94 lines
4.0 KiB
Diff
94 lines
4.0 KiB
Diff
diff --git a/src/sslhelper.c b/src/sslhelper.c
|
|
index ba680b3..c8e7de8 100644
|
|
--- a/src/sslhelper.c
|
|
+++ b/src/sslhelper.c
|
|
@@ -803,7 +803,7 @@ static int pem_passwd_callback(char *buf, int size, int rwflag,
|
|
static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
const ASN1_INTEGER *revoked_serial;
|
|
X509_STORE_CTX *store_ctx;
|
|
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT *obj;
|
|
#else
|
|
X509_OBJECT obj;
|
|
@@ -829,7 +829,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
* the current certificate in order to verify it's integrity. */
|
|
store_ctx = X509_STORE_CTX_new();
|
|
X509_STORE_CTX_init(store_ctx, revocation_store, NULL, NULL);
|
|
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
obj = X509_OBJECT_new();
|
|
rc=X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
|
|
crl = X509_OBJECT_get0_X509_CRL(obj);
|
|
@@ -865,7 +865,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
rfbLog("Invalid signature on CRL\n");
|
|
X509_STORE_CTX_set_error(callback_ctx,
|
|
X509_V_ERR_CRL_SIGNATURE_FAILURE);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT_free(obj);
|
|
#else
|
|
X509_OBJECT_free_contents(&obj);
|
|
@@ -883,7 +883,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
rfbLog("Found CRL has invalid nextUpdate field\n");
|
|
X509_STORE_CTX_set_error(callback_ctx,
|
|
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT_free(obj);
|
|
#else
|
|
X509_OBJECT_free_contents(&obj);
|
|
@@ -894,14 +894,14 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
rfbLog("Found CRL is expired - "
|
|
"revoking all certificates until you get updated CRL\n");
|
|
X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT_free(obj);
|
|
#else
|
|
X509_OBJECT_free_contents(&obj);
|
|
#endif
|
|
return 0; /* Reject connection */
|
|
}
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT_free(obj);
|
|
#else
|
|
X509_OBJECT_free_contents(&obj);
|
|
@@ -912,7 +912,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
* the current certificate in order to check for revocation. */
|
|
store_ctx = X509_STORE_CTX_new();
|
|
X509_STORE_CTX_init(store_ctx, revocation_store, NULL, NULL);
|
|
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
obj = X509_OBJECT_new();
|
|
rc=X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
|
|
crl = X509_OBJECT_get0_X509_CRL(obj);
|
|
@@ -942,7 +942,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
"revoked per CRL from issuer %s\n", serial, serial, cp);
|
|
OPENSSL_free(cp);
|
|
X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT_free(obj);
|
|
#else
|
|
X509_OBJECT_free_contents(&obj);
|
|
@@ -950,7 +950,7 @@ static int crl_callback(X509_STORE_CTX *callback_ctx) {
|
|
return 0; /* Reject connection */
|
|
}
|
|
}
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
X509_OBJECT_free(obj);
|
|
#else
|
|
X509_OBJECT_free_contents(&obj);
|
|
@@ -1596,7 +1596,7 @@ static int switch_to_anon_dh(void) {
|
|
if (ssl_client_mode) {
|
|
return 1;
|
|
}
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
/* Security level must be set to 0 for unauthenticated suites. */
|
|
SSL_CTX_set_security_level(ctx, 0);
|
|
#endif
|