From 88a827f25cb4a79f06597ca438f8f04d37a03d4e Mon Sep 17 00:00:00 2001 From: Jeremie Courreges-Anglas Date: Sun, 19 Nov 2017 22:57:56 +0100 Subject: [PATCH] Fix build with LibreSSL Detect the presence of SSL_CTX_set_security_level(), don't check OPENSSL_VERSION_NUMBER. Signed-off-by: Jeremie Courreges-Anglas Acked-by: Steffan Karger Message-Id: <8760a6kjwc.fsf@ritchie.wxcvbn.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15902.html Signed-off-by: Gert Doering --- configure.ac | 1 + src/openvpn/ssl_openssl.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 7f2e34f2..acfddb22 100644 --- a/configure.ac +++ b/configure.ac @@ -927,6 +927,7 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then EVP_MD_CTX_reset \ SSL_CTX_get_default_passwd_cb \ SSL_CTX_get_default_passwd_cb_userdata \ + SSL_CTX_set_security_level \ X509_get0_pubkey \ X509_STORE_get0_objects \ X509_OBJECT_free \ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index de89cb13..b782946e 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -386,7 +386,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) void tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile) { -#if (OPENSSL_VERSION_NUMBER >= 0x10100000) +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL /* OpenSSL does not have certificate profiles, but a complex set of * callbacks that we could try to implement to achieve something similar. * For now, use OpenSSL's security levels to achieve similar (but not equal)