OpenSSL: Drop support for OpenSSL 1.0.0

The OpenSSL project will not support version 1.0.0 anymore. As there
won't be even security fixes for this branch, it is not really safe to
continue using 1.0.0 and we might as well drop support for it to allow
cleaning up the conditional source code blocks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index f427c9c24609525bf838a99092364930aa684400..309c15deb5103c57d985d25847a64961711c741b 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2379,9 +2379,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
                 */
                res = 0;
 #else /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
                SSL_CTX_clear_extra_chain_certs(data->ssl);
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10001000L */
                while ((cert = sk_X509_pop(certs)) != NULL) {
                        X509_NAME_oneline(X509_get_subject_name(cert), buf,
                                          sizeof(buf));
@@ -3173,21 +3171,17 @@ int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
                       const char *label, int server_random_first,
                       int skip_keyblock, u8 *out, size_t out_len)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
-       SSL *ssl;
        if (conn == NULL)
                return -1;
        if (server_random_first || skip_keyblock)
                return openssl_tls_prf(conn, label,
                                       server_random_first, skip_keyblock,
                                       out, out_len);
-       ssl = conn->ssl;
-       if (SSL_export_keying_material(ssl, out, out_len, label,
+       if (SSL_export_keying_material(conn->ssl, out, out_len, label,
                                       os_strlen(label), NULL, 0, 0) == 1) {
                wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
                return 0;
        }
-#endif
        return openssl_tls_prf(conn, label, server_random_first,
                               skip_keyblock, out, out_len);
 }
@@ -3448,11 +3442,7 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx,
 
 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
        return conn ? SSL_cache_hit(conn->ssl) : 0;
-#else
-       return conn ? conn->ssl->hit : 0;
-#endif
 }