1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
--- vio/viosslfactories.c
+++ vio/viosslfactories.c
@@ -123,21 +123,19 @@ static DH *get_dh2048(void)
DH *dh;
if ((dh=DH_new()))
{
- BIGNUM *p= BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
- BIGNUM *g= BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
- if (!p || !g
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- || !DH_set0_pqg(dh, p, NULL, g)
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
- ) {
- /* DH_free() will free 'p' and 'g' at once. */
+ BIGNUM *p = BN_bin2bn(dh2048_p,sizeof(dh2048_p), NULL);
+ BIGNUM *g = BN_bin2bn(dh2048_g,sizeof(dh2048_g), NULL);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ dh->p=p;
+ dh->g=g;
+ if (! dh->p || ! dh->g)
+#else
+ if (!DH_set0_pqg(dh, p, NULL, g))
+#endif
+ {
DH_free(dh);
- return NULL;
+ dh = NULL;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- dh->p= p;
- dh->g= g;
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
}
return(dh);
}
@@ -503,7 +501,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
struct st_VioSSLFd *ssl_fd;
/* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */
long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
| SSL_OP_NO_TLSv1_3
#endif /* HAVE_TLSv13 */
;
@@ -536,7 +534,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
SSL_OP_NO_TLSv1 |
SSL_OP_NO_TLSv1_1
| SSL_OP_NO_TLSv1_2
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
| SSL_OP_NO_TLSv1_3
#endif /* HAVE_TLSv13 */
| SSL_OP_NO_TICKET
@@ -559,7 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
/*
MySQL 5.7 doesn't support TLSv1.3 - set empty TLSv1.3 ciphersuites.
*/
|
