[PATCH] mod_ssl: fix compilation with LibreSSL

Stefan Strogin Wed, 28 Aug 2019 09:19:24 -0700

LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
See also: https://bugs.gentoo.org/668060
---
 modules/ssl/ssl_engine_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 73ab07d64b..63ecf4cc48 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
     modssl_pk_proxy_t *pkp = mctx->pkp;
     STACK_OF(X509) *chain;
     X509_STORE_CTX *sctx;
     X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
     /* For OpenSSL >=1.1.1, turn on client cert support which is
      * otherwise turned off by default (by design).
      * https://github.com/openssl/openssl/issues/6933 */
     SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
 #endif
-- 
2.23.0

[PATCH] mod_ssl: fix compilation with LibreSSL

Reply via email to