1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
diff -Naur stunnel-5.30.orig/src/ctx.c stunnel-5.30/src/ctx.c
--- stunnel-5.30.orig/src/ctx.c 2016-01-15 16:45:23.000000000 +0000
+++ stunnel-5.30/src/ctx.c 2016-05-14 15:16:47.392859450 +0000
@@ -359,7 +359,7 @@
/**************************************** initialize OpenSSL CONF */
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CONF_CTX *cctx;
NAME_LIST *curr;
char *cmd, *param;
diff -Naur stunnel-5.30.orig/src/verify.c stunnel-5.30/src/verify.c
--- stunnel-5.30.orig/src/verify.c 2016-01-15 16:45:23.000000000 +0000
+++ stunnel-5.30/src/verify.c 2016-05-14 15:16:10.369860180 +0000
@@ -51,7 +51,7 @@
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
NOEXPORT int cert_check_local(X509_STORE_CTX *);
@@ -280,7 +280,7 @@
}
if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
if(!cert_check_subject(c, callback_ctx))
return 0; /* reject */
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -291,7 +291,7 @@
return 1; /* accept */
}
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
NAME_LIST *ptr;
diff --git a/src/common.h b/src/common.h
index 93f165e..491d9de 100644
--- a/src/common.h
+++ b/src/common.h
@@ -448,7 +448,7 @@ extern char *sys_errlist[];
#define OPENSSL_NO_TLS1_2
#endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#ifndef OPENSSL_NO_SSL2
#define OPENSSL_NO_SSL2
#endif /* !defined(OPENSSL_NO_SSL2) */
@@ -474,7 +474,7 @@ extern char *sys_errlist[];
#include <openssl/des.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
#endif /* OpenSSL older than 1.1.0 */
#endif /* !defined(OPENSSL_NO_DH) */
diff --git a/src/prototypes.h b/src/prototypes.h
index 303ff77..ae22598 100644
--- a/src/prototypes.h
+++ b/src/prototypes.h
@@ -664,13 +664,13 @@ typedef enum {
#endif /* OPENSSL_NO_DH */
STUNNEL_LOCKS /* number of locks */
} LOCK_TYPE;
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
typedef int STUNNEL_RWLOCK;
#else
typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
#endif
extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
-#if OPENSSL_VERSION_NUMBER>=0x10100004L
+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
#define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
#define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
#else
diff --git a/src/ssl.c b/src/ssl.c
index a7af7e6..1483734 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *);
int index_cli, index_opt, index_redirect, index_addr;
int ssl_init(void) { /* init TLS before parsing configuration file */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#else
@@ -83,7 +83,7 @@ int ssl_init(void) { /* init TLS before parsing configuration file */
}
#ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
* to be linked against the older versions */
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
diff --git a/src/sthreads.c b/src/sthreads.c
index 59c24a2..04fb256 100644
--- a/src/sthreads.c
+++ b/src/sthreads.c
@@ -47,7 +47,7 @@
STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
#endif
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
#define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
#endif
diff --git a/src/verify.c b/src/verify.c
index ac1c3ee..3e3bda4 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -348,7 +348,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
cert=X509_STORE_CTX_get_current_cert(callback_ctx);
subject=X509_get_subject_name(cert);
-#if OPENSSL_VERSION_NUMBER>=0x10000000L
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER<0x10100006L
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
#endif
|