1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
diff -Naur stunnel-5.48.orig/src/common.h stunnel-5.48/src/common.h
--- stunnel-5.48.orig/src/common.h 2018-06-08 13:30:15.000000000 -0400
+++ stunnel-5.48/src/common.h 2018-07-08 22:23:00.527131463 -0400
@@ -446,7 +446,7 @@
#define OPENSSL_NO_TLS1_2
#endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#ifndef OPENSSL_NO_SSL2
#define OPENSSL_NO_SSL2
#endif /* !defined(OPENSSL_NO_SSL2) */
@@ -473,7 +473,7 @@
#include <openssl/des.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
#endif /* OpenSSL older than 1.1.0 */
#endif /* !defined(OPENSSL_NO_DH) */
diff -Naur stunnel-5.48.orig/src/ctx.c stunnel-5.48/src/ctx.c
--- stunnel-5.48.orig/src/ctx.c 2018-07-02 17:30:10.000000000 -0400
+++ stunnel-5.48/src/ctx.c 2018-07-08 22:23:00.527131463 -0400
@@ -311,7 +311,7 @@
#ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
return ctx->cipher_list;
}
@@ -414,7 +414,7 @@
/**************************************** initialize OpenSSL CONF */
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CONF_CTX *cctx;
NAME_LIST *curr;
char *cmd, *param;
diff -Naur stunnel-5.48.orig/src/options.c stunnel-5.48/src/options.c
--- stunnel-5.48.orig/src/options.c 2018-07-02 17:30:26.000000000 -0400
+++ stunnel-5.48/src/options.c 2018-07-08 22:23:00.527131463 -0400
@@ -4215,7 +4215,7 @@
}
#endif
/* engines can add new algorithms */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|
OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#else
diff -Naur stunnel-5.48.orig/src/ssl.c stunnel-5.48/src/ssl.c
--- stunnel-5.48.orig/src/ssl.c 2018-04-06 10:25:10.000000000 -0400
+++ stunnel-5.48/src/ssl.c 2018-07-08 22:23:00.527131463 -0400
@@ -52,7 +52,7 @@
int index_session_authenticated, index_session_connect_address;
int ssl_init(void) { /* init TLS before parsing configuration file */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
#else
@@ -88,7 +88,7 @@
}
#ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
* to be linked against the older versions */
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
diff -Naur stunnel-5.48.orig/src/verify.c stunnel-5.48/src/verify.c
--- stunnel-5.48.orig/src/verify.c 2018-07-02 17:30:10.000000000 -0400
+++ stunnel-5.48/src/verify.c 2018-07-08 22:23:00.531131344 -0400
@@ -51,7 +51,7 @@
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
NOEXPORT int cert_check_local(X509_STORE_CTX *);
@@ -285,7 +285,7 @@
}
if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
if(!cert_check_subject(c, callback_ctx))
return 0; /* reject */
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -296,7 +296,7 @@
return 1; /* accept */
}
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
NAME_LIST *ptr;
@@ -346,7 +346,7 @@
cert=X509_STORE_CTX_get_current_cert(callback_ctx);
subject=X509_get_subject_name(cert);
-#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
#endif
/* modern API allows retrieving multiple matching certificates */
|
GitWeb