Merge pull request #5356 from alorbach/pr-issue-5353

OpenSSL: Add precompiler checks for libressl in net_ossl
rsyslog · Apr 9, 2024 · fc1ad18 · fc1ad18
2 parents a930987 + b79fd51
commit fc1ad18
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/configure.ac b/configure.ac
@@ -2510,7 +2510,7 @@ AC_ARG_ENABLE(imdtls,
         [enable_imdtls=no]
 )
 if test "x$enable_imdtls" = "xyes"; then
-	PKG_CHECK_MODULES(OPENSSL, openssl)
+        PKG_CHECK_MODULES(OPENSSL, openssl >= 1.1.0)
 fi
 AM_CONDITIONAL(ENABLE_IMDTLS, test x$enable_imdtls = xyes)
 # END IMDTLS INPUT
@@ -2527,7 +2527,7 @@ AC_ARG_ENABLE(omdtls,
         [enable_omdtls=no]
 )
 if test "x$enable_omdtls" = "xyes"; then
-	PKG_CHECK_MODULES(OPENSSL, openssl)
+	PKG_CHECK_MODULES(OPENSSL, openssl >= 1.0.2)
 fi
 AM_CONDITIONAL(ENABLE_OMDTLS, test x$enable_omdtls = xyes)
 # END OMDTLS INPUT

diff --git a/runtime/net_ossl.c b/runtime/net_ossl.c
@@ -59,7 +59,9 @@ void net_ossl_set_ssl_verify_callback(SSL *pSsl, int flags);
 void net_ossl_set_ctx_verify_callback(SSL_CTX *pCtx, int flags);
 void net_ossl_set_bio_callback(BIO *conn);
 int net_ossl_verify_callback(int status, X509_STORE_CTX *store);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 rsRetVal net_ossl_chkpeercertvalidity(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
 X509* net_ossl_getpeercert(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
 rsRetVal net_ossl_peerfingerprint(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
@@ -472,6 +474,7 @@ void net_ossl_lastOpenSSLErrorMsg
 	}
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 /* initialize tls config commands in openssl context
  */
 rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
@@ -557,7 +560,7 @@ rsRetVal net_ossl_apply_tlscgfcmd(net_ossl_t *pThis, uchar *tlscfgcmd)
 finalize_it:
 	RETiRet;
 }
-
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 
 /* Convert a fingerprint to printable data. The  conversion is carried out
  * according IETF I-D syslog-transport-tls-12. The fingerprint string is
@@ -1195,7 +1198,9 @@ CODESTARTobjQueryInterface(net_ossl)
 	pIf->osslPeerfingerprint	= net_ossl_peerfingerprint;
 	pIf->osslGetpeercert		= net_ossl_getpeercert;
 	pIf->osslChkpeercertvalidity	= net_ossl_chkpeercertvalidity;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 	pIf->osslApplyTlscgfcmd		= net_ossl_apply_tlscgfcmd;
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 	pIf->osslSetBioCallback		= net_ossl_set_bio_callback;
 	pIf->osslSetCtxVerifyCallback	= net_ossl_set_ctx_verify_callback;
 	pIf->osslSetSslVerifyCallback	= net_ossl_set_ssl_verify_callback;

diff --git a/runtime/net_ossl.h b/runtime/net_ossl.h
@@ -88,7 +88,9 @@ BEGINinterface(net_ossl) /* name must also be changed in ENDinterface macro! */
 	rsRetVal (*osslPeerfingerprint)(net_ossl_t *pThis, X509* certpeer, uchar *fromHostIP);
 	X509* (*osslGetpeercert)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
 	rsRetVal (*osslChkpeercertvalidity)(net_ossl_t *pThis, SSL *ssl, uchar *fromHostIP);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 	rsRetVal (*osslApplyTlscgfcmd)(net_ossl_t *pThis, uchar *tlscfgcmd);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 	void (*osslSetBioCallback)(BIO *conn);
 	void (*osslSetCtxVerifyCallback)(SSL_CTX *pCtx, int flags);
 	void (*osslSetSslVerifyCallback)(SSL *pSsl, int flags);