Lines 1-56
Link Here
|
1 |
--- src/ssl/support.cc.orig 2017-02-12 21:14:36 UTC |
|
|
2 |
+++ src/ssl/support.cc |
3 |
@@ -235,7 +235,7 @@ bool Ssl::checkX509ServerValidity(X509 * |
4 |
return matchX509CommonNames(cert, (void *)server, check_domain); |
5 |
} |
6 |
|
7 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
8 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) |
9 |
static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) |
10 |
{ |
11 |
return ctx->cert; |
12 |
@@ -379,7 +379,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * c |
13 |
} |
14 |
|
15 |
// "dup" function for SSL_get_ex_new_index("cert_err_check") |
16 |
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
17 |
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) |
18 |
static int |
19 |
ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, |
20 |
int, long, void *) |
21 |
@@ -1116,7 +1116,7 @@ hasAuthorityInfoAccessCaIssuers(X509 *ce |
22 |
if (ad->location->type == GEN_URI) { |
23 |
xstrncpy(uri, |
24 |
reinterpret_cast<const char *>( |
25 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
26 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) |
27 |
ASN1_STRING_data(ad->location->d.uniformResourceIdentifier) |
28 |
#else |
29 |
ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier) |
30 |
@@ -1291,7 +1291,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c |
31 |
// OpenSSL already maintains ctx->untrusted but we cannot modify |
32 |
// internal OpenSSL list directly. We have to give OpenSSL our own |
33 |
// list, but it must include certificates on the OpenSSL ctx->untrusted |
34 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
35 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) |
36 |
STACK_OF(X509) *oldUntrusted = ctx->untrusted; |
37 |
#else |
38 |
STACK_OF(X509) *oldUntrusted = X509_STORE_CTX_get0_untrusted(ctx); |
39 |
@@ -1310,7 +1310,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c |
40 |
|
41 |
X509_STORE_CTX_set_chain(ctx, sk); // No locking/unlocking, just sets ctx->untrusted |
42 |
int ret = X509_verify_cert(ctx); |
43 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
44 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) |
45 |
X509_STORE_CTX_set_chain(ctx, oldUntrusted); // Set back the old untrusted list |
46 |
#else |
47 |
X509_STORE_CTX_set0_untrusted(ctx, oldUntrusted); |
48 |
@@ -1535,7 +1535,7 @@ remove_session_cb(SSL_CTX *, SSL_SESSION |
49 |
} |
50 |
|
51 |
static SSL_SESSION * |
52 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
53 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) |
54 |
get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy) |
55 |
#else |
56 |
get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy) |