diff --git a/src/global/mail_params.h b/src/global/mail_params.h index a6119f1b..e437b9cd 100644 --- a/src/global/mail_params.h +++ b/src/global/mail_params.h @@ -19,7 +19,7 @@ typedef int bool; #ifdef USE_TLS #include /* OPENSSL_VERSION_NUMBER */ #include /* SN_* and NID_* macros */ -#if OPENSSL_VERSION_NUMBER < 0x1000200fUL +#if OPENSSL_VERSION_NUMBER < 0x1010101fUL && !defined(LIBRESSL_VERSION_NUMBER) #error "OpenSSL releases prior to 1.0.2 are no longer supported" #endif #endif diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c index c142d43f..ee894327 100644 --- a/src/posttls-finger/posttls-finger.c +++ b/src/posttls-finger/posttls-finger.c @@ -1673,7 +1673,8 @@ static int finger(STATE *state) return (0); } -#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(USE_TLS) && \ + ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) /* ssl_cleanup - free memory allocated in the OpenSSL library */ @@ -2156,7 +2157,8 @@ int main(int argc, char *argv[]) cleanup(&state); /* OpenSSL 1.1.0 and later (de)initialization is implicit */ -#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(USE_TLS) && \ + ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) ssl_cleanup(); #endif diff --git a/src/tls/tls.h b/src/tls/tls.h index 2a8cc119..4c8dff11 100644 --- a/src/tls/tls.h +++ b/src/tls/tls.h @@ -84,12 +84,12 @@ extern const char *str_tls_level(int); #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER) #define ssl_comp_stack_t STACK_OF(SSL_COMP) -#if (OPENSSL_VERSION_NUMBER < 0x1000200fUL) +#if (OPENSSL_VERSION_NUMBER < 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER)) #error "OpenSSL releases prior to 1.0.2 are no longer supported" #endif /* Backwards compatibility with OpenSSL < 1.1.0 */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define OpenSSL_version_num SSLeay #define OpenSSL_version SSLeay_version #define OPENSSL_VERSION SSLEAY_VERSION @@ -106,13 +106,16 @@ extern const char *str_tls_level(int); #define ASN1_STRING_get0_data ASN1_STRING_data #define X509_getm_notBefore X509_get_notBefore #define X509_getm_notAfter X509_get_notAfter +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define TLS_method SSLv23_method #define TLS_client_method SSLv23_client_method #define TLS_server_method SSLv23_server_method #endif /* Backwards compatibility with OpenSSL < 1.1.1 */ -#if OPENSSL_VERSION_NUMBER < 0x1010100fUL +#if OPENSSL_VERSION_NUMBER < 0x1010100fUL || defined(LIBRESSL_VERSION_NUMBER) #define SSL_CTX_set_num_tickets(ctx, num) ((void)0) #endif @@ -124,7 +127,7 @@ extern const char *str_tls_level(int); * SSL_get_peer_tmp_key(), with the original name left behind as an alias. We * use the new name when available. */ -#if OPENSSL_VERSION_NUMBER < 0x1010101fUL +#if OPENSSL_VERSION_NUMBER < 0x1010101fUL || defined(LIBRESSL_VERSION_NUMBER) #undef SSL_get_signature_nid #define SSL_get_signature_nid(ssl, pnid) (NID_undef) #define tls_get_peer_dh_pubkey SSL_get_server_tmp_key diff --git a/src/tls/tls_certkey.c b/src/tls/tls_certkey.c index be8d4700..27a039c0 100644 --- a/src/tls/tls_certkey.c +++ b/src/tls/tls_certkey.c @@ -149,7 +149,7 @@ static void init_pem_load_state(pem_load_state_t *st, SSL_CTX *ctx, SSL *ssl, /* use_chain - load cert, key and chain into ctx or ssl */ -#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL +#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && !defined(LIBRESSL_VERSION_NUMBER) static int use_chain(pem_load_state_t *st) { int ret; @@ -697,7 +697,7 @@ int main(int argc, char *argv[]) char *key_file = 0; SSL_CTX *ctx; -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must diff --git a/src/tls/tls_client.c b/src/tls/tls_client.c index 135cea4b..955c5340 100644 --- a/src/tls/tls_client.c +++ b/src/tls/tls_client.c @@ -333,7 +333,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must @@ -410,7 +410,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) SSL_CTX_set_options(client_ctx, off); /* Enable all supported protocols */ -#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL +#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL && !defined(LIBRESSL_VERSION_NUMBER) SSL_CTX_set_min_proto_version(client_ctx, 0); #endif @@ -473,7 +473,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * According to the OpenSSL documentation, temporary RSA key is needed diff --git a/src/tls/tls_dane.c b/src/tls/tls_dane.c index 013426b1..5cbb74e3 100644 --- a/src/tls/tls_dane.c +++ b/src/tls/tls_dane.c @@ -2006,7 +2006,7 @@ static SSL_CTX *ctx_init(const char *CAfile) tls_param_init(); tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings(); SSL_library_init(); #endif diff --git a/src/tls/tls_dh.c b/src/tls/tls_dh.c index 70db8e9d..727e3a80 100644 --- a/src/tls/tls_dh.c +++ b/src/tls/tls_dh.c @@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx, const char *configured) * This is a NOP in OpenSSL 1.1.0 and later, where curves are always * auto-negotiated. */ -#if OPENSSL_VERSION_NUMBER < 0x10100000UL +#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER) if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) { msg_warn("failed to enable automatic ECDHE curve selection"); tls_print_errors(); diff --git a/src/tls/tls_rsa.c b/src/tls/tls_rsa.c index 67f2a2ee..c6a759e8 100644 --- a/src/tls/tls_rsa.c +++ b/src/tls/tls_rsa.c @@ -57,7 +57,7 @@ /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */ @@ -103,7 +103,7 @@ int main(int unused_argc, char *const argv[]) /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) RSA *rsa; msg_vstream_init(argv[0], VSTREAM_ERR); diff --git a/src/tls/tls_server.c b/src/tls/tls_server.c index 25d85ec7..b134d50d 100644 --- a/src/tls/tls_server.c +++ b/src/tls/tls_server.c @@ -167,7 +167,7 @@ static const char server_session_id_context[] = "Postfix/TLS"; #define GET_SID(s, v, lptr) ((v) = SSL_SESSION_get_id((s), (lptr))) /* OpenSSL 1.1.0 bitrot */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) typedef const unsigned char *session_id_t; #else @@ -370,7 +370,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must @@ -487,7 +487,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) * incomplete. */ #ifdef SSL_OP_NO_TICKET -#ifndef OPENSSL_NO_TLSEXT +#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL && !defined(LIBRESSL_VERSION_NUMBER) ticketable = (*var_tls_tkt_cipher && scache_timeout > 0 && !(off & SSL_OP_NO_TICKET)); if (ticketable) { @@ -528,7 +528,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) SSL_CTX_set_options(server_ctx, off); /* Enable all supported protocols */ -#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL +#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL && !defined(LIBRESSL_VERSION_NUMBER) SSL_CTX_set_min_proto_version(server_ctx, 0); SSL_CTX_set_min_proto_version(sni_ctx, 0); #endif @@ -616,7 +616,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * According to OpenSSL documentation, a temporary RSA key is needed when