From: Kevin McCarthy <kevin@8t8.us>
Date: Thu, 10 Jan 2019 17:56:41 +0000 (-0800)
Subject: Wrap ssl init calls for LibreSSL too.
X-Git-Tag: mutt-1-11-3-rel~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=78ea05f7c920973a0a3015353c798ed82c0efbf9;p=mutt

Wrap ssl init calls for LibreSSL too.

It looks like LibreSSL does not perform automatic initialization of
the library and error strings.

Since LibreSSL defines OPENSSL_VERSION_NUMBER as a "version 2",
add a check if LIBRESSL_VERSION_NUMBER is defined and call the
initialization functions for that case.
---

diff --git a/mutt_ssl.c b/mutt_ssl.c
index 8816be41..0479ceec 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -28,7 +28,11 @@
 #include <openssl/rand.h>
 #include <openssl/evp.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+/* LibreSSL defines OPENSSL_VERSION_NUMBER but sets it to 0x20000000L.
+ * So technically we don't need the defined(OPENSSL_VERSION_NUMBER) check.
+ */
+#if (defined(OPENSSL_VERSION_NUMBER)  && OPENSSL_VERSION_NUMBER  < 0x10100000L) || \
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 #define X509_get0_notBefore X509_get_notBefore
 #define X509_get0_notAfter X509_get_notAfter
 #define X509_getm_notBefore X509_get_notBefore
@@ -339,7 +343,10 @@ static int ssl_init (void)
     }
   }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+/* OpenSSL performs automatic initialization as of 1.1.
+ * However LibreSSL does not (as of 2.8.3). */
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
+    (defined(LIBRESSL_VERSION_NUMBER))
   /* I don't think you can do this just before reading the error. The call
    * itself might clobber the last SSL error. */
   SSL_load_error_strings();