Fix warnings and errors when building with LibreSSL and OpenSSL 1.1.1w.

brainy · brainy · commit 720867b782e1 · 2026-01-04T17:45:33.000Z
* buckets/ssl_buckets.c (ssl_x509_ex_data_idx): Make conditional on SERF_HAVE_OSSL_STORE_OPEN_EX. * test/test_ssl.c (client_cert_uri_conn_setup): Likewise, make conditional. (SERF__OPENSSL_VERSION_PREREQ): Define this macro to expand to false if OPENSSL_VERSION_PREREQ is not defined, otherwise make it an alias. (test_ssl_revoked_server_cert, test_ssl_ocsp_verify_response_no_signer): Use our new ...PREREQ macro instead of the previous invalid usage that broke compiling with older versions of OpenSSL. git-svn-id: https://svn.apache.org/repos/asf/serf/trunk@1931107 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/buckets/ssl_buckets.c b/buckets/ssl_buckets.c
@@ -126,7 +126,9 @@ DEFINE_STACK_OF(EVP_PKEY)
  *
  */
 
+#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)
 static int ssl_x509_ex_data_idx = -1;
+#endif
 
 typedef struct bucket_list {
     serf_bucket_t *bucket;
diff --git a/test/test_ssl.c b/test/test_ssl.c
@@ -36,6 +36,14 @@
 #include <openssl/ocsp.h>
 #endif
 
+/* The OPENSSL_VERSION_PREREQ macro is only available from 3.0 onwards,
+   so we'll "backport" it here for older versions. */
+#ifdef OPENSSL_VERSION_PREREQ
+#define SERF__OPENSSL_VERSION_PREREQ(m, n) OPENSSL_VERSION_PREREQ((m), (n))
+#else
+#define SERF__OPENSSL_VERSION_PREREQ(m, n) (0)
+#endif
+
 /* Test setting up the openssl library. */
 static void test_ssl_init(CuTest *tc)
 {
@@ -1174,6 +1182,7 @@ static void test_ssl_client_certificate(CuTest *tc)
     EndVerify
 }
 
+#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)
 static apr_status_t
 client_cert_uri_conn_setup(apr_socket_t *skt,
                            serf_bucket_t **input_bkt,
@@ -1201,6 +1210,7 @@ client_cert_uri_conn_setup(apr_socket_t *skt,
 
     return APR_SUCCESS;
 }
+#endif
 
 static void test_ssl_client_certificate_uri(CuTest *tc)
 {
@@ -1394,7 +1404,7 @@ static void test_ssl_revoked_server_cert(CuTest *tc)
        certificate. OpenSSL may call the application multiple times per depth,
        e.g. once to tell that the cert is revoked, and a second time to tell
        that the certificate itself is valid. */
-#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3, 6)
+#if SERF__OPENSSL_VERSION_PREREQ(3, 6)
     /* In OpenSSL 3.6, error handling changed so that only the
        first instance of CERT_UNABLE_TO_GET_CRL is reported. */
     CuAssertStrEquals(tc,
@@ -2794,7 +2804,7 @@ static void test_ssl_ocsp_verify_response_no_signer(CuTest *tc)
 {
 #ifndef OPENSSL_NO_OCSP
     apr_status_t status = verify_ocsp_response(tc, 1, 0, 0, 0);
-#if defined(OPENSSL_VERSION_PREREQ) && OPENSSL_VERSION_PREREQ(3, 0)
+#if SERF__OPENSSL_VERSION_PREREQ(3, 0)
     /* OCSP responses MUST be signed, and on newer versions of OpenSSL we
        can't even create one without a signature. This error doesn't come
        from response validation but because OCSP_response_create() fails. */

Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,9 @@ DEFINE_STACK_OF(EVP_PKEY)`
`126`	`126`	`*`
`127`	`127`	`*/`
`128`	`128`
	`129`	`+#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)`
`129`	`130`	`static int ssl_x509_ex_data_idx = -1;`
	`131`	`+#endif`
`130`	`132`
`131`	`133`	`typedef struct bucket_list {`
`132`	`134`	`serf_bucket_t *bucket;`