lib-ssl-iostream: Fix compiling with libressl

libressl has no SSL_OP_NO_RENEGOTIATION. Fix this by disallowing channel
binding with libressl when using TLSv1.2 or older.

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 77999216444b77f99a1a4b940d19a15a3811c3c1..e8b22f0e63d7880c5c8abe5552171fe5494a4a2b 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -888,9 +888,12 @@ openssl_iostream_get_cb_tls_exporter(struct ssl_iostream *ssl_io,
           channel binding type is not defined for that connection, and
           implementations MUST NOT support it.
         */
-       if (SSL_version(ssl_io->ssl) < TLS1_3_VERSION &&
-           HAS_NO_BITS(SSL_get_options(ssl_io->ssl),
-                       SSL_OP_NO_RENEGOTIATION)) {
+       if (SSL_version(ssl_io->ssl) < TLS1_3_VERSION
+#ifdef SSL_OP_NO_RENEGOTIATION
+           && HAS_NO_BITS(SSL_get_options(ssl_io->ssl),
+                          SSL_OP_NO_RENEGOTIATION))
+#endif
+       {
                *error_r = t_strdup_printf(
                        "Channel binding type 'tls-exporter' not available: "
                        "TLS renegotiation is enabled for %s",