Browse code
Fix build with LibreSSL
Detect the presence of SSL_CTX_set_security_level(), don't check
OPENSSL_VERSION_NUMBER.
Signed-off-by: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <8760a6kjwc.fsf@ritchie.wxcvbn.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15902.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Jeremie Courreges-Anglas authored on 2017/11/20 06:57:56Showing 2 changed files
| ... | ... |
@@ -927,6 +927,7 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
|
| 927 | 927 |
EVP_MD_CTX_reset \ |
| 928 | 928 |
SSL_CTX_get_default_passwd_cb \ |
| 929 | 929 |
SSL_CTX_get_default_passwd_cb_userdata \ |
| 930 |
+ SSL_CTX_set_security_level \ |
|
| 930 | 931 |
X509_get0_pubkey \ |
| 931 | 932 |
X509_STORE_get0_objects \ |
| 932 | 933 |
X509_OBJECT_free \ |
| ... | ... |
@@ -386,7 +386,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) |
| 386 | 386 |
void |
| 387 | 387 |
tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) |
| 388 | 388 |
{
|
| 389 |
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000) |
|
| 389 |
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL |
|
| 390 | 390 |
/* OpenSSL does not have certificate profiles, but a complex set of |
| 391 | 391 |
* callbacks that we could try to implement to achieve something similar. |
| 392 | 392 |
* For now, use OpenSSL's security levels to achieve similar (but not equal) |