Detect the presence of SSL_CTX_set_security_level(), don't check
OPENSSL_VERSION_NUMBER.
Signed-off-by: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <8760a6kjwc.fsf@ritchie.wxcvbn.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15902.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -927,6 +927,7 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then |
927 | 927 |
EVP_MD_CTX_reset \ |
928 | 928 |
SSL_CTX_get_default_passwd_cb \ |
929 | 929 |
SSL_CTX_get_default_passwd_cb_userdata \ |
930 |
+ SSL_CTX_set_security_level \ |
|
930 | 931 |
X509_get0_pubkey \ |
931 | 932 |
X509_STORE_get0_objects \ |
932 | 933 |
X509_OBJECT_free \ |
... | ... |
@@ -386,7 +386,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) |
386 | 386 |
void |
387 | 387 |
tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) |
388 | 388 |
{ |
389 |
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000) |
|
389 |
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL |
|
390 | 390 |
/* OpenSSL does not have certificate profiles, but a complex set of |
391 | 391 |
* callbacks that we could try to implement to achieve something similar. |
392 | 392 |
* For now, use OpenSSL's security levels to achieve similar (but not equal) |