Fix build with LibreSSL

Detect the presence of SSL_CTX_set_security_level(), don't check
OPENSSL_VERSION_NUMBER.

Signed-off-by: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <8760a6kjwc.fsf@ritchie.wxcvbn.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15902.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/configure.ac b/configure.ac
index afcecb1373e2bf156985d2b6c66592649640a7e3..51eb98146bea9d5e856887268a2da7e313c370f5 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -907,6 +907,7 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
                        EVP_MD_CTX_reset \
                        SSL_CTX_get_default_passwd_cb \
                        SSL_CTX_get_default_passwd_cb_userdata \
+                       SSL_CTX_set_security_level \
                        X509_get0_pubkey \
                        X509_STORE_get0_objects \
                        X509_OBJECT_free \

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 001a7865d1b076cc73b852754afb3c96d0d2e0ae..dc599becd4efaf5609fcebac4f35c107fe0be250 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -389,7 +389,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 void
 tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000)
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
     /* OpenSSL does not have certificate profiles, but a complex set of
      * callbacks that we could try to implement to achieve something similar.
      * For now, use OpenSSL's security levels to achieve similar (but not equal)