AC_CHECK_FUNCS([SSL_CTX_set_min_proto_version])
AC_CHECK_FUNCS([SSL_CTX_up_ref])
AC_CHECK_FUNCS([SSL_read_ex SSL_peek_ex SSL_write_ex])
+AC_CHECK_FUNCS([SSL_CTX_set1_cert_store X509_STORE_up_ref])
#
# Check for algorithm support in OpenSSL
return;
}
#endif
+
+#if !HAVE_X509_STORE_UP_REF
+
+int
+X509_STORE_up_ref(X509_STORE *store) {
+ return (CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE));
+}
+
+#endif /* !HAVE_OPENSSL_CLEANUP */
+
+#if !HAVE_SSL_CTX_SET1_CERT_STORE
+
+void
+SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) {
+ (void)X509_STORE_up_ref(store);
+
+ SSL_CTX_set_cert_store(ctx, store);
+}
+
+#endif /* !HAVE_SSL_CTX_SET1_CERT_STORE */
#if !HAVE_TLS_CLIENT_METHOD
#define TLS_client_method SSLv23_client_method
#endif
+
+#if !HAVE_X509_STORE_UP_REF
+int
+X509_STORE_up_ref(X509_STORE *v);
+#endif /* !HAVE_OPENSSL_CLEANUP */
+
+#if !HAVE_SSL_CTX_SET1_CERT_STORE
+void
+SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
+#endif /* !HAVE_SSL_CTX_SET1_CERT_STORE */
}
/* "Attach" the cert store to the context */
-#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
- (void)X509_STORE_up_ref(store);
- SSL_CTX_set_cert_store(tlsctx, store);
-#elif defined(CRYPTO_LOCK_X509_STORE)
- /*
- * That is the case for OpenSSL < 1.1.X and LibreSSL < 3.5.0.
- * No SSL_CTX_set1_cert_store(), no X509_STORE_up_ref(). Sigh...
- */
- (void)CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
- SSL_CTX_set_cert_store(tlsctx, store);
-#else
SSL_CTX_set1_cert_store(tlsctx, store);
-#endif
/* enable verification */
if (is_server) {
projects / thirdparty / bind9.git / commitdiff
