From: Selva Nair <selva.n...@gmail.com>
- This codepath uses some openssl-1.1 specific API and is enabled only
for openssl 1.1 and higher versions. But, due to incompatible
version numbering in libressl, it gets wrongly enabled with libressl
versions that do not support the reqired API. As an easy workaround
disable the feature when LIBRESSL_VERSION_NUMBER is defined.
Signed-off-by: Selva Nair <selva.n...@gmail.com>
---
Caution: Only partially compile tested on freebsd 11 + libressl 2.6.4
due to other conflicts with that version of libressl.
src/openvpn/ssl_openssl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 56b12b7..d91458b 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1159,7 +1159,7 @@ err:
return 0;
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC)
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) &&
!defined(LIBRESSL_VERSION_NUMBER)
/* called when EC_KEY is destroyed */
static void
@@ -1307,7 +1307,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
goto err;
}
}
-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC)
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) &&
!defined(LIBRESSL_VERSION_NUMBER)
else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
{
if (!tls_ctx_use_external_ec_key(ctx, pkey))
--
2.1.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
