diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 48d64cb..2392019 100644 --- ./modules/ssl/mod_ssl.c +++ ./modules/ssl/mod_ssl.c @@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, /* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ -#if MODSSL_USE_OPENSSL_PRE_1_1_API +#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) (void)CRYPTO_malloc_init(); #else OPENSSL_malloc_init(); diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a3a74f4..33ea494 100644 --- ./modules/ssl/ssl_engine_init.c +++ ./modules/ssl/ssl_engine_init.c @@ -616,7 +616,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, SSL_CTX_set_options(ctx, SSL_OP_ALL); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L) /* always disable SSLv2, as per RFC 6176 */ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index a39569c..e0e1b37 100644 --- ./modules/ssl/ssl_private.h +++ ./modules/ssl/ssl_private.h @@ -132,13 +132,14 @@ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_CTX_set_max_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -#endif -/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most - * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so - * we have to work around this... +#elif LIBRESSL_VERSION_NUMBER < 0x2070000f +/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not + * include most changes from OpenSSL >= 1.1 (new functions, macros, + * deprecations, ...), so we have to work around this... */ #define MODSSL_USE_OPENSSL_PRE_1_1_API (1) -#else +#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */ +#else /* defined(LIBRESSL_VERSION_NUMBER) */ #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) #endif @@ -238,7 +239,8 @@ void init_bio_methods(void); void free_bio_methods(void); #endif -#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10002000L || \ + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f) #define X509_STORE_CTX_get0_store(x) (x->ctx) #endif