99 lines
4 KiB
Diff
99 lines
4 KiB
Diff
--- src/http.c.orig
|
|
+++ src/http.c
|
|
@@ -1530,7 +1530,7 @@
|
|
return ret;
|
|
}
|
|
|
|
-# if OPENSSL_VERSION_NUMBER<0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
# define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))
|
|
# define BIO_set_init(_b,_init) ((_b)->init=(_init))
|
|
# define ASN1_STRING_get0_data ASN1_STRING_data
|
|
@@ -1538,7 +1538,7 @@
|
|
|
|
static int op_bio_retry_new(BIO *_b){
|
|
BIO_set_init(_b,1);
|
|
-# if OPENSSL_VERSION_NUMBER<0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
_b->num=0;
|
|
# endif
|
|
BIO_set_data(_b,NULL);
|
|
@@ -1549,7 +1549,7 @@
|
|
return _b!=NULL;
|
|
}
|
|
|
|
-# if OPENSSL_VERSION_NUMBER<0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
/*This is not const because OpenSSL doesn't allow it, even though it won't
|
|
write to it.*/
|
|
static BIO_METHOD op_bio_retry_method={
|
|
@@ -1570,7 +1570,7 @@
|
|
proxying https URL requests.*/
|
|
static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
|
|
OpusHTTPConn *_conn,op_sock _fd,SSL *_ssl_conn,BIO *_ssl_bio){
|
|
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
BIO_METHOD *bio_retry_method;
|
|
# endif
|
|
BIO *retry_bio;
|
|
@@ -1583,7 +1583,7 @@
|
|
ret=op_http_conn_write_fully(_conn,
|
|
_stream->proxy_connect.buf,_stream->proxy_connect.nbuf);
|
|
if(OP_UNLIKELY(ret<0))return ret;
|
|
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");
|
|
if(bio_retry_method==NULL)return OP_EFAULT;
|
|
BIO_meth_set_write(bio_retry_method,op_bio_retry_write);
|
|
@@ -1606,7 +1606,7 @@
|
|
/*This shouldn't succeed, since we can't read yet.*/
|
|
OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);
|
|
SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);
|
|
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
BIO_meth_free(bio_retry_method);
|
|
# endif
|
|
/*Only now do we disable write coalescing, to allow the CONNECT
|
|
@@ -1635,7 +1635,7 @@
|
|
return NULL;
|
|
}
|
|
|
|
-# if OPENSSL_VERSION_NUMBER<0x10002000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
/*Match a host name against a host with a possible wildcard pattern according
|
|
to the rules of RFC 6125 Section 6.4.3.
|
|
Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/
|
|
@@ -1893,7 +1893,7 @@
|
|
SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host);
|
|
# endif
|
|
skip_certificate_check=_stream->skip_certificate_check;
|
|
-# if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+# if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
/*As of version 1.0.2, OpenSSL can finally do hostname checks automatically.
|
|
Of course, they make it much more complicated than it needs to be.*/
|
|
if(!skip_certificate_check){
|
|
@@ -1956,13 +1956,13 @@
|
|
if(OP_UNLIKELY(ret<=0))return OP_FALSE;
|
|
ssl_session=_stream->ssl_session;
|
|
if(ssl_session==NULL
|
|
-# if OPENSSL_VERSION_NUMBER<0x10002000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
||!skip_certificate_check
|
|
# endif
|
|
){
|
|
ret=op_do_ssl_step(_ssl_conn,_fd,SSL_do_handshake);
|
|
if(OP_UNLIKELY(ret<=0))return OP_FALSE;
|
|
-# if OPENSSL_VERSION_NUMBER<0x10002000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
/*OpenSSL before version 1.0.2 does not do automatic hostname verification,
|
|
despite the fact that we just passed it the hostname above in the call
|
|
to SSL_set_tlsext_host_name().
|
|
@@ -2314,7 +2314,7 @@
|
|
/*Initialize the SSL library if necessary.*/
|
|
if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){
|
|
SSL_CTX *ssl_ctx;
|
|
-# if OPENSSL_VERSION_NUMBER<0x10100000L
|
|
+# if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
# if !defined(OPENSSL_NO_LOCKING)
|
|
/*The documentation says SSL_library_init() is not reentrant.
|
|
We don't want to add our own depenencies on a threading library, and it
|