From e43474b47267cc4809e1974eaf44ba1b381d1bec Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Mon, 7 Aug 2023 22:34:26 +0000
Subject: [PATCH] openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL
 3.5.0

LibreSSL 3.5.0 (2022-02-24) added support for
`SSL_CTX_set_keylog_callback`.

Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt

Reviewed-by: Jay Satiro
Closes #11615
---
 lib/vtls/openssl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 303032d14a..43c9dd395c 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -190,11 +190,12 @@
  * Whether SSL_CTX_set_keylog_callback is available.
  * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
  * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
- * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
- *           lies and pretends to be OpenSSL 2.0.0).
+ * LibreSSL: supported since 3.5.0 (released 2022-02-24)
  */
 #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
      !defined(LIBRESSL_VERSION_NUMBER)) || \
+    (defined(LIBRESSL_VERSION_NUMBER) && \
+     LIBRESSL_VERSION_NUMBER >= 0x3050000fL) || \
     defined(OPENSSL_IS_BORINGSSL)
 #define HAVE_KEYLOG_CALLBACK
 #endif
-- 
2.47.3