1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
--- vio/viosslfactories.cc.orig 2023-06-21 07:52:10 UTC
+++ vio/viosslfactories.cc
@@ -45,6 +45,7 @@
#include <dh_ecdh_config.h>
#include "my_openssl_fips.h"
+#include "openssl/crypto.h"
#define TLS_VERSION_OPTION_SIZE 256
/*
@@ -422,7 +423,7 @@ long process_tls_version(const char *tls_version) {
const char *separator = ",";
char *token, *lasts = nullptr;
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
const char *tls_version_name_list[] = {"TLSv1.2", "TLSv1.3"};
const char ctx_flag_default[] = "TLSv1.2,TLSv1.3";
const long tls_ctx_list[] = {SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3};
@@ -494,7 +495,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) &
(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
| SSL_OP_NO_TLSv1_3
#endif /* HAVE_TLSv13 */
| SSL_OP_NO_TICKET);
@@ -503,7 +504,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
return nullptr;
if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ?
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
TLS_client_method()
: TLS_server_method()
#else /* HAVE_TLSv13 */
@@ -518,7 +519,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
return nullptr;
}
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
/*
Set OpenSSL TLS v1.3 ciphersuites.
Note that an empty list is permissible.
|
