#if defined(LIBRESSL_VERSION_NUMBER)

[botovq]

lib/options.c currently has two #if defined(LIBRESSL_VERSION_NUMBER) code paths.

mosquitto/lib/options.c

Lines 397 to 400 in d5ecd9f

	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
	SSL_CTX_up_ref(mosq->ssl_ctx);
	#else
	CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);

and

mosquitto/lib/options.c

Lines 505 to 506 in d5ecd9f

	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
	SSL_CTX_up_ref(mosq->ssl_ctx);

This is to avoid using SSL_CTX_up_ref() that presumably was not available at the time of writing the code.
This function has been available since LibreSSL 2.7.0 and is thus available in all supported versions (currently 3.2.x and 3.3.x).

It would be nice if these && !defined(LIBRESSL_VERSION_NUMBER) could be removed, as in LibreSSL 3.4.x the SSL_CTX will become opaque, so the build will break.

Concerning the remaining two !defined(LIBRESSL_VERSION_NUMBER) paths in the source, the SSL_CTX_set_ciphersuites() function will become available in LibreSSL 3.4.x, so it would be nice if those could be weakened to
&& (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER > 0x3040000fL).

[ralight]

Thanks for the hints!

[ralight]

This will be in 2.0.12 shortly.