diff -Naur stunnel-5.30.orig/src/ctx.c stunnel-5.30/src/ctx.c --- stunnel-5.30.orig/src/ctx.c 2016-01-15 16:45:23.000000000 +0000 +++ stunnel-5.30/src/ctx.c 2016-05-14 15:16:47.392859450 +0000 @@ -359,7 +359,7 @@ /**************************************** initialize OpenSSL CONF */ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) SSL_CONF_CTX *cctx; NAME_LIST *curr; char *cmd, *param; diff -Naur stunnel-5.30.orig/src/verify.c stunnel-5.30/src/verify.c --- stunnel-5.30.orig/src/verify.c 2016-01-15 16:45:23.000000000 +0000 +++ stunnel-5.30/src/verify.c 2016-05-14 15:16:10.369860180 +0000 @@ -51,7 +51,7 @@ NOEXPORT int verify_callback(int, X509_STORE_CTX *); NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ NOEXPORT int cert_check_local(X509_STORE_CTX *); @@ -280,7 +280,7 @@ } if(depth==0) { /* additional peer certificate checks */ -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) if(!cert_check_subject(c, callback_ctx)) return 0; /* reject */ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ @@ -291,7 +291,7 @@ return 1; /* accept */ } -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); NAME_LIST *ptr; diff --git a/src/common.h b/src/common.h index 93f165e..491d9de 100644 --- a/src/common.h +++ b/src/common.h @@ -448,7 +448,7 @@ extern char *sys_errlist[]; #define OPENSSL_NO_TLS1_2 #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) #ifndef OPENSSL_NO_SSL2 #define OPENSSL_NO_SSL2 #endif /* !defined(OPENSSL_NO_SSL2) */ @@ -474,7 +474,7 @@ extern char *sys_errlist[]; #include #ifndef OPENSSL_NO_DH #include -#if OPENSSL_VERSION_NUMBER<0x10100000L +#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); #endif /* OpenSSL older than 1.1.0 */ #endif /* !defined(OPENSSL_NO_DH) */ diff --git a/src/prototypes.h b/src/prototypes.h index 303ff77..ae22598 100644 --- a/src/prototypes.h +++ b/src/prototypes.h @@ -664,13 +664,13 @@ typedef enum { #endif /* OPENSSL_NO_DH */ STUNNEL_LOCKS /* number of locks */ } LOCK_TYPE; -#if OPENSSL_VERSION_NUMBER < 0x10100004L +#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) typedef int STUNNEL_RWLOCK; #else typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK; #endif extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; -#if OPENSSL_VERSION_NUMBER>=0x10100004L +#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type) #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type) #else diff --git a/src/ssl.c b/src/ssl.c index a7af7e6..1483734 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *); int index_cli, index_opt, index_redirect, index_addr; int ssl_init(void) { /* init TLS before parsing configuration file */ -#if OPENSSL_VERSION_NUMBER>=0x10100000L +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); #else @@ -83,7 +83,7 @@ int ssl_init(void) { /* init TLS before parsing configuration file */ } #ifndef OPENSSL_NO_DH -#if OPENSSL_VERSION_NUMBER<0x10100000L +#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 * to be linked against the older versions */ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { diff --git a/src/sthreads.c b/src/sthreads.c index 59c24a2..04fb256 100644 --- a/src/sthreads.c +++ b/src/sthreads.c @@ -47,7 +47,7 @@ STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; #endif -#if OPENSSL_VERSION_NUMBER<0x10100004L +#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() #endif diff --git a/src/verify.c b/src/verify.c index ac1c3ee..3e3bda4 100644 --- a/src/verify.c +++ b/src/verify.c @@ -348,7 +348,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { cert=X509_STORE_CTX_get_current_cert(callback_ctx); subject=X509_get_subject_name(cert); -#if OPENSSL_VERSION_NUMBER>=0x10000000L +#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) #if OPENSSL_VERSION_NUMBER<0x10100006L #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs #endif