|
Added
Link Here
|
| 1 |
$OpenBSD: patch-src_main_tls_c,v 1.2 2017/05/30 13:12:30 sthen Exp $ |
| 2 |
Index: src/main/tls.c |
| 3 |
--- src/main/tls.c.orig 2017-05-26 18:11:20 UTC |
| 4 |
+++ src/main/tls.c |
| 5 |
@@ -2031,7 +2031,7 @@ int cbtls_verify(int ok, X509_STORE_CTX |
| 6 |
char cn_str[1024]; |
| 7 |
char buf[64]; |
| 8 |
X509 *client_cert; |
| 9 |
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 10 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
| 11 |
const STACK_OF(X509_EXTENSION) *ext_list; |
| 12 |
#else |
| 13 |
STACK_OF(X509_EXTENSION) *ext_list; |
| 14 |
@@ -3038,6 +3038,7 @@ post_ca: |
| 15 |
SSL_CTX_set_verify_depth(ctx, conf->verify_depth); |
| 16 |
} |
| 17 |
|
| 18 |
+#ifndef LIBRESSL_VERSION_NUMBER |
| 19 |
/* Load randomness */ |
| 20 |
if (conf->random_file) { |
| 21 |
if (!(RAND_load_file(conf->random_file, 1024*10))) { |
| 22 |
@@ -3045,6 +3046,7 @@ post_ca: |
| 23 |
return NULL; |
| 24 |
} |
| 25 |
} |
| 26 |
+#endif |
| 27 |
|
| 28 |
/* |
| 29 |
* Set the cipher list if we were told to |
| 30 |
@@ -3166,6 +3168,7 @@ fr_tls_server_conf_t *tls_server_conf_pa |
| 31 |
* Only check for certificate things if we don't have a |
| 32 |
* PSK query. |
| 33 |
*/ |
| 34 |
+#ifdef PSK_MAX_IDENTITY_LEN |
| 35 |
if (conf->psk_identity) { |
| 36 |
if (conf->private_key_file) { |
| 37 |
WARN(LOG_PREFIX ": Ignoring private key file due to psk_identity being used"); |
| 38 |
@@ -3175,7 +3178,9 @@ fr_tls_server_conf_t *tls_server_conf_pa |
| 39 |
WARN(LOG_PREFIX ": Ignoring certificate file due to psk_identity being used"); |
| 40 |
} |
| 41 |
|
| 42 |
- } else { |
| 43 |
+ } else |
| 44 |
+#endif |
| 45 |
+ { |
| 46 |
if (!conf->private_key_file) { |
| 47 |
ERROR(LOG_PREFIX ": TLS Server requires a private key file"); |
| 48 |
goto error; |