------------------------------------------------------------
revno: 13934
revision-id: squid3@treenet.co.nz-20151011053619-x5o37tyg0ymkpe3z
parent: squid3@treenet.co.nz-20151001145044-r33jsfpe8bnbh7gp
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4347
author: Stuart Henderson <stu@spacehopper.org>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2015-10-10 22:36:19 -0700
message:
  Bug 4347: compile errors with LibreSSL 2.3
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20151011053619-x5o37tyg0ymkpe3z
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 3253cd36d2778153f1fc39ee5d0f775a42fb1b81
# timestamp: 2015-10-11 05:50:50 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20151001145044-\
#   r33jsfpe8bnbh7gp
# 
# Begin patch
=== modified file 'src/ssl/bio.cc'
--- src/ssl/bio.cc	2015-10-01 10:46:13 +0000
+++ src/ssl/bio.cc	2015-10-11 05:36:19 +0000
@@ -1009,7 +1009,11 @@
 
     ciphers += 2;
     if (ciphersLen) {
-        const SSL_METHOD *method = SSLv3_method();
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+        const SSL_METHOD *method = TLS_method();
+#else
+        const SSL_METHOD *method = SSLv23_method();
+#endif
         for (size_t i = 0; i < ciphersLen; i += 2) {
             // each cipher in v3/tls  HELLO message is of size 2
             const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i));
@@ -1106,7 +1110,11 @@
         return false;
 
     if (ciphersLen) {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+        const SSL_METHOD *method = TLS_method();
+#else
         const SSL_METHOD *method = SSLv23_method();
+#endif
         for (unsigned int i = 0; i < ciphersLen; i += 3) {
             // The v2 hello messages cipher has 3 bytes.
             // The v2 cipher has the first byte not null

=== modified file 'src/ssl/support.cc'
--- src/ssl/support.cc	2015-06-28 10:05:58 +0000
+++ src/ssl/support.cc	2015-10-11 05:36:19 +0000
@@ -1070,8 +1070,13 @@
         break;
 
     case 3:
+#if !defined(OPENSSL_NO_SSL3)
         debugs(83, 5, "Using SSLv3.");
         return SSLv3_client_method();
+#else
+        debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
+        return NULL;
+#endif
         break;
 
     case 4:
@@ -1117,7 +1122,7 @@
     switch (version) {
 
     case 2:
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2)
         debugs(83, 5, "Using SSLv2.");
         return SSLv2_server_method();
 #else
@@ -1127,8 +1132,13 @@
         break;
 
     case 3:
+#if !defined(OPENSSL_NO_SSL3)
         debugs(83, 5, "Using SSLv3.");
         return SSLv3_server_method();
+#else
+        debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
+        return NULL;
+#endif
         break;
 
     case 4:
@@ -1543,7 +1553,7 @@
     switch (version) {
 
     case 2:
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2)
         debugs(83, 5, "Using SSLv2.");
         method = SSLv2_server_method();
 #else
@@ -1553,8 +1563,13 @@
         break;
 
     case 3:
+#if !defined(OPENSSL_NO_SSL3)
         debugs(83, 5, "Using SSLv3.");
         method = SSLv3_server_method();
+#else
+        debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
+        return NULL;
+#endif
         break;
 
     case 4: