From 34f8c1a200c3cd55c87b26f44bea6ae19ef0af2e Mon Sep 17 00:00:00 2001

From: Omar Polo op@omarpolo.com

Date: Fri, 17 Nov 2023 15:45:49 +0000

Subject: [PATCH 1/1] adjust #ifdefs for LibreSSL

Both the TOP/BOTTOM and ASN1_time_parse() were added to LibreSSL

quite some time ago. Actually, these #ifdefs can be removed

completelyif there is no desire to support old and unsupported

versions of LibreSSL (pre 3.6)

The diff is actually from Theo Buehler (tb [at] openbsd.org)

src/tlsrequest.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tlsrequest.c b/src/tlsrequest.c

index 1e03493..0c2d720 100644

--- a/src/tlsrequest.c

+++ b/src/tlsrequest.c

@@ -452,7 +452,7 @@ iTlsCertificate *newSelfSignedRSA_TlsCertificate(

 d->pkey = EVP_PKEY_new();

 EVP_PKEY_assign_RSA(d->pkey, rsa);

 X509_set_pubkey(d->cert, d->pkey);

-#if !defined (LIBRESSL_VERSION_NUMBER)

+#if !defined (LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3060000fL

 /* Random serial number. */ {

     BIGNUM *big = BN_new();

     if (BN_rand(big, 64, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {

@@ -554,7 +554,7 @@ void validUntil_TlsCertificate(const iTlsCertificate *d, iDate *untilDate_out) {

 iZap(*untilDate_out);

 if (d->cert) {

     struct tm time;

-#if defined (LIBRESSL_VERSION_NUMBER)

+#if defined (LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3060000fL

     const ASN1_TIME *notAfter = X509_get0_notAfter(d->cert);

     ASN1_time_parse((const char *) ASN1_STRING_get0_data(notAfter),

                     ASN1_STRING_length(notAfter),

--

2.25.1