SQUID_STATE_ROLLBACK(iphlpapi)
])
+dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
+AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
+ AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
+ SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
+ LIBS="$LIBS $SSLLIB"
+ AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
+ AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
+ AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
+ SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
+])
+
+dnl Checks whether the -lcrypto library provides various OpenSSL API functions
+AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
+ AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_set0_untrusted() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
+ SQUID_STATE_SAVE(check_openssl_libcrypto_api)
+ LIBS="$LIBS $SSLLIB"
+ AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
+ AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
+ AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
+ AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
+ AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
+ AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
+ AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
+ AC_CHECK_LIB(crypto, X509_STORE_CTX_set0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, 1))
+ AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
+ AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
+ AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
+ SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
+])
+
+dnl Checks whether the -lssl library provides various OpenSSL API functions
+AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
+ AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
+ AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
+ SQUID_STATE_SAVE(check_openssl_libssl_api)
+ LIBS="$LIBS $SSLLIB"
+ AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
+ AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
+ AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
+ SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
+])
+
dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
dnl workaround can be used instead of using the SSL_get_certificate
AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
],
[
SSLeay_add_ssl_algorithms();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_METHOD
SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
#else
SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
],
[
SSLeay_add_ssl_algorithms();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_METHOD
SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
#else
SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
[])
SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
-]
-)
+])
+
+dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
+ AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
+ SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
+ AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+#include <openssl/ssl.h>
+
+int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
+ return 0;
+}
+ ],[
+return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
+ ])
+ ],[
+ AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
+ AC_MSG_RESULT([yes])
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+ SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
+])
+
+dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
+ AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
+ SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
+ AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+#include <openssl/ssl.h>
+
+SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
+ return NULL;
+}
+ ],[
+SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
+return 0;
+ ])
+ ],[
+ AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
+ AC_MSG_RESULT([yes])
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+ SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
+])
dnl Try to handle TXT_DB related problems:
dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available])
# check for API functions
+ SQUID_CHECK_LIBCRYPTO_API
+ SQUID_CHECK_LIBSSL_API
+ SQUID_CHECK_OPENSSL_TLS_METHODS
SQUID_STATE_SAVE(check_SSL_CTX_get0_certificate)
LIBS="$LIBS $SSLLIB"
AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
fi
SQUID_CHECK_OPENSSL_CONST_SSL_METHOD
+ SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA
+ SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG
SQUID_CHECK_OPENSSL_TXTDB
SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK
fi
#if USE_OPENSSL
Ssl::Initialize();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_CLIENT_METHOD
SSL_CTX *t = SSL_CTX_new(TLS_client_method());
#else
SSL_CTX *t = SSL_CTX_new(SSLv23_client_method());
#if USE_OPENSSL
Ssl::Initialize();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_SERVER_METHOD
SSL_CTX *t = SSL_CTX_new(TLS_server_method());
#else
SSL_CTX *t = SSL_CTX_new(SSLv23_server_method());
#if USE_OPENSSL
CtoCpp1(X509_free, X509 *)
-#if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0
+#if !HAVE_LIBCRYPTO_X509_UP_REF // OpenSSL 1.1 API
+#if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0 API
inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
-#endif
+#else
+#error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
+#endif /* CRYPTO_LOCK_X509 */
+#endif /* X509_up_ref */
typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > CertPointer;
#elif USE_GNUTLS
CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t)
#if USE_OPENSSL
CtoCpp1(X509_CRL_free, X509_CRL *)
-#if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0
+#if !HAVE_LIBCRYPTO_X509_CRL_UP_REF // OpenSSL 1.1 API
+#if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0 API
inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;}
-#endif
+#else
+#error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
+#endif /* CRYPTO_LOCK_X509_CRL */
+#endif /* X509_CRL_up_ref */
typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > CrlPointer;
#elif USE_GNUTLS
CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
#if USE_OPENSSL
CtoCpp1(DH_free, DH *);
-#if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0
+#if !HAVE_LIBCRYPTO_DH_UP_REF // OpenSSL 1.1 API
+#if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0 API
inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;}
-#endif
+#else
+#error missing both OpenSSL API features DH_up_ref (v1.1) and CRYPTO_LOCK_DH (v1.0)
+#endif /* OpenSSL 1.0 CRYPTO_LOCK_X509_CRL */
+#endif /* OpenSSL 1.1 DH_up_ref */
typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > DhePointer;
#else
typedef void *DhePointer;
/* SSL callbacks */
static void squid_ssl_info(const SSL *ssl, int where, int ret);
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if HAVE_LIBCRYPTO_BIO_METH_NEW
+static BIO_METHOD *SquidMethods = nullptr;
+#else
/// Initialization structure for the BIO table with
/// Squid-specific methods and BIO method wrappers.
