LibreSSL has OPENSSL_VERSION_NUMBER >= 0x2000000

diff --git a/configure.ac b/configure.ac
index 4f9bc2e05a517f53d4200b870df4e97e4f580f6c..976f161bdad5bf920a7025ab3703a3cd6c12e59a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -324,7 +324,15 @@ tmp_LDFLAGS=$LDFLAGS
 tmp_LIBS=$LIBS
 
 ACX_WITH_SSL_OPTIONAL
-
+if test "x$HAVE_SSL" != "xyes"; then
+       AC_MSG_CHECKING([for LibreSSL])
+       if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
+               AC_MSG_RESULT([yes])
+               AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
+       else
+               AC_MSG_RESULT([no])
+       fi
+fi
 AC_CHECK_FUNCS([EVP_sha256 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id])
 
 # for macosx, see if glibtool exists and use that

diff --git a/dnssec.c b/dnssec.c
index a3302ed43ac7372b7e7323cecf0ab920e149f304..6faaa9c48b17de56a5b0acb672a81518a63459ef 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -375,7 +375,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
                BN_free(Y);
                return NULL;
        }
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
        dsa->p = P;
        dsa->q = Q;
@@ -461,7 +461,7 @@ ldns_key_buf2rsa_raw(const unsigned char* key, size_t len)
                BN_free(modulus);
                return NULL;
        }
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
        rsa->n = modulus;
        rsa->e = exponent;

diff --git a/error.c b/error.c
index e8e682d7a649d158ce60ee510db3b3f3ac3fc479..35ee5bdd5e24dc3449bc6dc0e962fd9ce80d289a 100644 (file)
--- a/error.c
+++ b/error.c
@@ -147,7 +147,7 @@ ldns_lookup_table ldns_error_str[] = {
                "Syntax error, superfluous text present" },
         { LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW,
                "The NSEC3 domainname length overflow" },
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
         { LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA,
                "ldns needs to be linked with OpenSSL >= 1.1.0 to be able "
                        "to verify the DANE-TA usage type." },

diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 56ca368317052d5e74258de3c1d58f673b0a0dc7..4372c4a9753d7a7922efdda7030e01e9f6d1e23c 100644 (file)
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1097,7 +1097,7 @@ dane_create(ldns_rr_list* tlsas, ldns_rdf* tlsa_owner,
        }
 }
 
-#if defined(USE_DANE_VERIFY) && OPENSSL_VERSION_NUMBER < 0x10100000
+#if defined(USE_DANE_VERIFY) && ( OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL )
 static bool
 dane_verify(ldns_rr_list* tlsas, ldns_rdf* address,
                X509* cert, STACK_OF(X509)* extra_certs,
@@ -1165,7 +1165,7 @@ main(int argc, char* const* argv)
        ldns_status   s;
        size_t        i;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL)
        size_t        j, usable_tlsas = 0;
        X509_STORE_CTX *store_ctx = NULL;
 #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
@@ -1688,7 +1688,7 @@ main(int argc, char* const* argv)
                }
        }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
        ctx =  SSL_CTX_new(SSLv23_client_method());
 #else
        ctx =  SSL_CTX_new(TLS_client_method());
@@ -1730,7 +1730,7 @@ main(int argc, char* const* argv)
                                             verify_server_name, name);
                             break;
 #ifdef USE_DANE_VERIFY
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
                case VERIFY: if (! dane_verify(tlsas, NULL,
                                               cert, extra_certs, store,
                                               verify_server_name, name,
@@ -1844,7 +1844,7 @@ main(int argc, char* const* argv)
                        address = ldns_rr_a_address(
                                        ldns_rr_list_rr(addresses, i));
                        assert(address != NULL);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000  && ! defined(HAVE_LIBRESSL)
                        if (mode == VERIFY) {
                                usable_tlsas = 0;
                                if (SSL_dane_enable(ssl, name_str) <= 0) {
@@ -1904,7 +1904,7 @@ main(int argc, char* const* argv)
                                continue;
                        }
                        LDNS_ERR(s, "could not get cert chain from ssl");
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL)
 
                        if (mode == VERIFY) {
                                char *address_str = ldns_rdf2str(address);
@@ -1934,7 +1934,7 @@ main(int argc, char* const* argv)
 
 #ifdef USE_DANE_VERIFY
                        case VERIFY:
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
                                     if (! dane_verify(tlsas, address,
                                                cert, extra_certs, store,
                                                verify_server_name, name,

diff --git a/host2str.c b/host2str.c
index a6f84746be9bdb80ca66b27385d8ed34093a01af..280961b88a29c9bef3565c15dbd475ec7833c123 100644 (file)
--- a/host2str.c
+++ b/host2str.c
@@ -2040,7 +2040,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                        const BIGNUM *n=NULL, *e=NULL, *d=NULL,
                                                *p=NULL, *q=NULL, *dmp1=NULL,
                                                *dmq1=NULL, *iqmp=NULL;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
                                        n = rsa->n;
                                        e = rsa->e;
                                        d = rsa->d;
@@ -2092,7 +2092,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                if(1) {
                                        const BIGNUM *p=NULL, *q=NULL, *g=NULL,
                                                *priv_key=NULL, *pub_key=NULL;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #ifndef S_SPLINT_S
                                        p = dsa->p;
                                        q = dsa->q;

diff --git a/keys.c b/keys.c
index 70aaa90fe4c4da5300f33745207ffa04255ab96b..11e18f539ab23a047c353257df17e5b6e077e38c 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -898,7 +898,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
        }
 #endif /* splint */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 # ifndef S_SPLINT_S
        rsa->n = n;
        rsa->e = e;
@@ -1018,7 +1018,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
        }
 #endif /* splint */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 # ifndef S_SPLINT_S
        dsa->p = p;
        dsa->q = q;
@@ -1700,7 +1700,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
        if (!k) {
                return false;
        }
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
        n = k->n;
        e = k->e;
 #else