- This codepath uses some openssl-1.1 specific API and is enabled only
for openssl 1.1 and higher versions. But, due to incompatible
version numbering in libressl, it gets wrongly enabled with libressl
versions that do not support the reqired API. As an easy workaround
disable the feature when LIBRESSL_VERSION_NUMBER is defined.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1519231562-5641-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16510.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -1159,7 +1159,7 @@ err: |
1159 | 1159 |
return 0; |
1160 | 1160 |
} |
1161 | 1161 |
|
1162 |
-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) |
|
1162 |
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) |
|
1163 | 1163 |
|
1164 | 1164 |
/* called when EC_KEY is destroyed */ |
1165 | 1165 |
static void |
... | ... |
@@ -1307,7 +1307,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, |
1307 | 1307 |
goto err; |
1308 | 1308 |
} |
1309 | 1309 |
} |
1310 |
-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) |
|
1310 |
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) |
|
1311 | 1311 |
else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) |
1312 | 1312 |
{ |
1313 | 1313 |
if (!tls_ctx_use_external_ec_key(ctx, pkey)) |