summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakise-homura <akemi_homura@kurisa.ch>2022-06-22 19:45:50 (GMT)
committerBrad King <brad.king@kitware.com>2022-06-28 15:12:04 (GMT)
commitde16db0f646a1d06fca813761337f62332a9f7ca (patch)
treeaf6b89615f38f3db8651a4c78fe7dc31d60e30fc
parent31cbe200f3f047a5e62fb851a2757f39dbf05c78 (diff)
downloadCMake-de16db0f646a1d06fca813761337f62332a9f7ca.zip
CMake-de16db0f646a1d06fca813761337f62332a9f7ca.tar.gz
CMake-de16db0f646a1d06fca813761337f62332a9f7ca.tar.bz2
curl: make libcmcurl buildable with old LibreSSL
LibreSSL older than 2.6.0 is not supported correctly in upstream curl, and as a consequence, in libcmcurl. Such LibreSSL versions can be used in old distros, like OS Elbrus 4.x and 5.x, so until this fix, CMake wasn't buildable there either.
-rw-r--r--Utilities/cmcurl/lib/vtls/openssl.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/Utilities/cmcurl/lib/vtls/openssl.c b/Utilities/cmcurl/lib/vtls/openssl.c
index 635e9c1..5d1203b 100644
--- a/Utilities/cmcurl/lib/vtls/openssl.c
+++ b/Utilities/cmcurl/lib/vtls/openssl.c
@@ -217,8 +217,10 @@
* BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30)
* LibreSSL: since 2.5.3 (April 12, 2017)
*/
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) || \
- defined(OPENSSL_IS_BORINGSSL)
+#if ((OPENSSL_VERSION_NUMBER >= 0x10002000L) && \
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER < 0x20503000L)) || \
+ defined(OPENSSL_IS_BORINGSSL)
#define HAVE_SSL_CTX_SET_EC_CURVES
#endif
@@ -2282,6 +2284,14 @@ static void ossl_trace(int direction, int ssl_ver, int content_type,
# define HAS_NPN 1
#endif
+/* Check for OpenSSL 1.1.0 which has set_{min,max}_proto_version(). */
+#undef HAS_MODERN_SET_PROTO_VER
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
+ && !(defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER < 0x20600000L)
+# define HAS_MODERN_SET_PROTO_VER 1
+#endif
+
#ifdef HAS_NPN
/*
@@ -2340,7 +2350,7 @@ select_next_proto_cb(SSL *ssl,
}
#endif /* HAS_NPN */
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
+#ifdef HAS_MODERN_SET_PROTO_VER
static CURLcode
set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
{
@@ -2424,7 +2434,7 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
return CURLE_OK;
}
-#endif
+#endif /* HAS_MODERN_SET_PROTO_VER */
#ifdef OPENSSL_IS_BORINGSSL
typedef uint32_t ctx_option_t;
@@ -2434,7 +2444,7 @@ typedef uint64_t ctx_option_t;
typedef long ctx_option_t;
#endif
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
+#if !defined(HAS_MODERN_SET_PROTO_VER)
static CURLcode
set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
struct Curl_easy *data,
@@ -2509,7 +2519,7 @@ set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
}
return CURLE_OK;
}
-#endif
+#endif /* ! HAS_MODERN_SET_PROTO_VER */
/* The "new session" callback must return zero if the session can be removed
* or non-zero if the session has been put into the session cache.
@@ -2813,7 +2823,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
+#if HAS_MODERN_SET_PROTO_VER /* 1.1.0 */
result = set_ssl_version_min_max(backend->ctx, conn);
#else
result = set_ssl_version_min_max_legacy(&ctx_options, data, conn,