Merge r1874101, r1913838 from trunk:

fix build with LibreSSL 2.0.7+

PR: 64047

Follow up to r1874101: Axe useless LIBRESSL_VERSION_NUMBER check.

Since the fix to MODSSL_USE_OPENSSL_PRE_1_1_API in r1908537, we are sure that
  !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
in this block.

Submitted by: gbechis, ylavic
Reviewed by: ylavic, minfrin, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1915539 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index b80164a7a132c69ee9b1418e3e639b8cc9dbffc0..091c529c1e8512952b756be7240c80391ee9fd3d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.59
 
+  *) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
+     [Giovanni Bechis, Yann Ylavic]
+
   *) htpasswd: Add support for passwords using SHA-2.  [Joe Orton,
      Yann Ylavic]
 

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index bbac34dba8bf55c8da04fae8df7cb4eff2a320b1..558d1bbe79614bdc3d1fe12a4020510996d1a8d2 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1712,7 +1712,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
     X509_STORE_CTX *sctx;
     X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
     /* For OpenSSL >=1.1.1, turn on client cert support which is
      * otherwise turned off by default (by design).
      * https://github.com/openssl/openssl/issues/6933 */