$OpenBSD: patch-src_file_analysis_analyzer_x509_functions_bif,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $

Index: src/file_analysis/analyzer/x509/functions.bif
--- src/file_analysis/analyzer/x509/functions.bif.orig
+++ src/file_analysis/analyzer/x509/functions.bif
@@ -115,7 +115,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs
 	const ASN1_OCTET_STRING* key  = nullptr;
 	const X509_NAME*         name = nullptr;
 
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
 	OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId;
 
 	if ( resp_id->type == V_OCSP_RESPID_NAME )
@@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, 
 
 	// Because we actually want to be able to give nice error messages that show why we were
 	// not able to verify the OCSP response - do our own verification logic first.
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
 	signer = x509_get_ocsp_signer(basic->certs, basic);
 #else
 	signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic);
@@ -370,7 +370,11 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, 
 		}
 
 		{
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+		auto basic_certs = basic->certs;
+#else
 		auto basic_certs = OCSP_resp_get0_certs(basic);
+#endif
 		if ( basic_certs )
 			ocsp_certs = sk_X509_dup(basic_certs);
 
@@ -714,7 +718,7 @@ function sct_verify%(cert: opaque of x509, logid: stri
 	uint32 cert_length;
 	if ( precert )
 		{
-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER))
 		x->cert_info->enc.modified = 1;
 		cert_length = i2d_X509_CINF(x->cert_info, &cert_out);
 #else
