tls: remove obsolete openssl version check and fix libressl build

src/tls/openssl/sni.c

@@ -23,6 +23,7 @@
 #define DEBUG_LEVEL 5
 #include <re_dbg.h>
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 
 struct tls_conn;
 
@@ -138,8 +139,6 @@ struct tls_cert *tls_cert_for_sni(const struct tls *tls, const char *sni)
 
 static int ssl_set_verify_client(SSL *ssl, const char *host)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
 	struct sa sa;
 
 	if (!ssl || !host)
@@ -159,12 +158,6 @@ static int ssl_set_verify_client(SSL *ssl, const char *host)
 	SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_handler);
 
 	return 0;
-#else
-	(void)tc;
-	(void)host;
-
-	return ENOSYS;
-#endif
 }
 
 
@@ -173,9 +166,7 @@ static int ssl_use_cert(SSL *ssl, struct tls_cert *uc)
 	int err;
 	long r;
 
-#if !defined(LIBRESSL_VERSION_NUMBER)
 	SSL_certs_clear(ssl);
-#endif
 	r = SSL_clear_chain_certs(ssl);
 	if (r != 1)
 		return EINVAL;
@@ -227,3 +218,5 @@ void tls_enable_sni(struct tls *tls)
 					       ssl_servername_handler);
 	SSL_CTX_set_tlsext_servername_arg(tls_ssl_ctx(tls), tls);
 }
+
+#endif /* !defined(LIBRESSL_VERSION_NUMBER) */

src/tls/openssl/tls.c

@@ -61,7 +61,7 @@ struct tls_cert {
 	char *host;
 };
 
-#if defined(TRACE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#if defined(TRACE_SSL)
 /**
  * Global flag if key material must be appended to file
  */
@@ -159,8 +159,7 @@ static int keytype2int(enum tls_keytype type)
 }
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 /**
  * OpenSSL verify handler for debugging purposes. Prints only warnings in the
  * default build
@@ -255,7 +254,7 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 		goto out;
 	}
 
-#if defined(TRACE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#if defined(TRACE_SSL)
 	SSL_CTX_set_keylog_callback(tls->ctx, tls_keylogger_cb);
 #endif
 
@@ -462,12 +461,7 @@ int tls_set_verify_purpose(struct tls *tls, const char *purpose)
 	if (!tls || !purpose)
 		return EINVAL;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	i = X509_PURPOSE_get_by_sname(purpose);
-#else
-	i = X509_PURPOSE_get_by_sname((char *) purpose);
-#endif
-
 	if (i < 0)
 		return EINVAL;
 
@@ -513,15 +507,9 @@ static int tls_generate_cert(X509 **pcert, const char *cn)
 	    !X509_set_subject_name(cert, subj))
 		goto err;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	if (!X509_gmtime_adj(X509_getm_notBefore(cert), -3600*24*365) ||
 	    !X509_gmtime_adj(X509_getm_notAfter(cert),   3600*24*365*10))
 		goto err;
-#else
-	if (!X509_gmtime_adj(X509_get_notBefore(cert), -3600*24*365) ||
-	    !X509_gmtime_adj(X509_get_notAfter(cert),   3600*24*365*10))
-		goto err;
-#endif
 
 	goto out;
 
@@ -580,11 +568,7 @@ int tls_set_selfsigned_ec(struct tls *tls, const char *cn, const char *curve_n)
 	if (!EC_KEY_generate_key(eckey))
 		goto out;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
-#else
-	EC_KEY_set_asn1_flag(eckey, 0);
-#endif
 
 	key = EVP_PKEY_new();
 	if (!key)
@@ -1295,8 +1279,7 @@ int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count)
  */
 int tls_set_verify_server(struct tls_conn *tc, const char *host)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	struct sa sa;
 
 	if (!tc || !host)
@@ -1485,14 +1468,10 @@ int tls_set_min_proto_version(struct tls *tls, int version)
 	if (!tls)
 		return EINVAL;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 	if (SSL_CTX_set_min_proto_version(tls->ctx, version))
 		return 0;
-#else
-	(void) version;
-#endif
-	return EACCES;
 
