summaryrefslogtreecommitdiff
blob: fd6e6148607a37b6b7aa4fba185f7bd5609db4f3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
From 649f49fa61ca98a05b26c3b2a26a1c30ca24ea26 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Thu, 22 Nov 2018 09:23:46 +0100
Subject: [PATCH] Fix #5049: LibreSSL does not have SSL_CTX_set_security_level

---
 libfreerdp/crypto/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 20fde415d8..76f51701fe 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -656,7 +656,7 @@ static BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method,
 #endif
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
 #endif
 
From effa8b8562d5e4b017570815c7e4d8faa0dd9a9e Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 22 Nov 2018 19:10:05 +0100
Subject: [PATCH] Fix #5049: Libressl declares OPENSSL_VERSION_NUMBER too high

Need to check specifically for LIBRESSL_VERSION_NUMBER as they
set the version higher than OpenSSL 1.1 but without API support.
---
 libfreerdp/crypto/tls.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 76f51701fe..ded41f127e 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -655,8 +655,7 @@ static BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method,
 	SSL_CTX_set_max_proto_version(tls->ctx, 0); /* highest supported version by library */
 #endif
 
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
 #endif
 
From 0c83efa753d0457eb319624f87b491badf75105f Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 7 Jan 2019 14:18:14 +0100
Subject: [PATCH] Fix #5170: Disable custom TLS alert for libressl > 2.8.3

---
 libfreerdp/crypto/tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index b2cf5416c8..56e16bacb4 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -1030,7 +1030,8 @@ BOOL tls_send_alert(rdpTls* tls)
 	 * FIXME: The following code does not work on OpenSSL > 1.1.0 because the
 	 *        SSL struct is opaqe now
 	 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) || \
+	(defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER <= 0x2080300fL))
 
 	if (tls->alertDescription != TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY)
 	{
@@ -1057,7 +1058,6 @@ BOOL tls_send_alert(rdpTls* tls)
 		if (tls->ssl->s3->wbuf.left == 0)
 			tls->ssl->method->ssl_dispatch_alert(tls->ssl);
 	}
-
 #endif
 	return TRUE;
 }