diff options
author | makise-homura <akemi_homura@kurisa.ch> | 2022-06-22 19:45:50 (GMT) |
---|---|---|
committer | Brad King <brad.king@kitware.com> | 2022-06-28 15:12:04 (GMT) |
commit | de16db0f646a1d06fca813761337f62332a9f7ca (patch) | |
tree | af6b89615f38f3db8651a4c78fe7dc31d60e30fc | |
parent | 31cbe200f3f047a5e62fb851a2757f39dbf05c78 (diff) | |
download | CMake-de16db0f646a1d06fca813761337f62332a9f7ca.zip CMake-de16db0f646a1d06fca813761337f62332a9f7ca.tar.gz CMake-de16db0f646a1d06fca813761337f62332a9f7ca.tar.bz2 |
curl: make libcmcurl buildable with old LibreSSL
LibreSSL older than 2.6.0 is not supported correctly
in upstream curl, and as a consequence, in libcmcurl.
Such LibreSSL versions can be used in old distros,
like OS Elbrus 4.x and 5.x, so until this fix, CMake
wasn't buildable there either.
-rw-r--r-- | Utilities/cmcurl/lib/vtls/openssl.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/Utilities/cmcurl/lib/vtls/openssl.c b/Utilities/cmcurl/lib/vtls/openssl.c index 635e9c1..5d1203b 100644 --- a/Utilities/cmcurl/lib/vtls/openssl.c +++ b/Utilities/cmcurl/lib/vtls/openssl.c @@ -217,8 +217,10 @@ * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30) * LibreSSL: since 2.5.3 (April 12, 2017) */ -#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) || \ - defined(OPENSSL_IS_BORINGSSL) +#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && \ + !(defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER < 0x20503000L)) || \ + defined(OPENSSL_IS_BORINGSSL) #define HAVE_SSL_CTX_SET_EC_CURVES #endif @@ -2282,6 +2284,14 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, # define HAS_NPN 1 #endif +/* Check for OpenSSL 1.1.0 which has set_{min,max}_proto_version(). */ +#undef HAS_MODERN_SET_PROTO_VER +#if OPENSSL_VERSION_NUMBER >= 0x10100000L \ + && !(defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER < 0x20600000L) +# define HAS_MODERN_SET_PROTO_VER 1 +#endif + #ifdef HAS_NPN /* @@ -2340,7 +2350,7 @@ select_next_proto_cb(SSL *ssl, } #endif /* HAS_NPN */ -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */ +#ifdef HAS_MODERN_SET_PROTO_VER static CURLcode set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) { @@ -2424,7 +2434,7 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) return CURLE_OK; } -#endif +#endif /* HAS_MODERN_SET_PROTO_VER */ #ifdef OPENSSL_IS_BORINGSSL typedef uint32_t ctx_option_t; @@ -2434,7 +2444,7 @@ typedef uint64_t ctx_option_t; typedef long ctx_option_t; #endif -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */ +#if !defined(HAS_MODERN_SET_PROTO_VER) static CURLcode set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, struct Curl_easy *data, @@ -2509,7 +2519,7 @@ set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, } return CURLE_OK; } -#endif +#endif /* ! HAS_MODERN_SET_PROTO_VER */ /* The "new session" callback must return zero if the session can be removed * or non-zero if the session has been put into the session cache. @@ -2813,7 +2823,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */ +#if HAS_MODERN_SET_PROTO_VER /* 1.1.0 */ result = set_ssl_version_min_max(backend->ctx, conn); #else result = set_ssl_version_min_max_legacy(&ctx_options, data, conn, |