From 33e8d2d1da86ec2fec46397361af862802b89333 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Jan 2020 01:21:43 +0000
Subject: Split the TLSv1.3 guards into separate client and server guards.

ok beck@ tb@
---
 src/lib/libssl/Makefile      | 5 +++--
 src/lib/libssl/ssl.h         | 8 +++++++-
 src/lib/libssl/ssl_methods.c | 6 +++---
 3 files changed, 13 insertions(+), 6 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index e3b9a5cac9..b30fcca9eb 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.58 2020/01/20 13:10:37 jsing Exp $
+# $OpenBSD: Makefile,v 1.59 2020/01/22 01:21:43 jsing Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -17,7 +17,8 @@ CFLAGS+= -Werror
 .endif
 CFLAGS+= -DLIBRESSL_INTERNAL
 .ifdef TLS1_3
-CFLAGS+= -DLIBRESSL_HAS_TLS1_3
+CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
+CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
 .endif
 CFLAGS+= -I${.CURDIR}
 
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8ac05ca70f..012556fa71 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.168 2020/01/21 05:19:02 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.169 2020/01/22 01:21:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -167,6 +167,12 @@
 extern "C" {
 #endif
 
+#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) || defined(LIBRESSL_HAS_TLS1_3_SERVER)
+#define LIBRESSL_HAS_TLS1_3 1
+#else
+#define LIBRESSL_HAS_TLS1_3 0
+#endif
+
 /* SSLeay version number for ASN.1 encoding of the session information */
 /* Version 0 - initial version
  * Version 1 - added the optional peer certificate
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 5a62a7adc4..33d2d7654d 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.5 2019/11/17 19:07:07 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.6 2020/01/22 01:21:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -211,7 +211,7 @@ dtls1_get_server_method(int ver)
 	return (NULL);
 }
 
-#ifdef LIBRESSL_HAS_TLS1_3
+#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
 	.version = TLS1_3_VERSION,
 	.min_version = TLS1_VERSION,
@@ -384,7 +384,7 @@ SSLv23_client_method(void)
 const SSL_METHOD *
 TLS_client_method(void)
 {
-#ifdef LIBRESSL_HAS_TLS1_3
+#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
 	return (&TLS_client_method_data);
 #else
 	return tls_legacy_client_method();
-- 
cgit v1.2.3-55-g6feb