From 9b25dd3b0d03bf2fa6a53155bbd520d0f9a5e5d0 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Tue, 24 Aug 2021 13:53:03 +0100
Subject: [PATCH] libressl build fixes.

Closes #2198. Thanks to Theo Buehler.
---
 ChangeLog.txt | 3 +++
 lib/options.c | 4 ++--
 src/conf.c    | 2 +-
 src/net.c     | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index afc8235cf3..3506fe129d 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -46,6 +46,9 @@ Clients:
 
 Build:
 - Fix installation using WITH_TLS=no. Closes #2281.
+- Fix builds with libressl 3.4.0. Closes #2198.
+- Remove some unnecessary code guards related to libressl.
+
 
 2.0.11 - 2021-06-08
 ===================
diff --git a/lib/options.c b/lib/options.c
index ed2fca2436..b16efce476 100644
--- a/lib/options.c
+++ b/lib/options.c
@@ -392,7 +392,7 @@ int mosquitto_opts_set(struct mosquitto *mosq, enum mosq_opt_t option, void *val
 #ifdef WITH_TLS
 			mosq->ssl_ctx = (SSL_CTX *)value;
 			if(mosq->ssl_ctx){
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 				SSL_CTX_up_ref(mosq->ssl_ctx);
 #else
 				CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
@@ -500,7 +500,7 @@ int mosquitto_void_option(struct mosquitto *mosq, enum mosq_opt_t option, void *
 #ifdef WITH_TLS
 			mosq->ssl_ctx = (SSL_CTX *)value;
 			if(mosq->ssl_ctx){
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 				SSL_CTX_up_ref(mosq->ssl_ctx);
 #else
 				CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
diff --git a/src/conf.c b/src/conf.c
index e8251b4607..73a0700b91 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1188,7 +1188,7 @@ static int config__read_file_core(struct mosquitto__config *config, bool reload,
 					log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS support not available.");
 #endif
 				}else if(!strcmp(token, "ciphers_tls1.3")){
-#if defined(WITH_TLS) && !defined(LIBRESSL_VERSION_NUMBER)
+#if defined(WITH_TLS) && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3040000FL)
 					if(reload) continue; /* Listeners not valid for reloading. */
 					if(conf__parse_string(&token, "ciphers_tls1.3", &cur_listener->ciphers_tls13, saveptr)) return MOSQ_ERR_INVAL;
 #else
diff --git a/src/net.c b/src/net.c
index 774395c95d..e6616e3ebf 100644
--- a/src/net.c
+++ b/src/net.c
@@ -404,7 +404,7 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
 			return MOSQ_ERR_TLS;
 		}
 	}
-#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3040000FL)
 	if(listener->ciphers_tls13){
 		rc = SSL_CTX_set_ciphersuites(listener->ssl_ctx, listener->ciphers_tls13);
 		if(rc == 0){