Compile with libressl 2.7.2

5db17d0a · Tatsuhiro Tsujikawa · 1bf69b56 · 5db17d0a · 5db17d0a · 5db17d0a
Commit 5db17d0a authored Apr 14, 2018 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 14 deletions

src/shrpx_connection.cc src/shrpx_connection.cc +2 -2

src/shrpx_tls.cc src/shrpx_tls.cc +12 -12

src/ssl_compat.h src/ssl_compat.h +2 -0

No files found.
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@@ -44,13 +44,13 @@ using namespace nghttp2;

 namespace shrpx {

-#if !OPENSSL_1_1_API
+#if !LIBRESSL_2_7_API && !OPENSSL_1_1_API

 void *BIO_get_data(BIO *bio) { return bio->ptr; }
 void BIO_set_data(BIO *bio, void *ptr) { bio->ptr = ptr; }
 void BIO_set_init(BIO *bio, int init) { bio->init = init; }

-#endif // !OPENSSL_1_1_API
+#endif // !LIBRESSL_2_7_API && !OPENSSL_1_1_API

 Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl,
                       MemchunkPool *mcpool, ev_tstamp write_timeout,

--- a/src/shrpx_tls.cc
+++ b/src/shrpx_tls.cc
@@ -565,7 +565,7 @@ int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
 } // namespace
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L

-#if !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L

 #ifndef TLSEXT_TYPE_signed_certificate_timestamp
 #define TLSEXT_TYPE_signed_certificate_timestamp 18
@@ -655,9 +655,9 @@ int legacy_sct_parse_cb(SSL *ssl, unsigned int ext_type,
 } // namespace

 #endif // !OPENSSL_1_1_1_API
-#endif // !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L

-#if !LIBRESSL_LEGACY_API
+#ifndef OPENSSL_NO_PSK
 namespace {
 unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
                           unsigned int max_psk_len) {
@@ -681,9 +681,9 @@ unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
  return static_cast<unsigned int>(secret.size());
 }
 } // namespace
-#endif // !LIBRESSL_LEGACY_API
+#endif // !OPENSSL_NO_PSK

-#if !LIBRESSL_LEGACY_API
+#ifndef OPENSSL_NO_PSK
 namespace {
 unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
                           unsigned int max_identity_len, unsigned char *psk,
@@ -716,7 +716,7 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
  return static_cast<unsigned int>(secret.size());
 }
 } // namespace
-#endif // !LIBRESSL_LEGACY_API
+#endif // !OPENSSL_NO_PSK

 struct TLSProtocol {
  StringRef name;
@@ -933,7 +933,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
  SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L

-#if !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
  // SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp)
  // returns 1, which means OpenSSL internally handles it.  But
  // OpenSSL handles signed_certificate_timestamp extension specially,
@@ -964,11 +964,11 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
    }
 #endif // !OPENSSL_1_1_1_API
  }
-#endif // !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L

-#if !LIBRESSL_LEGACY_API
+#ifndef OPENSSL_NO_PSK
  SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
-#endif // !LIBRESSL_LEGACY_API
+#endif // !LIBRESSL_NO_PSK

  auto tls_ctx_data = new TLSContextData();
  tls_ctx_data->cert_file = cert_file;
@@ -1116,9 +1116,9 @@ SSL_CTX *create_ssl_client_context(
 #endif // HAVE_NEVERBLEED
  }

-#if !LIBRESSL_LEGACY_API
+#ifndef OPENSSL_NO_PSK
  SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
-#endif // !LIBRESSL_LEGACY_API
+#endif // !OPENSSL_NO_PSK

  // NPN selection callback.  This is required to set SSL_CTX because
  // OpenSSL does not offer SSL_set_next_proto_select_cb.

--- a/src/ssl_compat.h
+++ b/src/ssl_compat.h
@@ -29,11 +29,13 @@
 #if defined(LIBRESSL_VERSION_NUMBER)
 #define OPENSSL_1_1_API 0
 #define OPENSSL_1_1_1_API 0
+#define LIBRESSL_IN_USE 1
 #define LIBRESSL_LEGACY_API (LIBRESSL_VERSION_NUMBER < 0x20700000L)
 #define LIBRESSL_2_7_API (LIBRESSL_VERSION_NUMBER >= 0x20700000L)
 #else // !defined(LIBRESSL_VERSION_NUMBER)
 #define OPENSSL_1_1_API (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 #define OPENSSL_1_1_1_API (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#define LIBRESSL_IN_USE 0
 #define LIBRESSL_LEGACY_API 0
 #define LIBRESSL_2_7_API 0
 #endif // !defined(LIBRESSL_VERSION_NUMBER)