Fix build with LibreSSL. Signed-off-by: Piotr Kubaj diff --git a/dtls.c b/dtls.c index e191612..c6ea52d 100644 --- a/dtls.c +++ b/dtls.c @@ -108,7 +108,7 @@ int RAND_bytes(char *buf, int len) extern void dtls1_stop_timer(SSL *); #endif -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) /* Since OpenSSL 1.1, the SSL_SESSION structure is opaque and we can't * just fill it in directly. So we have to generate the OpenSSL ASN.1 * representation of the SSL_SESSION, and use d2i_SSL_SESSION() to @@ -247,7 +247,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) #endif if (!vpninfo->dtls_ctx) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #ifdef HAVE_DTLS12 if (dtlsver == DTLS1_2_VERSION) dtls_method = DTLSv1_2_client_method(); @@ -265,7 +265,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) vpninfo->dtls_attempt_period = 0; return -EINVAL; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) if (dtlsver == DTLS1_BAD_VER) SSL_CTX_set_options(vpninfo->dtls_ctx, SSL_OP_CISCO_ANYCONNECT); #else diff --git a/openssl-esp.c b/openssl-esp.c index ed9e8fe..e20bde0 100644 --- a/openssl-esp.c +++ b/openssl-esp.c @@ -27,7 +27,7 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define EVP_CIPHER_CTX_free(c) do { \ EVP_CIPHER_CTX_cleanup(c); \ @@ -69,7 +69,7 @@ static int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *esp, destroy_esp_ciphers(esp); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) esp->cipher = malloc(sizeof(*esp->cipher)); if (!esp->cipher) return -ENOMEM; diff --git a/openssl.c b/openssl.c index 2166d47..f287022 100644 --- a/openssl.c +++ b/openssl.c @@ -36,7 +36,7 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define X509_up_ref(x) CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509) #define X509_get0_notAfter(x) X509_get_notAfter(x) #define EVP_MD_CTX_new EVP_MD_CTX_create @@ -1069,7 +1069,7 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo) return 0; } -#if OPENSSL_VERSION_NUMBER < 0x10002000L +#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) static int match_hostname_elem(const char *hostname, int helem_len, const char *match, int melem_len) { @@ -1605,7 +1605,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) return ssl_sock; if (!vpninfo->https_ctx) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) vpninfo->https_ctx = SSL_CTX_new(TLSv1_client_method()); #else vpninfo->https_ctx = SSL_CTX_new(TLS_client_method()); @@ -1744,7 +1744,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2 * cd6bd5ffda616822b52104fee0c4c7d623fd4f53 */ -#if OPENSSL_VERSION_NUMBER >= 0x10001070 +#if OPENSSL_VERSION_NUMBER >= 0x10001070 && !defined(LIBRESSL_VERSION_NUMBER) if (string_is_hostname(vpninfo->hostname)) SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname); #endif diff --git a/tests/Makefile.am b/tests/Makefile.am index 6677af9..6fa73a4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -48,17 +48,6 @@ TESTS_ENVIRONMENT = srcdir="$(srcdir)" \ noinst_PROGRAMS = lzstest seqtest -if CHECK_DTLS -noinst_PROGRAMS += bad_dtls_test -bad_dtls_test_SOURCES = bad_dtls_test.c -bad_dtls_test_CFLAGS = $(OPENSSL_CFLAGS) -bad_dtls_test_LDADD = $(OPENSSL_LIBS) - -if DTLS_XFAIL -XFAIL_TESTS = bad_dtls_test -endif -endif - TESTS = $(dist_check_SCRIPTS) $(noinst_PROGRAMS)