OpenSSL: Fix build with old library versions that do not support TLS 1.3

The OCSP check here is specific to TLS 1.3 and the TLS1_3_VERSION value
is not available in older library versions. Comment this check out from
such cases since it is not applicable with such an old library.

Fixes: 10746875e27a ("OpenSSL: Allow no OCSP response when resuming a session with TLS 1.3")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 81c93c139f4bba6d6de4e2c5ac91aaf3c8941de7..6602ac64f5913b9b59ec6a06bdff1b5c8e5564b2 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5003,6 +5003,8 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 
        len = SSL_get_tlsext_status_ocsp_resp(s, &p);
        if (!p) {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x30400000L
                if (SSL_version(s) == TLS1_3_VERSION && SSL_session_reused(s)) {
                        /* TLS 1.3 sends the OCSP response with the server
                         * Certificate message. Since that Certificate message
@@ -5014,6 +5016,8 @@ static int ocsp_resp_cb(SSL *s, void *arg)
                                   "OpenSSL: Allow no OCSP response when using TLS 1.3 and a resumed session");
                        return 1;
                }
+#endif
+#endif
                wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
                return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
        }