LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the

feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit a4c8c827 with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.

diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index 911dbb61a6b95bcba6d8ac06d1b3cfe159dfa5fa..874c5bf11ee4e94695e6e8b35ef9adcdf3c6bae2 100644 (file)
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -307,7 +307,7 @@ rb_init_ssl(void)
        SSL_library_init();
        libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);
 
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
        ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
 #else
        ssl_server_ctx = SSL_CTX_new(TLS_server_method());
@@ -322,7 +322,7 @@ rb_init_ssl(void)
 
        long server_options = SSL_CTX_get_options(ssl_server_ctx);
 
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
        server_options |= SSL_OP_NO_SSLv2;
        server_options |= SSL_OP_NO_SSLv3;
 #endif
@@ -356,7 +356,7 @@ rb_init_ssl(void)
                }
        #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
        ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
 #else
        ssl_client_ctx = SSL_CTX_new(TLS_client_method());