OpenSSL: Add precompiler checks for libressl in net_ossl

Due the changes in commit 679b0b0
for the new DTLS modules, some code was moved and not conditionally
checked like before.

This fixes compile issues where SSL_CONF_cmd API is not available,
like in libressl or ancient OpenSSL Versions.

For older OpenSSL Versions than 1.0.2, imdtls and omdtls modules
will not be able to build to the missing support of DTLS.

closes: #5353
closes: #5342

configure.ac

@@ -2510,7 +2510,7 @@ AC_ARG_ENABLE(imdtls,
         [enable_imdtls=no]
 )
 if test "x$enable_imdtls" = "xyes"; then
-	PKG_CHECK_MODULES(OPENSSL, openssl)
+        PKG_CHECK_MODULES(OPENSSL, openssl >= 1.1.0)
 fi
 AM_CONDITIONAL(ENABLE_IMDTLS, test x$enable_imdtls = xyes)
 # END IMDTLS INPUT
@@ -2527,7 +2527,7 @@ AC_ARG_ENABLE(omdtls,
         [enable_omdtls=no]
 )
 if test "x$enable_omdtls" = "xyes"; then
-	PKG_CHECK_MODULES(OPENSSL, openssl)
+	PKG_CHECK_MODULES(OPENSSL, openssl >= 1.0.2)
 fi
 AM_CONDITIONAL(ENABLE_OMDTLS, test x$enable_omdtls = xyes)
 # END OMDTLS INPUT

runtime/net_ossl.c

@@ -59,7 +59,9 @@ void net_ossl_set_ssl_verify_callback(SSL *pSsl, int flags);
 void net_ossl_set_ctx_verify_callback(SSL_CTX *pCtx, int flags);
 void net_ossl_set_bio_callback(BIO *conn);
 int net_ossl_verify_callback(int status, X509_STORE_CTX *store);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 rsRetVal net_ossl_chkpeercertvalidity(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
 X509* net_ossl_getpeercert(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
 rsRetVal net_ossl_peerfingerprint(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
@@ -472,6 +474,7 @@ void net_ossl_lastOpenSSLErrorMsg
 	}
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 /* initialize tls config commands in openssl context
  */
 rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
@@ -557,7 +560,7 @@ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
 finalize_it:
 	RETiRet;
 }
-
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 
 /* Convert a fingerprint to printable data. The  conversion is carried out
  * according IETF I-D syslog-transport-tls-12. The fingerprint string is
@@ -1195,7 +1198,9 @@ CODESTARTobjQueryInterface(net_ossl)
 	pIf->osslPeerfingerprint	= net_ossl_peerfingerprint;
 	pIf->osslGetpeercert		= net_ossl_getpeercert;
 	pIf->osslChkpeercertvalidity	= net_ossl_chkpeercertvalidity;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 	pIf->osslApplyTlscgfcmd		= net_ossl_apply_tlscgfcmd;
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 	pIf->osslSetBioCallback		= net_ossl_set_bio_callback;
 	pIf->osslSetCtxVerifyCallback	= net_ossl_set_ctx_verify_callback;
 	pIf->osslSetSslVerifyCallback	= net_ossl_set_ssl_verify_callback;

runtime/net_ossl.h

@@ -88,7 +88,9 @@ BEGINinterface(net_ossl) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*osslPeerfingerprint)(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
 	X509* (*osslGetpeercert)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
 	rsRetVal (*osslChkpeercertvalidity)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 	rsRetVal (*osslApplyTlscgfcmd)(net_ossl_t *pThis, uchar *tlscfgcmd);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 	void (*osslSetBioCallback)(BIO *conn);
 	void (*osslSetCtxVerifyCallback)(SSL_CTX *pCtx, int flags);
 	void (*osslSetSslVerifyCallback)(SSL *pSsl, int flags);