From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 10 Feb 2025 13:33:21 +0000 (+0200)
Subject: lib-ssl-iostream: Fix compiling with libressl
X-Git-Tag: 2.4.1~224
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0d36ad709e90719e5aa5148bc22acdff3a1f507e;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Fix compiling with libressl

libressl has no SSL_OP_NO_RENEGOTIATION. Fix this by disallowing channel
binding with libressl when using TLSv1.2 or older.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 7799921644..e8b22f0e63 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -888,9 +888,12 @@ openssl_iostream_get_cb_tls_exporter(struct ssl_iostream *ssl_io,
 	   channel binding type is not defined for that connection, and
 	   implementations MUST NOT support it.
 	 */
-	if (SSL_version(ssl_io->ssl) < TLS1_3_VERSION &&
-	    HAS_NO_BITS(SSL_get_options(ssl_io->ssl),
-			SSL_OP_NO_RENEGOTIATION)) {
+	if (SSL_version(ssl_io->ssl) < TLS1_3_VERSION
+#ifdef SSL_OP_NO_RENEGOTIATION
+	    && HAS_NO_BITS(SSL_get_options(ssl_io->ssl),
+			   SSL_OP_NO_RENEGOTIATION))
+#endif
+	{
 		*error_r = t_strdup_printf(
 			"Channel binding type 'tls-exporter' not available: "
 			"TLS renegotiation is enabled for %s",