mod_ssl, ab: compatibility with LibreSSL. PR 61184.

LibreSSL defines OPENSSL_VERSION_NUMBER = 2.0, but is not compatible with all of the latest OpenSSL 1.1 API. Address this by defining MODSSL_USE_OPENSSL_PRE_1_1_API which is true for anything but OpenSSL >= 1.1 (for now). Proposed by: Bernard Spil <brnrd freebsd.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1803396 13f79535-47bb-0310-9956-ffa450edef68
author: Yann Ylavic <ylavic@apache.org> 2017-07-30 01:05:02 +0200
committer: Yann Ylavic <ylavic@apache.org> 2017-07-30 01:05:02 +0200
commit: 31a410365282e05a491d7ede075315514db7587d (patch)
tree: 31b8be774ef0fe711192287c0f6a2dc9299f0943 /modules/ssl/ssl_private.h
parent: mod_ssl: we can't use SSL_COMP_free_compression_methods() if OPENSSL_NO_COMP (diff)
download: apache2-31a410365282e05a491d7ede075315514db7587d.tar.xz
apache2-31a410365282e05a491d7ede075315514db7587d.zip
1 files changed, 23 insertions, 6 deletions
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index b41e737f75..9d10c76104 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -123,6 +123,25 @@
 #define MODSSL_SSL_METHOD_CONST
 #endif
 
+#if defined(LIBRESSL_VERSION_NUMBER)
+/* Missing from LibreSSL */
+#if LIBRESSL_VERSION_NUMBER < 0x2060000f
+#define SSL_CTRL_SET_MIN_PROTO_VERSION          123
+#define SSL_CTRL_SET_MAX_PROTO_VERSION          124
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#endif
+/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
+ * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
+ * we have to work around this...
+ */
+#define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
+#else
+#define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#endif
+
 #if defined(OPENSSL_FIPS)
 #define HAVE_FIPS
 #endif
@@ -136,7 +155,7 @@
 #endif
 
 /* session id constness */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if MODSSL_USE_OPENSSL_PRE_1_1_API
 #define IDCONST
 #else
 #define IDCONST const
@@ -199,7 +218,7 @@
 
 #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if MODSSL_USE_OPENSSL_PRE_1_1_API
 #define BN_get_rfc2409_prime_768   get_rfc2409_prime_768
 #define BN_get_rfc2409_prime_1024  get_rfc2409_prime_1024
 #define BN_get_rfc3526_prime_1536  get_rfc3526_prime_1536
@@ -219,7 +238,7 @@ void init_bio_methods(void);
 void free_bio_methods(void);
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_STORE_CTX_get0_store(x) (x->ctx)
 #endif
 
@@ -931,10 +950,8 @@ void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
 char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
                                  const char * const *);
 BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
-#if APR_HAS_THREADS
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API
 void         ssl_util_thread_setup(apr_pool_t *);
-#endif
 void         ssl_util_thread_id_setup(apr_pool_t *);
 #endif
 int          ssl_init_ssl_connection(conn_rec *c, request_rec *r);
author	Yann Ylavic <ylavic@apache.org>	2017-07-30 01:05:02 +0200
committer	Yann Ylavic <ylavic@apache.org>	2017-07-30 01:05:02 +0200
commit	31a410365282e05a491d7ede075315514db7587d (patch)
tree	31b8be774ef0fe711192287c0f6a2dc9299f0943 /modules/ssl/ssl_private.h
parent	mod_ssl: we can't use SSL_COMP_free_compression_methods() if OPENSSL_NO_COMP (diff)
download	apache2-31a410365282e05a491d7ede075315514db7587d.tar.xz apache2-31a410365282e05a491d7ede075315514db7587d.zip