From e3ca3e4829cdae0aa6dae2dc3a1e4b491628a94a Mon Sep 17 00:00:00 2001
From: jorton <jorton@unknown>
Date: Fri, 2 Feb 2024 11:55:30 +0000
Subject: [PATCH] Merge r1874101, r1913838 from trunk:

fix build with LibreSSL 2.0.7+

PR: 64047

Follow up to r1874101: Axe useless LIBRESSL_VERSION_NUMBER check.

Since the fix to MODSSL_USE_OPENSSL_PRE_1_1_API in r1908537, we are sure that
  !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
in this block.

Submitted by: gbechis, ylavic
Reviewed by: ylavic, minfrin, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1915539 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                       | 3 +++
 modules/ssl/ssl_engine_init.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index b80164a7a13..091c529c1e8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.59
 
+  *) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
+     [Giovanni Bechis, Yann Ylavic]
+
   *) htpasswd: Add support for passwords using SHA-2.  [Joe Orton,
      Yann Ylavic]
 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index bbac34dba8b..558d1bbe796 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1712,7 +1712,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
     X509_STORE_CTX *sctx;
     X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
     /* For OpenSSL >=1.1.1, turn on client cert support which is
      * otherwise turned off by default (by design).
      * https://github.com/openssl/openssl/issues/6933 */
-- 
2.47.2