BUG/MEDIUM: ssl: Don't attempt to use early data with libressl.
Libressl doesn't yet provide early data, so don't put the CO_FL_EARLY_SSL_HS
on the connection if we're building with libressl, or the handshake will
never be done.
diff --git a/src/backend.c b/src/backend.c
index ae704de..5807a2e 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1582,7 +1582,9 @@
}
-#ifdef USE_OPENSSL
+#if USE_OPENSSL && (defined(OPENSSL_IS_BORINGSSL) || \
+ ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)))
+
if (!reuse && cli_conn && srv &&
(srv->ssl_ctx.options & SRV_SSL_O_EARLY_DATA) &&
/* Only attempt to use early data if either the client sent
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e11ddb5..cf1b860 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5336,7 +5336,8 @@
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
+ defined(OPENSSL_IS_BORINGSSL)
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif