Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix build with LibreSSL.
Signed-off-by: Piotr Kubaj <pkubaj@anongoth.pl>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
pkubaj authored and David Woodhouse committed Aug 31, 2016
1 parent 5638b1b commit 9c36560
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
6 changes: 3 additions & 3 deletions dtls.c
Expand Up @@ -108,7 +108,7 @@ int RAND_bytes(char *buf, int len)
extern void dtls1_stop_timer(SSL *);
#endif

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
/* Since OpenSSL 1.1, the SSL_SESSION structure is opaque and we can't
* just fill it in directly. So we have to generate the OpenSSL ASN.1
* representation of the SSL_SESSION, and use d2i_SSL_SESSION() to
Expand Down Expand Up @@ -247,7 +247,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
#endif

if (!vpninfo->dtls_ctx) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#ifdef HAVE_DTLS12
if (dtlsver == DTLS1_2_VERSION)
dtls_method = DTLSv1_2_client_method();
Expand All @@ -265,7 +265,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if (dtlsver == DTLS1_BAD_VER)
SSL_CTX_set_options(vpninfo->dtls_ctx, SSL_OP_CISCO_ANYCONNECT);
#else
Expand Down
4 changes: 2 additions & 2 deletions openssl-esp.c
Expand Up @@ -27,7 +27,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>

#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

#define EVP_CIPHER_CTX_free(c) do { \
EVP_CIPHER_CTX_cleanup(c); \
Expand Down Expand Up @@ -69,7 +69,7 @@ static int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *esp,

destroy_esp_ciphers(esp);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
esp->cipher = malloc(sizeof(*esp->cipher));
if (!esp->cipher)
return -ENOMEM;
Expand Down
8 changes: 4 additions & 4 deletions openssl.c
Expand Up @@ -36,7 +36,7 @@
#include <openssl/ui.h>
#include <openssl/rsa.h>

#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_up_ref(x) CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
#define X509_get0_notAfter(x) X509_get_notAfter(x)
#define EVP_MD_CTX_new EVP_MD_CTX_create
Expand Down Expand Up @@ -1069,7 +1069,7 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo)
return 0;
}

#if OPENSSL_VERSION_NUMBER < 0x10002000L
#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
static int match_hostname_elem(const char *hostname, int helem_len,
const char *match, int melem_len)
{
Expand Down Expand Up @@ -1605,7 +1605,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
return ssl_sock;

if (!vpninfo->https_ctx) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
vpninfo->https_ctx = SSL_CTX_new(TLSv1_client_method());
#else
vpninfo->https_ctx = SSL_CTX_new(TLS_client_method());
Expand Down Expand Up @@ -1744,7 +1744,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
* 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2
* cd6bd5ffda616822b52104fee0c4c7d623fd4f53
*/
#if OPENSSL_VERSION_NUMBER >= 0x10001070
#if OPENSSL_VERSION_NUMBER >= 0x10001070 && !defined(LIBRESSL_VERSION_NUMBER)
if (string_is_hostname(vpninfo->hostname))
SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname);
#endif
Expand Down

0 comments on commit 9c36560

Please sign in to comment.