Fix build with LibreSSL

Detect the presence of SSL_CTX_set_security_level(), don't check
OPENSSL_VERSION_NUMBER.

Signed-off-by: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <8760a6kjwc.fsf@ritchie.wxcvbn.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15902.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/configure.ac b/configure.ac
index 7f2e34f2c5a00d2d38e39ce834bf96d330e57247..acfddb221da86745b9281eed7f01771e2d319b95 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -927,6 +927,7 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
                        EVP_MD_CTX_reset \
                        SSL_CTX_get_default_passwd_cb \
                        SSL_CTX_get_default_passwd_cb_userdata \
+                       SSL_CTX_set_security_level \
                        X509_get0_pubkey \
                        X509_STORE_get0_objects \
                        X509_OBJECT_free \

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index de89cb13a6b68eaa0b439bec86d660c693f72a02..b782946e7038fe6964ae1556b71f93113f373cc8 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -386,7 +386,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 void
 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000)
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
     /* OpenSSL does not have certificate profiles, but a complex set of
      * callbacks that we could try to implement to achieve something similar.
      * For now, use OpenSSL's security levels to achieve similar (but not equal)