1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
From 649f49fa61ca98a05b26c3b2a26a1c30ca24ea26 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Thu, 22 Nov 2018 09:23:46 +0100
Subject: [PATCH] Fix #5049: LibreSSL does not have SSL_CTX_set_security_level
---
libfreerdp/crypto/tls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 20fde415d8..76f51701fe 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -656,7 +656,7 @@ static BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method,
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
#endif
From effa8b8562d5e4b017570815c7e4d8faa0dd9a9e Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 22 Nov 2018 19:10:05 +0100
Subject: [PATCH] Fix #5049: Libressl declares OPENSSL_VERSION_NUMBER too high
Need to check specifically for LIBRESSL_VERSION_NUMBER as they
set the version higher than OpenSSL 1.1 but without API support.
---
libfreerdp/crypto/tls.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 76f51701fe..ded41f127e 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -655,8 +655,7 @@ static BOOL tls_prepare(rdpTls* tls, BIO* underlying, SSL_METHOD* method,
SSL_CTX_set_max_proto_version(tls->ctx, 0); /* highest supported version by library */
#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_security_level(tls->ctx, settings->TlsSecLevel);
#endif
From 0c83efa753d0457eb319624f87b491badf75105f Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 7 Jan 2019 14:18:14 +0100
Subject: [PATCH] Fix #5170: Disable custom TLS alert for libressl > 2.8.3
---
libfreerdp/crypto/tls.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index b2cf5416c8..56e16bacb4 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -1030,7 +1030,8 @@ BOOL tls_send_alert(rdpTls* tls)
* FIXME: The following code does not work on OpenSSL > 1.1.0 because the
* SSL struct is opaqe now
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) || \
+ (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER <= 0x2080300fL))
if (tls->alertDescription != TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY)
{
@@ -1057,7 +1058,6 @@ BOOL tls_send_alert(rdpTls* tls)
if (tls->ssl->s3->wbuf.left == 0)
tls->ssl->method->ssl_dispatch_alert(tls->ssl);
}
-
#endif
return TRUE;
}
|