tls: remove obsolete openssl version check and fix libressl build

src/md5/wrap.c

@@ -25,16 +25,12 @@
 void md5(const uint8_t *d, size_t n, uint8_t *md)
 {
 #ifdef USE_OPENSSL
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
 
 	EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
 	EVP_DigestUpdate(ctx, d, n);
 	EVP_DigestFinal_ex(ctx, md, NULL);
 	EVP_MD_CTX_free(ctx);
-#else
-	(void)MD5(d, n, md);
-#endif
 #else
 #error missing MD5 backend
 #endif

src/tls/openssl/sni.c

@@ -23,6 +23,7 @@
 #define DEBUG_LEVEL 5
 #include <re_dbg.h>
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 
 struct tls_conn;
 
@@ -138,8 +139,6 @@ struct tls_cert *tls_cert_for_sni(const struct tls *tls, const char *sni)
 
 static int ssl_set_verify_client(SSL *ssl, const char *host)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
 	struct sa sa;
 
 	if (!ssl || !host)
@@ -159,12 +158,6 @@ static int ssl_set_verify_client(SSL *ssl, const char *host)
 	SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_handler);
 
 	return 0;
-#else
-	(void)tc;
-	(void)host;
-
-	return ENOSYS;
-#endif
 }
 
 
@@ -173,9 +166,7 @@ static int ssl_use_cert(SSL *ssl, struct tls_cert *uc)
 	int err;
 	long r;
 
-#if !defined(LIBRESSL_VERSION_NUMBER)
 	SSL_certs_clear(ssl);
-#endif
 	r = SSL_clear_chain_certs(ssl);
 	if (r != 1)
 		return EINVAL;
@@ -227,3 +218,5 @@ void tls_enable_sni(struct tls *tls)
 					       ssl_servername_handler);
 	SSL_CTX_set_tlsext_servername_arg(tls_ssl_ctx(tls), tls);
 }
+
+#endif /* !defined(LIBRESSL_VERSION_NUMBER) */

src/tls/openssl/tls.c

@@ -159,8 +159,7 @@ static int keytype2int(enum tls_keytype type)
 }
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 /**
  * OpenSSL verify handler for debugging purposes. Prints only warnings in the
  * default build
@@ -462,12 +461,7 @@ int tls_set_verify_purpose(struct tls *tls, const char *purpose)
 	if (!tls || !purpose)
 		return EINVAL;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	i = X509_PURPOSE_get_by_sname(purpose);
-#else
-	i = X509_PURPOSE_get_by_sname((char *) purpose);
-#endif
-
 	if (i < 0)
 		return EINVAL;
 
@@ -513,15 +507,9 @@ static int tls_generate_cert(X509 **pcert, const char *cn)
 	    !X509_set_subject_name(cert, subj))
 		goto err;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	if (!X509_gmtime_adj(X509_getm_notBefore(cert), -3600*24*365) ||
 	    !X509_gmtime_adj(X509_getm_notAfter(cert),   3600*24*365*10))
 		goto err;
-#else
-	if (!X509_gmtime_adj(X509_get_notBefore(cert), -3600*24*365) ||
-	    !X509_gmtime_adj(X509_get_notAfter(cert),   3600*24*365*10))
-		goto err;
-#endif
 
 	goto out;
 
@@ -580,11 +568,7 @@ int tls_set_selfsigned_ec(struct tls *tls, const char *cn, const char *curve_n)
 	if (!EC_KEY_generate_key(eckey))
 		goto out;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
-#else
-	EC_KEY_set_asn1_flag(eckey, 0);
-#endif
 
 	key = EVP_PKEY_new();
 	if (!key)
@@ -1295,8 +1279,7 @@ int tls_set_ciphers(struct tls *tls, const char *cipherv[], size_t count)
  */
 int tls_set_verify_server(struct tls_conn *tc, const char *host)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	struct sa sa;
 
 	if (!tc || !host)
@@ -1485,14 +1468,10 @@ int tls_set_min_proto_version(struct tls *tls, int version)
 	if (!tls)
 		return EINVAL;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 	if (SSL_CTX_set_min_proto_version(tls->ctx, version))
 		return 0;
-#else
-	(void) version;
-#endif
-	return EACCES;
 
+	return EACCES;
 }
 
 
@@ -1509,12 +1488,9 @@ int tls_set_max_proto_version(struct tls *tls, int version)
 	if (!tls)
 		return EINVAL;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 	if (SSL_CTX_set_max_proto_version(tls->ctx, version))
 		return 0;
-#else
-	(void) version;
-#endif
+
 	return EACCES;
 }
 
@@ -1805,6 +1781,7 @@ SSL_CTX *tls_ssl_ctx(const struct tls *tls)
 }
 
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 static void tls_cert_destructor(void *arg)
 {
 	struct tls_cert *uc = arg;
@@ -1814,6 +1791,7 @@ static void tls_cert_destructor(void *arg)
 	EVP_PKEY_free(uc->pkey);
 	sk_X509_pop_free(uc->chain, X509_free);
 }
+#endif
 
 
 /**
@@ -1829,6 +1807,7 @@ static void tls_cert_destructor(void *arg)
  */
 int tls_add_certf(struct tls *tls, const char *certf, const char *host)
 {
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	struct tls_cert *uc;
 	BIO *bio = NULL;
 	int err = 0;
@@ -1905,6 +1884,12 @@ int tls_add_certf(struct tls *tls, const char *certf, const char *host)
 	}
 
 	return err;
+#else
+	(void)tls;
+	(void)certf;
+	(void)host;
+	return 0;
+#endif
 }
 
 

src/tls/openssl/tls.h

@@ -14,18 +14,13 @@
  */
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 #define SSL_state SSL_get_state
 #define SSL_ST_OK TLS_ST_OK
 #endif
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 typedef X509_NAME*(tls_get_certfield_h)(const X509 *);
-#else
-typedef X509_NAME*(tls_get_certfield_h)(X509 *);
-#endif
 
 struct tls;
 struct tls_cert;
@@ -39,8 +34,7 @@ const char *tls_cert_host(struct tls_cert *hc);
 const struct list *tls_certs(const struct tls *tls);
 
 struct tls_cert *tls_cert_for_sni(const struct tls *tls, const char *sni);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 int tls_verify_handler(int ok, X509_STORE_CTX *ctx);
 void tls_enable_sni(struct tls *tls);
 #endif

src/tls/openssl/tls_tcp.c

@@ -331,8 +331,7 @@ int tls_conn_change_cert(struct tls_conn *tc, const char *file)
 	SSL_certs_clear(tc->ssl);
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-	!defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	r = SSL_use_certificate_chain_file(tc->ssl, file);
 #else
 	r = SSL_use_certificate_file(tc->ssl, file, SSL_FILETYPE_PEM);