Add LibreSSL 2.5.0 support

2016-12-21 08:58:16 +01:00 · 2016-12-21 08:58:16 +01:00 · b3526cbd2b
parent 53c470c71a
commit b3526cbd2b
8 changed files with 81 additions and 122 deletions
--- a/openssl-sys/build.rs
+++ b/openssl-sys/build.rs
@ -247,6 +247,15 @@ fn validate_headers(include_dirs: &[PathBuf],
    } else if version_text.contains("0x10100") {
        println!("cargo:rustc-cfg=ossl110");
        println!("cargo:version=110");
    } else if version_text.contains("0x20000000L") {
        // Check if it is really LibreSSL
        if version_header.lines().any(|l| {
            l.contains("define ") && l.contains("LIBRESSL_VERSION_NUMBER")
        }) {
            println!("cargo:rustc-cfg=libressl");
            println!("cargo:libressl=true");
            println!("cargo:version=101");
        }
    } else {
        panic!("
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -17,6 +17,11 @@ mod ossl110;
 #[cfg(ossl110)]
 pub use ossl110::*;
 #[cfg(libressl)]
 mod libressl;
 #[cfg(libressl)]
 pub use libressl::*;
 pub enum ASN1_INTEGER {}
 pub enum ASN1_STRING {}
 pub enum ASN1_TIME {}
@ -1075,8 +1080,11 @@ pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2;
 pub const SSL_MODE_AUTO_RETRY: c_long = 0x4;
 pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8;
 pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10;
 #[cfg(not(libressl))]
 pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20;
 #[cfg(not(libressl))]
 pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40;
 #[cfg(not(libressl))]
 pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80;
 pub const SSL_ERROR_NONE: c_int = 0;
@ -1095,26 +1103,31 @@ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 #[cfg(not(ossl101))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong =                          0x00000010;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong =             0x00000800;
 #[cfg(not(libressl))]
 pub const SSL_OP_ALL: c_ulong =                                     0x80000BFF;
 pub const SSL_OP_NO_QUERY_MTU: c_ulong =                            0x00001000;
 pub const SSL_OP_COOKIE_EXCHANGE: c_ulong =                         0x00002000;
 pub const SSL_OP_NO_TICKET: c_ulong =                               0x00004000;
 #[cfg(not(libressl))]
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong =                        0x00008000;
 pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong =  0x00010000;
 #[cfg(not(libressl))]
 pub const SSL_OP_NO_COMPRESSION: c_ulong =                          0x00020000;
 #[cfg(not(libressl))]
 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong =       0x00040000;
 pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong =                0x00400000;
 pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong =                        0x00800000;
 #[cfg(not(libressl))]
 pub const SSL_OP_NO_SSLv3: c_ulong =                                0x02000000;
 pub const SSL_OP_NO_TLSv1: c_ulong =                                0x04000000;
 pub const SSL_OP_NO_TLSv1_2: c_ulong =                              0x08000000;
 pub const SSL_OP_NO_TLSv1_1: c_ulong =                              0x10000000;
-#[cfg(not(ossl101))]
+#[cfg(not(any(ossl101, libressl)))]
 pub const SSL_OP_NO_DTLSv1: c_ulong =                               0x04000000;
-#[cfg(not(ossl101))]
+#[cfg(not(any(ossl101, libressl)))]
 pub const SSL_OP_NO_DTLSv1_2: c_ulong =                             0x08000000;
-#[cfg(not(ossl101))]
+#[cfg(not(any(ossl101, libressl)))]
 pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
    SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
@ -1292,9 +1305,9 @@ extern {
    pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO;
    pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int;
    pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int;
-    #[cfg(ossl101)]
+    #[cfg(any(ossl101, libressl))]
    pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO;
    pub fn BIO_set_flags(b: *mut BIO, flags: c_int);
    pub fn BIO_clear_flags(b: *mut BIO, flags: c_int);
@ -1375,11 +1388,11 @@ extern {
    pub fn DH_new() -> *mut DH;
    pub fn DH_free(dh: *mut DH);
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn DH_get_1024_160() -> *mut DH;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn DH_get_2048_224() -> *mut DH;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn DH_get_2048_256() -> *mut DH;
    pub fn EC_KEY_new() -> *mut EC_KEY;
@ -1495,11 +1508,11 @@ extern {
                                type_: *const EVP_MD,
                                e: *mut ENGINE,
                                pkey: *mut EVP_PKEY) -> c_int;
-    #[cfg(ossl101)]
+    #[cfg(any(ossl101, libressl))]
    pub fn EVP_DigestVerifyFinal(ctx: *mut EVP_MD_CTX,
                                 sigret: *mut c_uchar,
                                 siglen: size_t) -> c_int;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn EVP_DigestVerifyFinal(ctx: *mut EVP_MD_CTX,
                                 sigret: *const c_uchar,
                                 siglen: size_t) -> c_int;
@ -1634,8 +1647,10 @@ extern {
    pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int;
    pub fn SSL_get_SSL_CTX(ssl: *const SSL) -> *mut SSL_CTX;
    pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX;
-    #[cfg(not(osslconf = "OPENSSL_NO_COMP"))]
+    #[cfg(not(any(osslconf = "OPENSSL_NO_COMP", libressl)))]
    pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD;
    #[cfg(libressl)]
    pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void;
    pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509;
    pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
    pub fn SSL_get_version(ssl: *const SSL) -> *const c_char;
@ -1648,14 +1663,14 @@ extern {
    pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void;
    pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char;
    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;
    pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long;
    pub fn SSL_shutdown(ssl: *mut SSL) -> c_int;
    pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
-    #[cfg(ossl101)]
+    #[cfg(any(ossl101, libressl))]
    pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY;
    pub fn SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME;
    pub fn SSL_set_tmp_dh_callback(ctx: *mut SSL,
@ -1664,8 +1679,10 @@ extern {
                                                        keylength: c_int)
                                                        -> *mut DH);
-    #[cfg(not(osslconf = "OPENSSL_NO_COMP"))]
+    #[cfg(not(any(osslconf = "OPENSSL_NO_COMP", libressl)))]
    pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
    #[cfg(libressl)]
    pub fn SSL_COMP_get_name(comp: *const libc::c_void) -> *const c_char;
    pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
    pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
@ -1701,9 +1718,9 @@ extern {
                                                            keylength: c_int)
                                                            -> *mut DH);
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY;
    pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int;
@ -1787,9 +1804,9 @@ extern {
    #[cfg(not(ossl101))]
    pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM);
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint);
-    #[cfg(not(ossl101))]
+    #[cfg(not(any(ossl101, libressl)))]
    pub fn X509_VERIFY_PARAM_set1_host(param: *mut X509_VERIFY_PARAM,
                                       name: *const c_char,
                                       namelen: size_t) -> c_int;
--- a/openssl-sys/src/libressl.rs
+++ b/openssl-sys/src/libressl.rs
@ -3,7 +3,6 @@ use std::sync::{Once, ONCE_INIT};
 use std::mem;
 use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong};
 #[cfg(not(ossl101))]
 use libc::time_t;
 #[repr(C)]
@ -88,7 +87,6 @@ pub struct RSA {
    pub _method_mod_p: *mut ::BN_MONT_CTX,
    pub _method_mod_q: *mut ::BN_MONT_CTX,
    pub bignum_data: *mut c_char,
    pub blinding: *mut ::BN_BLINDING,
    pub mt_blinding: *mut ::BN_BLINDING,
 }
@ -155,7 +153,6 @@ pub struct BIO {
 #[repr(C)]
 pub struct CRYPTO_EX_DATA {
    pub sk: *mut ::stack_st_void,
    pub dummy: c_int,
 }
 #[repr(C)]
@ -258,10 +255,6 @@ pub struct X509 {
    crldp: *mut c_void,
    altname: *mut c_void,
    nc: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))]
    rfc3779_addr: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))]
    rfc3779_asid: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_SHA"))]
    sha1_hash: [c_uchar; 20],
    aux: *mut c_void,
@ -346,99 +339,26 @@ pub struct SSL_CTX {
    #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))]
    client_cert_engine: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_servername_callback: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsect_servername_arg: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_tick_key_name: [c_uchar; 16],
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_tick_hmac_key: [c_uchar; 16],
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_tick_aes_key: [c_uchar; 16],
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_ticket_key_cb: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_status_cb: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_status_arg: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_opaque_prf_input_callback: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
    tlsext_opaque_prf_input_callback_arg: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
    psk_identity_hint: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
    psk_client_callback: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
    psk_server_callback: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))]
    freelist_max_len: c_uint,
    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))]
    wbuf_freelist: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))]
    rbuf_freelist: *mut c_void,
    #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
    srp_ctx: SRP_CTX,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
    next_protos_advertised_cb: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
    next_protos_advertised_cb_arg: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
    next_proto_select_cb: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))]
    next_proto_select_cb_arg: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))]
    srtp_profiles: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
    srtp_profiles: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
    alpn_select_cb: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
    alpn_select_cb_arg: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
    alpn_client_proto_list: *mut c_void,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))]
    alpn_client_proto_list_len: c_uint,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))]
    tlsext_ecpointformatlist_length: size_t,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))]
    tlsext_ecpointformatlist: *mut c_uchar,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))]
    tlsext_ellipticcurvelist_length: size_t,
