
char *cmd, *param;
|
|
--- src/options.c 2015-11-26 13:32:51.457101897 +0100
|
|
+++ src/options.c 2015-11-26 13:39:04.422336822 +0100
|
|
@@ -1261,7 +1261,7 @@
|
|
break;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
/* checkEmail */
|
|
switch(cmd) {
|
|
@@ -1398,7 +1398,7 @@
|
|
break;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
/* config */
|
|
switch(cmd) {
|
|
@@ -2539,7 +2539,7 @@
|
|
/* sslVersion */
|
|
switch(cmd) {
|
|
case CMD_BEGIN:
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
section->client_method=(SSL_METHOD *)TLS_client_method();
|
|
section->server_method=(SSL_METHOD *)TLS_server_method();
|
|
#else
|
|
@@ -2551,7 +2551,7 @@
|
|
if(strcasecmp(opt, "sslVersion"))
|
|
break;
|
|
if(!strcasecmp(arg, "all")) {
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
section->client_method=(SSL_METHOD *)TLS_client_method();
|
|
section->server_method=(SSL_METHOD *)TLS_server_method();
|
|
#else
|
|
--- src/prototypes.h 2015-11-26 13:32:51.459101887 +0100
|
|
+++ src/prototypes.h 2015-11-26 13:38:04.814618905 +0100
|
|
@@ -207,7 +207,7 @@
|
|
char *ocsp_url;
|
|
unsigned long ocsp_flags;
|
|
#endif /* !defined(OPENSSL_NO_OCSP) */
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
NAME_LIST *check_host, *check_email, *check_ip; /* cert subject checks */
|
|
NAME_LIST *config; /* OpenSSL CONF options */
|
|
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
|
|
--- src/verify.c 2015-11-26 13:32:51.458101892 +0100
|
|
+++ src/verify.c 2015-11-26 13:37:51.442682192 +0100
|
|
@@ -51,7 +51,7 @@
|
|
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
|
|
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
|
|
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
|
|
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
|
|
NOEXPORT int cert_check_local(X509_STORE_CTX *);
|
|
@@ -185,7 +185,7 @@
|
|
}
|
|
if(section->verify_level>=3) /* levels>=3 don't rely on PKI */
|
|
return;
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if(section->check_email || section->check_host || section->check_ip)
|
|
return;
|
|
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
|
|
@@ -280,7 +280,7 @@
|
|
}
|
|
|
|
if(depth==0) { /* additional peer certificate checks */
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
if(!cert_check_subject(c, callback_ctx))
|
|
return 0; /* reject */
|
|
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
|
|
@@ -291,7 +291,7 @@
|
|
return 1; /* accept */
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
|
|
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
|
|
NAME_LIST *ptr;
|