From patchwork Sat Feb 23 07:02:41 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Strogin <stefan.strogin@gmail.com>
X-Patchwork-Id: 689
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director10.mail.ord1d.rsapps.net ([172.27.255.8])
	by backend30.mail.ord1d.rsapps.net with LMTP id 8HziNyyLcVzHBQAAIUCqbw
	for <patchwork@openvpn.net>; Sat, 23 Feb 2019 13:04:28 -0500
Received: from proxy6.mail.iad3a.rsapps.net ([172.27.255.8])
	by director10.mail.ord1d.rsapps.net with LMTP id yGxZNSyLcVzhOwAApN4f7A
	; Sat, 23 Feb 2019 13:04:28 -0500
Received: from smtp5.gate.iad3a ([172.27.255.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy6.mail.iad3a.rsapps.net with LMTP id yHalLyyLcVzRWAAA8udqhg
	; Sat, 23 Feb 2019 13:04:28 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp5.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: 75734f56-3795-11e9-8ea8-525400de824c-1-1
Received: from [216.105.38.7] ([216.105.38.7:1960] helo=lists.sourceforge.net)
	by smtp5.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 83/00-02504-B2B817C5; Sat, 23 Feb 2019 13:04:28 -0500
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1gxbds-0004jL-Ls; Sat, 23 Feb 2019 18:03:16 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <stefan.strogin@gmail.com>) id 1gxbdr-0004jA-Ob
 for openvpn-devel@lists.sourceforge.net; Sat, 23 Feb 2019 18:03:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Qq2zf/e2sfu01V6katomZHJV4v9WGkvIAPYPR2prpfc=; b=EktQXF07UAwKC5JKlbsIsfFgM5
 x2RDmVas0L0CjwJACwD9wAqgKfboDDxCtVVmpymwZ49UhfjmeaPFT4XuIz6jowpZ7m4TOg3B84Pjt
 g3UDOD9tPZDokqOTX4/UqNd01z4Pq2ZU2z0MYSDUhJFQckXOJJ438rVto2EXTUqj1Ffg=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From
 :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=Qq2zf/e2sfu01V6katomZHJV4v9WGkvIAPYPR2prpfc=; b=c
 b2selj/c417/Xr6QxJRfd1Adk8zVuAWLf6FteJjPbeutm9U++/00st1fL8LRuhDGESl5/o5OVauQY
 N9xldNgHobdzOuA5zHFTK53UEHN8aHaROZbeEotSg67qLerDFzLdD8WqpN0Q+ZoqtjCNnkxf1LKUx
 BZBpaymzzyhZsr58=;
Received: from mail-ed1-f66.google.com ([209.85.208.66])
 by sfi-mx-3.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1)
 id 1gxbdh-00Aobt-LR
 for openvpn-devel@lists.sourceforge.net; Sat, 23 Feb 2019 18:03:11 +0000
Received: by mail-ed1-f66.google.com with SMTP id b20so4372321edw.11
 for <openvpn-devel@lists.sourceforge.net>;
 Sat, 23 Feb 2019 10:03:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=Qq2zf/e2sfu01V6katomZHJV4v9WGkvIAPYPR2prpfc=;
 b=V/2hPulo00dJbY42wMy1cxxQ2BRmqLya6FLZ8RZ6cqISiaDMSIDL3kimTjGMLqwNya
 wc0/DkChxH4IBIVdd0M+g3BTrCR/oBmcg9GQxerdj5nIb2Nxpc1bRad7om8Vwvdr77rX
 Q5r9GtMf5Hm4167y8DKOsdei+cS8xz+EvHR/ZebWE9HTf24Yq8R7t9/GdDQzYYnVRD8Q
 haDbel9MkEnGpPSD0c+Y2o4QNwoZQtZp5/BN/hcOwTjXAevMNpKJY99cvuh1qAhINqdL
 ygb/gj3vVnqPBFx1ugXCA35rSMg+gqCeGLdCA51DgW7Mn3MZl8TuuBpFGY3emExvSXzU
 2t/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=Qq2zf/e2sfu01V6katomZHJV4v9WGkvIAPYPR2prpfc=;
 b=aPoTykeL/XlgvppBZzKteqcgM+DM+uh4dwbHDuXVPYde1YUMo0oFejC3O3K6+KAmMg
 uekfJAiIKQyy6o3qwAJ5H/W8x7+0uvjlgFPSjLDRQs48mxgaTmk+Hn2TcrouGiW9vwwU
 p88m/TDRRrVmB5QFJ05Vk6caodBwA8YnDq9trPvKjTPmAbh+4kxU2p9wytErtITouuME
 qq7GgNKrUc+ue972OH3uTCRohQ6V53aBz/pdaegbLwqCDv4YldN0I56niU5Nw0v2gR+9
 kNBfBT8hmGQoZpTmOPaUWCS022Sre6vQ65h4Mh1NodACD/nmEvZGXs9jhT2PNVK4DRnh
 TF+Q==
X-Gm-Message-State: AHQUAuZxe6+K/tXrWvlJeFMMvNYn/xW0SY3tHi9z1DfAo63wnS7hxDvE
 bOOQJPh82y20O8uQq2qX+Y0a+klUsw==
X-Google-Smtp-Source: 
 AHgI3IYYolPuvUxrU2WMJ24AKhhrEKQqMxR3h+LXtXLpQQTp9eXx6ir7TgPKfApfDVq1jQRN4f6KiA==
X-Received: by 2002:a50:8786:: with SMTP id a6mr8025915eda.241.1550944978446;
 Sat, 23 Feb 2019 10:02:58 -0800 (PST)
Received: from localhost.localdomain (pripet.hukot.net. [46.36.39.187])
 by smtp.gmail.com with ESMTPSA id h35sm1318730ede.8.2019.02.23.10.02.57
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 23 Feb 2019 10:02:57 -0800 (PST)
From: Stefan Strogin <stefan.strogin@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Sat, 23 Feb 2019 20:02:41 +0200
Message-Id: <20190223180241.18374-1-stefan.strogin@gmail.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
 (stefan.strogin[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [209.85.208.66 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.66 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
X-Headers-End: 1gxbdh-00Aobt-LR
Subject: [Openvpn-devel] [PATCH] Fix compilation with LibreSSL
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

TLS 1.3 is not ready yet in LibreSSL.
Also SSL_get1_supported_ciphers() has been just added into master (not yet
released).

Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
---
 src/openvpn/ssl_openssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index ddb78da7..fcaac080 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -465,7 +465,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
         return;
     }
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER)
     crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
                "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
                ciphers);
@@ -1998,7 +1998,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
         crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
     }
 
-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))
     if (tls13)
     {
         SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
@@ -2019,7 +2019,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
         crypto_msg(M_FATAL, "Cannot create SSL object");
     }
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
 #else
     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);