[mod_openssl] update LIBRESSL_VERSION_NUMBER check

2021-01-11 12:40:06 -05:00 · 2021-01-11 12:40:06 -05:00 · 3adbb3e3fa
parent 0b4733f244
commit 3adbb3e3fa
1 changed files with 7 additions and 4 deletions
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@ -1066,11 +1066,13 @@ mod_openssl_cert_cb (SSL *ssl, void *arg)
    }

  #if OPENSSL_VERSION_NUMBER >= 0x10002000 \
-   && !defined(LIBRESSL_VERSION_NUMBER)
-    /* libressl >= 0x3000000fL has SSL_set1_chain(), but not other APIs below)*/
+   && (!defined(LIBRESSL_VERSION_NUMBER) \
+       || LIBRESSL_VERSION_NUMBER >= 0x3000000fL)
    if (pc->ssl_pemfile_chain)
        SSL_set1_chain(ssl, pc->ssl_pemfile_chain);
-   #ifndef BORINGSSL_API_VERSION /* BoringSSL limitation */
+   #if defined(BORINGSSL_API_VERSION) \
+    || defined(LIBRESSL_VERSION_NUMBER)
+    /* (missing SSL_set1_chain_cert_store() and SSL_build_cert_chain()) */
    else if (hctx->conf.ssl_ca_file) {
        /* preserve legacy behavior whereby openssl will reuse CAs trusted for
         * certificate verification (set by SSL_CTX_load_verify_locations() in
@ -1921,7 +1923,8 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)

 #ifndef OPENSSL_NO_DH
 #if OPENSSL_VERSION_NUMBER < 0x10100000L \
- || defined(LIBRESSL_VERSION_NUMBER)
+ || (defined(LIBRESSL_VERSION_NUMBER) \
+     && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 #define DH_set0_pqg(dh, dh_p, NULL, dh_g) \
        ((dh)->p = (dh_p), (dh)->g = (dh_g), (dh_p) != NULL && (dh_g) != NULL)
 #endif