The dependency on SSL_CTX_get_min_proto_version() and
SSL_CTX_get_max_proto_version() was introduced in October by Yann's
"r1868645 mod_ssl: negotiate the TLS protocol version per name based
vhost configuration".
Although the set variants are available in 1.1.0, the set were added
later in 1.1.0g.
Not sure, whether adjusting the version check as done now is the right
fix. At least it unbreaks building httpd against OpenSSL 1.1.0-1.1.0f.
The original change has been backported to 2.4.x, so building that for
the above OpenSSL versions is currently broken.
Regards,
Rainer
Am 23.03.2020 um 14:33 schrieb rj...@apache.org:
Author: rjung
Date: Mon Mar 23 13:33:22 2020
New Revision: 1875544
URL: http://svn.apache.org/viewvc?rev=1875544&view=rev
Log:
Fix compilation breakage with OpenSSL 1.1.0 up to 1.1.0f.
SSL_CTX_get_min_proto_version() and
SSL_CTX_get_max_proto_version() were only introduced in
1.1.0g.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1875544&r1=1875543&r2=1875544&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Mon Mar 23 13:33:22 2020
@@ -2535,7 +2535,7 @@ static int ssl_find_vhost(void *serverna
* from the ctx by hand
*/
SSL_set_options(ssl, SSL_CTX_get_options(ctx));
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
+#if OPENSSL_VERSION_NUMBER >= 0x1010007fL \
&& (!defined(LIBRESSL_VERSION_NUMBER) \
|| LIBRESSL_VERSION_NUMBER >= 0x20800000L)
/*
--
kippdata
informationstechnologie GmbH Tel: 0228 98549 -0
Bornheimer Str. 33a Fax: 0228 98549 -50
53111 Bonn www.kippdata.de
HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann