ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5

The workaround is not needed on LibreSSL 3.5. LibreSSL 3.5 at the same time made the structure opaque, so it does not compile. This is a patch to the 2.2 branch; the code no longer exists in v3.0.
ruby · Dec 22, 2022 · 075b68e · 075b68e
1 parent 7407e3f
commit 075b68e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
@@ -1069,7 +1069,8 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
     x509st = GetX509StorePtr(store);
     flg = NIL_P(flags) ? 0 : NUM2INT(flags);
     x509s = ossl_x509_ary2sk(certs);
-#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || \
+    defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000
     /*
      * OpenSSL had a bug that it doesn't use the certificates in x509s for
      * verifying the chain. This can be a problem when the response is signed by