static BIO_METHOD SquidMethods = {
squid_bio_destroy,
NULL // squid_callback_ctrl not supported
};
-#else
-static BIO_METHOD *SquidMethods = NULL;
#endif
BIO *
Ssl::Bio::Create(const int fd, Security::Io::Type type)
{
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- BIO_METHOD *useMethod = &SquidMethods;
-#else
+#if HAVE_LIBCRYPTO_BIO_METH_NEW
if (!SquidMethods) {
SquidMethods = BIO_meth_new(BIO_TYPE_SOCKET, "squid");
BIO_meth_set_write(SquidMethods, squid_bio_write);
BIO_meth_set_destroy(SquidMethods, squid_bio_destroy);
}
const BIO_METHOD *useMethod = SquidMethods;
+#else
+ BIO_METHOD *useMethod = &SquidMethods;
#endif
if (BIO *bio = BIO_new(useMethod)) {
static int
squid_bio_create(BIO *bi)
{
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if !HAVE_LIBCRYPTO_BIO_GET_INIT
bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD)
bi->num = 0;
bi->flags = 0;
cbytes[0] = (cipherId >> 8) & 0xFF;
cbytes[1] = cipherId & 0xFF;
cbytes[2] = 0;
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if HAVE_LIBSSL_SSL_CIPHER_FIND
+ const SSL_CIPHER *c = SSL_CIPHER_find(ssl, cbytes);
+#else
const SSL_METHOD *method = SSLv23_method();
const SSL_CIPHER *c = method->get_cipher_by_char(cbytes);
-#else
- const SSL_CIPHER *c = SSL_CIPHER_find(ssl, cbytes);
#endif
if (c != NULL) {
if (!strCiphers.isEmpty())
void
applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if !HAVE_LIBCRYPTO_BIO_GET_INIT
// OpenSSL v1.0 bio compatibility functions
inline void *BIO_get_data(BIO *table) { return table->ptr; }
inline void BIO_set_data(BIO *table, void *data) { table->ptr = data; }
DecipherOnly
};
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA
+ EVP_PKEY *certKey = X509_get_pubkey(mimicCert.get());
+ const bool rsaPkey = (EVP_PKEY_get0_RSA(certKey) != nullptr);
+#else
const int mimicAlgo = OBJ_obj2nid(mimicCert.get()->cert_info->key->algor->algorithm);
const bool rsaPkey = (mimicAlgo == NID_rsaEncryption);
-#else
- EVP_PKEY *certKey = X509_get_pubkey(mimicCert.get());
- const bool rsaPkey = (EVP_PKEY_get0_RSA(certKey) != NULL);
#endif
int added = 0;
}
}
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK
static RSA *
ssl_temp_rsa_cb(SSL * ssl, int anInt, int keylen)
{
static void
maybeSetupRsaCallback(Security::ContextPointer &ctx)
{
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK
debugs(83, 9, "Setting RSA key generation callback.");
SSL_CTX_set_tmp_rsa_callback(ctx.get(), ssl_temp_rsa_cb);
#endif
return matchX509CommonNames(cert, (void *)server, check_domain);
}
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if !HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT
static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
{
return ctx->cert;
}
// "dup" function for SSL_get_ex_new_index("cert_err_check")
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP
static int
ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,
int, long, void *)
if (ad->location->type == GEN_URI) {
xstrncpy(uri,
reinterpret_cast<const char *>(
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ASN1_STRING_data(ad->location->d.uniformResourceIdentifier)
-#else
+#if HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA
ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier)
+#else
+ ASN1_STRING_data(ad->location->d.uniformResourceIdentifier)
#endif
),
sizeof(uri));
{
debugs(83, 2, "completing " << sk_X509_num(untrustedCerts) << " OpenSSL untrusted certs using " << SquidUntrustedCerts.size() << " configured untrusted certificates");
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- int depth = ctx->param->depth;
-#else
+#if HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH
const X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
int depth = X509_VERIFY_PARAM_get_depth(param);
+#else
+ int depth = ctx->param->depth;
#endif
X509 *current = X509_STORE_CTX_get0_cert(ctx);
int i = 0;
// OpenSSL already maintains ctx->untrusted but we cannot modify
// internal OpenSSL list directly. We have to give OpenSSL our own
// list, but it must include certificates on the OpenSSL ctx->untrusted
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- STACK_OF(X509) *oldUntrusted = ctx->untrusted;
-#else
+#if HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED
STACK_OF(X509) *oldUntrusted = X509_STORE_CTX_get0_untrusted(ctx);
+#else
+ STACK_OF(X509) *oldUntrusted = ctx->untrusted;
#endif
STACK_OF(X509) *sk = sk_X509_dup(oldUntrusted); // oldUntrusted is always not NULL
X509_STORE_CTX_set_chain(ctx, sk); // No locking/unlocking, just sets ctx->untrusted
int ret = X509_verify_cert(ctx);
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- X509_STORE_CTX_set_chain(ctx, oldUntrusted); // Set back the old untrusted list
-#else
+#if HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED
X509_STORE_CTX_set0_untrusted(ctx, oldUntrusted);
+#else
+ X509_STORE_CTX_set_chain(ctx, oldUntrusted); // Set back the old untrusted list
#endif
sk_X509_free(sk); // Release sk list
return ret;
SSL_SESSION_set_timeout(session, Config.SSL.session_ttl);
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- unsigned char *id = session->session_id;
- unsigned int idlen = session->session_id_length;
-#else
+#if HAVE_LIBSSL_SSL_SESSION_GET_ID
unsigned int idlen;
const unsigned char *id = SSL_SESSION_get_id(session, &idlen);
+#else
+ unsigned char *id = session->session_id;
+ unsigned int idlen = session->session_id_length;
#endif
unsigned char key[MEMMAP_SLOT_KEY_SIZE];
// Session ids are of size 32bytes. They should always fit to a
}
static SSL_SESSION *
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
-#else
+#if SQUID_USE_CONST_SSL_SESSION_CBID
get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy)
+#else
+get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
#endif
{
if (!Ssl::SessionCache)
/// initialize a TLS client context with OpenSSL specific settings
bool InitClientContext(Security::ContextPointer &, Security::PeerOptions &, long flags);
-#if defined(CRYPTO_LOCK_X509)
-// portability wrapper for OpenSSL 1.0 vs 1.1
-// use Security::CertPointer instead where possible
-inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
-#endif
-
} //namespace Ssl
/// \ingroup ServerProtocolSSLAPI