lib/options.c currently has two #if defined(LIBRESSL_VERSION_NUMBER) code paths.
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/lib/options.c#L397-L400
and
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/lib/options.c#L505-L506
This is to avoid using SSL_CTX_up_ref() that presumably was not available at the time of writing the code.
This function has been available since LibreSSL 2.7.0 and is thus available in all supported versions (currently 3.2.x and 3.3.x).
It would be nice if these && !defined(LIBRESSL_VERSION_NUMBER) could be removed, as in LibreSSL 3.4.x the SSL_CTX will become opaque, so the build will break.
Concerning the remaining two !defined(LIBRESSL_VERSION_NUMBER) paths in the source, the SSL_CTX_set_ciphersuites() function will become available in LibreSSL 3.4.x, so it would be nice if those could be weakened to
&& (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3040000fL).
lib/options.ccurrently has two#if defined(LIBRESSL_VERSION_NUMBER)code paths.https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/lib/options.c#L397-L400
and
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/lib/options.c#L505-L506
This is to avoid using
SSL_CTX_up_ref()that presumably was not available at the time of writing the code.This function has been available since LibreSSL 2.7.0 and is thus available in all supported versions (currently 3.2.x and 3.3.x).
It would be nice if these
&& !defined(LIBRESSL_VERSION_NUMBER)could be removed, as in LibreSSL 3.4.x theSSL_CTXwill become opaque, so the build will break.Concerning the remaining two
!defined(LIBRESSL_VERSION_NUMBER)paths in the source, theSSL_CTX_set_ciphersuites()function will become available in LibreSSL 3.4.x, so it would be nice if those could be weakened to&& (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3040000fL).