diff --git a/src/sslhelper.c b/src/sslhelper.c index 04c2e27..fb9daa6 100644 --- a/src/sslhelper.c +++ b/src/sslhelper.c @@ -803,7 +803,7 @@ static int pem_passwd_callback(char *buf, int size, int rwflag, static int crl_callback(X509_STORE_CTX *callback_ctx) { const ASN1_INTEGER *revoked_serial; X509_STORE_CTX *store_ctx; -#if OPENSSL_VERSION_NUMBER > 0x10100000L +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT *obj; #else X509_OBJECT obj; @@ -829,7 +829,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { * the current certificate in order to verify it's integrity. */ store_ctx = X509_STORE_CTX_new(); X509_STORE_CTX_init(store_ctx, revocation_store, NULL, NULL); -#if OPENSSL_VERSION_NUMBER > 0x10100000L +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) obj = X509_OBJECT_new(); rc=X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); crl = X509_OBJECT_get0_X509_CRL(obj); @@ -865,7 +865,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { rfbLog("Invalid signature on CRL\n"); X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT_free(obj); #else X509_OBJECT_free_contents(&obj); @@ -883,7 +883,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { rfbLog("Found CRL has invalid nextUpdate field\n"); X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT_free(obj); #else X509_OBJECT_free_contents(&obj); @@ -894,14 +894,14 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { rfbLog("Found CRL is expired - " "revoking all certificates until you get updated CRL\n"); X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT_free(obj); #else X509_OBJECT_free_contents(&obj); #endif return 0; /* Reject connection */ } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT_free(obj); #else X509_OBJECT_free_contents(&obj); @@ -912,7 +912,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { * the current certificate in order to check for revocation. */ store_ctx = X509_STORE_CTX_new(); X509_STORE_CTX_init(store_ctx, revocation_store, NULL, NULL); -#if OPENSSL_VERSION_NUMBER > 0x10100000L +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) obj = X509_OBJECT_new(); rc=X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); crl = X509_OBJECT_get0_X509_CRL(obj); @@ -942,7 +942,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { "revoked per CRL from issuer %s\n", serial, serial, cp); OPENSSL_free(cp); X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT_free(obj); #else X509_OBJECT_free_contents(&obj); @@ -950,7 +950,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) { return 0; /* Reject connection */ } } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) X509_OBJECT_free(obj); #else X509_OBJECT_free_contents(&obj); @@ -1596,7 +1596,7 @@ static int switch_to_anon_dh(void) { if (ssl_client_mode) { return 1; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) /* Security level must be set to 0 for unauthenticated suites. */ SSL_CTX_set_security_level(ctx, 0); #endif