+	return EACCES;
 }
 
 
@@ -1509,12 +1488,9 @@ int tls_set_max_proto_version(struct tls *tls, int version)
 	if (!tls)
 		return EINVAL;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 	if (SSL_CTX_set_max_proto_version(tls->ctx, version))
 		return 0;
-#else
-	(void) version;
-#endif
+
 	return EACCES;
 }
 
@@ -1570,10 +1546,9 @@ static int tls_session_update_cache(const struct tls_conn *tc,
 					     session_cmp_handler, &peer));
 	mem_deref(e);
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && \
-	(!defined(LIBRESSL_VERSION_NUMBER) || \
+#if !defined(LIBRESSL_VERSION_NUMBER) || \
 	  defined(LIBRESSL_HAS_TLS1_3) || \
-	  defined(LIBRESSL_INTERNAL) )
+	  defined(LIBRESSL_INTERNAL)
 	if (!SSL_SESSION_is_resumable(sess)) {
 		return EINVAL;
 	}
@@ -1596,7 +1571,6 @@ static int tls_session_update_cache(const struct tls_conn *tc,
 }
 
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
 static int session_new_cb(struct ssl_st *ssl, SSL_SESSION *sess)
 {
 	BIO *wbio = NULL;
@@ -1654,7 +1628,6 @@ static void session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
 	/* iterate over all hash table entries and search for session */
 	(void) hash_apply(tls->reuse.ht_sessions, remove_handler, sess);
 }
-#endif
 
 
 /**
@@ -1680,14 +1653,9 @@ int tls_set_session_reuse(struct tls *tls, int enabled)
 	if (!tls->reuse.enabled)
 		return 0;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
 	SSL_CTX_sess_set_new_cb(tls->ctx, session_new_cb);
 	SSL_CTX_sess_set_remove_cb(tls->ctx, session_remove_cb);
-
 	return 0;
-#else
-	return EOPNOTSUPP;
-#endif
 }
 
 
@@ -1703,11 +1671,7 @@ bool tls_session_reused(const struct tls_conn *tc)
 	if (!tc)
 		return false;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
 	return SSL_session_reused(tc->ssl);
-#else
-	return false;
-#endif
 }
 
 
@@ -1805,6 +1769,7 @@ SSL_CTX *tls_ssl_ctx(const struct tls *tls)
 }
 
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 static void tls_cert_destructor(void *arg)
 {
 	struct tls_cert *uc = arg;
@@ -1814,6 +1779,7 @@ static void tls_cert_destructor(void *arg)
 	EVP_PKEY_free(uc->pkey);
 	sk_X509_pop_free(uc->chain, X509_free);
 }
+#endif
 
 
 /**
@@ -1829,11 +1795,11 @@ static void tls_cert_destructor(void *arg)
  */
 int tls_add_certf(struct tls *tls, const char *certf, const char *host)
 {
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	struct tls_cert *uc;
 	BIO *bio = NULL;
 	int err = 0;
 	int ret;
-
 	if (!tls || !certf)
 		return EINVAL;
 
@@ -1905,6 +1871,12 @@ int tls_add_certf(struct tls *tls, const char *certf, const char *host)
 	}
 
 	return err;
+#else
+	(void)tls;
+	(void)certf;
+	(void)host;
+	return 0;
+#endif
 }
 
 

src/tls/openssl/tls.h

@@ -14,18 +14,13 @@
  */
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 #define SSL_state SSL_get_state
 #define SSL_ST_OK TLS_ST_OK
 #endif
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 typedef X509_NAME*(tls_get_certfield_h)(const X509 *);
-#else
-typedef X509_NAME*(tls_get_certfield_h)(X509 *);
-#endif
 
 struct tls;
 struct tls_cert;
@@ -39,8 +34,7 @@ const char *tls_cert_host(struct tls_cert *hc);
 const struct list *tls_certs(const struct tls *tls);
 
 struct tls_cert *tls_cert_for_sni(const struct tls *tls, const char *sni);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 int tls_verify_handler(int ok, X509_STORE_CTX *ctx);
 void tls_enable_sni(struct tls *tls);
 #endif