# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1459456709 -10800
# Node ID 382fc7069e3a48b0a3b413fea976aa68e8081cdb
# Parent  4b420f9c4c5dbd186948de8a0ca151ac1c2f8c2d
SSL: reasonable version for LibreSSL.

LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but uses an old
API derived from OpenSSL at the time LibreSSL forked.  As a result, every
version check we use to test for new API elements in newer OpenSSL versions
requires an explicit check for LibreSSL.

To reduce clutter, redefine OPENSSL_VERSION_NUMBER to 0x1000107fL if
LibreSSL is used.  The same is done by FreeBSD port of LibreSSL.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -52,7 +52,7 @@ static int ngx_ssl_session_ticket_key_ca
     HMAC_CTX *hctx, int enc);
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10002002L
 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
 #endif
 
@@ -2944,7 +2944,7 @@ ngx_ssl_check_host(ngx_connection_t *c, 
         return NGX_ERROR;
     }
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10002002L
 
     /* X509_check_host() is only available in OpenSSL 1.0.2+ */
 
@@ -3061,7 +3061,7 @@ found:
 }
 
 
-#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10002002L
 
 static ngx_int_t
 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -33,6 +33,12 @@
 #define NGX_SSL_NAME     "OpenSSL"
 
 
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER  0x1000107fL
+#endif
+
+
 #define ngx_ssl_session_t       SSL_SESSION
 #define ngx_ssl_conn_t          SSL