From: Simon Matter <simon.matter@invoca.ch>
Date: Fri, 2 Mar 2018 07:49:31 +0000 (+0100)
Subject: Add missing #ifdef SSL_OP_NO_TLSv1_1/2
X-Git-Tag: v2.4.6~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=88abb911ea22a306e87fba58410da45c2baad57f;p=thirdparty%2Fopenvpn.git

Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Release/2.4 supports older OpenSSL versions than master, so when
cherrypicking f8a92a4393a -> 2d705accea3e53 these code bits should
have received an #ifdef to ensure compatibility (as done for the
same define in other places in 2.4 already).  Add them now.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <52e860ea74ac958309368374049f14bd.squirrel@webmail.bi.invoca.ch>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16588.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index c3152d0c1..9f5306979 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -672,14 +672,18 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
     {
         return TLS1_VERSION;
     }
+#ifdef SSL_OP_NO_TLSv1_1
     if (!(sslopt & SSL_OP_NO_TLSv1_1))
     {
         return TLS1_1_VERSION;
     }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
     if (!(sslopt & SSL_OP_NO_TLSv1_2))
     {
         return TLS1_2_VERSION;
     }
+#endif
     return 0;
 }
 #endif /* SSL_CTX_get_min_proto_version */