logo

overlay

My own overlay for experimentations, use with caution, no support is provided git clone https://hacktivis.me/git/overlay.git

ldns-utils-1.7.0_libressl.patch (2754B)

    

  1. diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c

  2. index f223675..c819b4a 100644

  3. --- a/examples/ldns-dane.c

  4. +++ b/examples/ldns-dane.c

  5. @@ -1097,7 +1097,7 @@ dane_create(ldns_rr_list* tlsas, ldns_rdf* tlsa_owner,

  6.  	}

  7.  }

  8.  

  9. -#if defined(USE_DANE_VERIFY) && ( OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) )

  10. +#if defined(USE_DANE_VERIFY) && ( OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) )

  11.  static bool

  12.  dane_verify(ldns_rr_list* tlsas, ldns_rdf* address,

  13.  		X509* cert, STACK_OF(X509)* extra_certs,

  14. @@ -1165,7 +1165,7 @@ main(int argc, char* const* argv)

  15.  	ldns_status   s;

  16.  	size_t        i;

  17.  

  18. -#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL)

  19. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(LIBRESSL_VERSION_NUMBER)

  20.  	size_t        j, usable_tlsas = 0;

  21.  	X509_STORE_CTX *store_ctx = NULL;

  22.  #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */

  23. @@ -1688,7 +1688,7 @@ main(int argc, char* const* argv)

  24.  		}

  25.  	}

  26.  

  27. -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)

  28. +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)

  29.  	ctx =  SSL_CTX_new(SSLv23_client_method());

  30.  #else

  31.  	ctx =  SSL_CTX_new(TLS_client_method());

  32. @@ -1730,7 +1730,7 @@ main(int argc, char* const* argv)

  33.  					     verify_server_name, name);

  34.  			     break;

  35.  #ifdef USE_DANE_VERIFY

  36. -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)

  37. +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)

  38.  		case VERIFY: if (! dane_verify(tlsas, NULL,

  39.  			                       cert, extra_certs, store,

  40.  					       verify_server_name, name,

  41. @@ -1844,7 +1844,7 @@ main(int argc, char* const* argv)

  42.  			address = ldns_rr_a_address(

  43.  					ldns_rr_list_rr(addresses, i));

  44.  			assert(address != NULL);

  45. -#if OPENSSL_VERSION_NUMBER >= 0x10100000  && ! defined(HAVE_LIBRESSL)

  46. +#if OPENSSL_VERSION_NUMBER >= 0x10100000  && ! defined(LIBRESSL_VERSION_NUMBER)

  47.  			if (mode == VERIFY) {

  48.  				usable_tlsas = 0;

  49.  				if (SSL_dane_enable(ssl, name_str) <= 0) {

  50. @@ -1904,7 +1904,7 @@ main(int argc, char* const* argv)

  51.  				continue;

  52.  			}

  53.  			LDNS_ERR(s, "could not get cert chain from ssl");

  54. -#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL)

  55. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(LIBRESSL_VERSION_NUMBER)

  56.  

  57.  			if (mode == VERIFY) {

  58.  				char *address_str = ldns_rdf2str(address);

  59. @@ -1934,7 +1934,7 @@ main(int argc, char* const* argv)

  60.  

  61.  #ifdef USE_DANE_VERIFY

  62.  			case VERIFY:

  63. -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)

  64. +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)

  65.  				     if (! dane_verify(tlsas, address,

  66.  						cert, extra_certs, store,

  67.  						verify_server_name, name,