From: Selva Nair <selva.nair@gmail.com>
Date: Wed, 21 Feb 2018 16:46:02 +0000 (-0500)
Subject: Disable external ec key support when building with libressl
X-Git-Tag: v2.5_beta1~503
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=028b501734b4a57dc53edb8b11a4b370f5b99e38;p=thirdparty%2Fopenvpn.git

Disable external ec key support when building with libressl

- This codepath uses some openssl-1.1 specific API and is enabled only
  for openssl 1.1 and higher versions. But, due to incompatible
  version numbering in libressl, it gets wrongly enabled with libressl
  versions that do not support the reqired API. As an easy workaround
  disable the feature when LIBRESSL_VERSION_NUMBER is defined.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1519231562-5641-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16510.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index f2307dec1..cd4151316 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1159,7 +1159,7 @@ err:
     return 0;
 }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC)
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
 
 /* called when EC_KEY is destroyed */
 static void
@@ -1307,7 +1307,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
             goto err;
         }
     }
-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC)
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
     else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
     {
         if (!tls_ctx_use_external_ec_key(ctx, pkey))