BUILD/MEDIUM: Fixing the build using LibreSSL

Fixing the build using LibreSSL as OpenSSL implementation.
Currently, LibreSSL 2.4.4 provides the same API of OpenSSL 1.0.1x,
but it redefine the OpenSSL version number as 2.0.x, breaking all
checks with OpenSSL 1.1.x.
The patch solves the issue checking the definition of the symbol
LIBRESSL_VERSION_NUMBER when Openssl 1.1.x features are requested.

diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index b137e7a1f231ae6e016b0aad202d9ae1fde88fd0..5a31f02f08b06891af82642ed314508d7c2c8d4e 100644 (file)
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@@ -86,9 +86,9 @@ static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned ch
 
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
 /*
- * Functions introduced in OpenSSL 1.1.0
+ * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
  */
 
 static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index baaa0a107417dbb09abb51b36720c688a90dc20f..0a06adbbe7691f85597a1bcd139c820af7e6c53d 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1790,7 +1790,7 @@ static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, char *name,
 /* The following code is used for loading multiple crt files into
  * SSL_CTX's based on CN/SAN
  */
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
 /* This is used to preload the certifcate, private key
  * and Cert Chain of a file passed in via the crt
  * argument
@@ -3524,7 +3524,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
                                        conn->flags &= ~CO_FL_WAIT_L4_CONN;
                                if (!conn->err_code) {
                                        int empty_handshake;
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
                                        OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
                                        empty_handshake = state == TLS_ST_BEFORE;
 #else
@@ -3594,7 +3594,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
                        return 0;
                }
                else if (ret == SSL_ERROR_SYSCALL) {
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
                        OSSL_HANDSHAKE_STATE state;
 #endif
                        int empty_handshake;
@@ -3602,7 +3602,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
                        if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
                                conn->flags &= ~CO_FL_WAIT_L4_CONN;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
                        state = SSL_get_state((SSL *)conn->xprt_ctx);
                        empty_handshake = state == TLS_ST_BEFORE;
 #else