$OpenBSD: patch-src_tls_tls_h,v 1.1 2016/03/05 17:34:24 sthen Exp $ Fix building with LibreSSL --- a/src/tls/tls.h.orig Sat Feb 6 15:09:41 2016 +++ b/src/tls/tls.h Fri Feb 12 20:15:25 2016 @@ -89,7 +89,7 @@ extern const char *str_tls_level(int); #endif /* Backwards compatibility with OpenSSL < 1.1.0 */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define OpenSSL_version_num SSLeay #define OpenSSL_version SSLeay_version #define OPENSSL_VERSION SSLEAY_VERSION diff -urp src/posttls-finger/posttls-finger.c src/posttls-finger/posttls-finger.c --- a/src/posttls-finger/posttls-finger.c.orig 2016-08-27 22:27:50.000000000 +0200 +++ b/src/posttls-finger/posttls-finger.c 2016-08-29 15:57:24.941368708 +0200 @@ -1511,7 +1511,7 @@ static int finger(STATE *state) return (0); } -#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(USE_TLS) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) /* ssl_cleanup - free memory allocated in the OpenSSL library */ @@ -1958,7 +1958,7 @@ int main(int argc, char *argv[]) cleanup(&state); /* OpenSSL 1.1.0 and later (de)initialization is implicit */ -#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ssl_cleanup(); #endif diff -urp src/tls/tls_client.c src/tls/tls_client.c --- a/src/tls/tls_client.c.orig 2016-08-27 22:27:50.000000000 +0200 +++ b/src/tls/tls_client.c 2016-08-29 16:00:17.115355822 +0200 @@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TL */ tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must @@ -356,7 +356,7 @@ TLS_APPL_STATE *tls_client_init(const TL * TLS_ANY_VERSION macro. */ ERR_clear_error(); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) && defined(TLS_ANY_VERSION) client_ctx = SSL_CTX_new(TLS_client_method()); #else client_ctx = SSL_CTX_new(SSLv23_client_method()); @@ -441,7 +441,7 @@ TLS_APPL_STATE *tls_client_init(const TL /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * According to the OpenSSL documentation, temporary RSA key is needed diff -urp src/tls/tls_dane.c src/tls/tls_dane.c --- a/src/tls/tls_dane.c.orig 2016-08-27 22:27:50.000000000 +0200 +++ b/src/tls/tls_dane.c 2016-08-29 15:58:30.467363804 +0200 @@ -2163,7 +2163,7 @@ static SSL_CTX *ctx_init(const char *CAf tls_param_init(); tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings(); SSL_library_init(); #endif diff -urp src/tls/tls_rsa.c src/tls/tls_rsa.c --- a/src/tls/tls_rsa.c.orig 2016-01-03 15:49:51.000000000 +0100 +++ b/src/tls/tls_rsa.c 2016-08-29 15:57:58.067366229 +0200 @@ -57,7 +57,7 @@ /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */ @@ -109,7 +109,7 @@ int main(int unused_argc, char *cons /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) RSA *rsa; msg_vstream_init(argv[0], VSTREAM_ERR); diff -urp src/tls/tls_server.c src/tls/tls_server.c --- a/src/tls/tls_server.c.orig 2016-08-27 22:27:50.000000000 +0200 +++ b/src/tls/tls_server.c 2016-08-29 15:59:41.807358465 +0200 @@ -174,7 +174,7 @@ static const char server_session_id_cont #endif /* OPENSSL_VERSION_NUMBER */ /* OpenSSL 1.1.0 bitrot */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) typedef const unsigned char *session_id_t; #else @@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TL */ tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must @@ -447,7 +447,7 @@ TLS_APPL_STATE *tls_server_init(const TL * TLS_ANY_VERSION macro. */ ERR_clear_error(); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) && defined(TLS_ANY_VERSION) server_ctx = SSL_CTX_new(TLS_server_method()); #else server_ctx = SSL_CTX_new(SSLv23_server_method()); @@ -588,7 +588,7 @@ TLS_APPL_STATE *tls_server_init(const TL /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * According to OpenSSL documentation, a temporary RSA key is needed when