    #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))]
    tlsext_ellipticcurvelist: *mut c_uchar,
 }
 #[repr(C)]
 pub struct SRP_CTX {
    SRP_cb_arg: *mut c_void,
    TLS_ext_srp_username_callback: *mut c_void,
    SRP_verify_param_callback: *mut c_void,
    SRP_give_srp_client_pwd_callback: *mut c_void,
    login: *mut c_void,
    N: *mut c_void,
    g: *mut c_void,
    s: *mut c_void,
    B: *mut c_void,
    A: *mut c_void,
    a: *mut c_void,
    b: *mut c_void,
    v: *mut c_void,
    info: *mut c_void,
    stringth: c_int,
    srp_Mask: c_ulong,
 }
 #[repr(C)]
 #[cfg(not(ossl101))]
 pub struct X509_VERIFY_PARAM {
    pub name: *mut c_char,
    pub check_time: time_t,
@ -448,27 +368,30 @@ pub struct X509_VERIFY_PARAM {
    pub trust: c_int,
    pub depth: c_int,
    pub policies: *mut stack_st_ASN1_OBJECT,
-    pub id: *mut X509_VERIFY_PARAM_ID,
+    //pub id: *mut X509_VERIFY_PARAM_ID,
 }
 #[cfg(not(ossl101))]
 pub enum X509_VERIFY_PARAM_ID {}
 pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 #[cfg(ossl102)]
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
-pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong =                   0x00000001;
+pub const SSL_OP_ALL: c_ulong =                                     0x80000014;
-pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong =                  0x00000002;
+pub const SSL_OP_CISCO_ANYCONNECT: c_ulong =                        0x0;
-pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong =        0x00000008;
+pub const SSL_OP_NO_COMPRESSION: c_ulong =                          0x0;
-pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong =              0x00000020;
+pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong =       0x0;
-pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong =                0x00000080;
+pub const SSL_OP_NO_SSLv3: c_ulong =                                0x0;
-pub const SSL_OP_TLS_D5_BUG: c_ulong =                              0x00000100;
+pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong =                   0x0;
-pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong =                   0x00000200;
+pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong =                  0x0;
 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong =        0x0;
 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong =              0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong =                0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong =                              0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong =                   0x0;
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong =                         0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong =                           0x00100000;
-pub const SSL_OP_NO_SSLv2: c_ulong =                                0x01000000;
+pub const SSL_OP_NO_SSLv2: c_ulong =                                0x0;
 pub const SSLEAY_VERSION : c_int = 0;
 pub const SSLEAY_CFLAGS : c_int = 2;
@ -534,12 +457,10 @@ fn set_id_callback() {}
 // macros
 #[cfg(ossl102)]
 pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
    ::SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff as c_long, ::std::ptr::null_mut()) as c_int
 }
 #[cfg(ossl102)]
 pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int {
    ::SSL_ctrl(ssl, SSL_CTRL_SET_ECDH_AUTO, onoff as c_long, ::std::ptr::null_mut()) as c_int
 }
@ -578,15 +499,11 @@ extern {
    pub fn OPENSSL_add_all_algorithms_noconf();
    pub fn HMAC_CTX_init(ctx: *mut ::HMAC_CTX);
    pub fn HMAC_CTX_cleanup(ctx: *mut ::HMAC_CTX);
    #[cfg(not(osslconf = "OPENSSL_NO_SSL3_METHOD"))]
    pub fn SSLv3_method() -> *const ::SSL_METHOD;
    pub fn TLSv1_method() -> *const ::SSL_METHOD;
    pub fn SSLv23_method() -> *const ::SSL_METHOD;
    pub fn TLSv1_1_method() -> *const ::SSL_METHOD;
    pub fn TLSv1_2_method() -> *const ::SSL_METHOD;
    pub fn DTLSv1_method() -> *const ::SSL_METHOD;
    #[cfg(ossl102)]
    pub fn DTLSv1_2_method() -> *const ::SSL_METHOD;
    pub fn SSL_get_ex_new_index(argl: c_long, argp: *mut c_void,
                                new_func: Option<::CRYPTO_EX_new>,
                                dup_func: Option<::CRYPTO_EX_dup>,
--- a/openssl/build.rs
+++ b/openssl/build.rs
@ -16,6 +16,10 @@ fn main() {
        _ => panic!("Unable to detect OpenSSL version"),
    }
    if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") {
        println!("cargo:rustc-cfg=libressl");
    }
    if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
        for var in vars.split(",") {
            println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -166,8 +166,11 @@ bitflags! {
        const SSL_MODE_AUTO_RETRY = ffi::SSL_MODE_AUTO_RETRY,
        const SSL_MODE_NO_AUTO_CHAIN = ffi::SSL_MODE_NO_AUTO_CHAIN,
        const SSL_MODE_RELEASE_BUFFERS = ffi::SSL_MODE_RELEASE_BUFFERS,
        #[cfg(not(libressl))]
        const SSL_MODE_SEND_CLIENTHELLO_TIME = ffi::SSL_MODE_SEND_CLIENTHELLO_TIME,
        #[cfg(not(libressl))]
        const SSL_MODE_SEND_SERVERHELLO_TIME = ffi::SSL_MODE_SEND_SERVERHELLO_TIME,
        #[cfg(not(libressl))]
        const SSL_MODE_SEND_FALLBACK_SCSV = ffi::SSL_MODE_SEND_FALLBACK_SCSV,
    }
 }
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@ -181,7 +181,7 @@ macro_rules! run_test(
            }
            #[test]
-            #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
+            #[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
            fn dtlsv1() {
                let (_s, stream) = Server::new_dtlsv1(Some("hello"));
                $blk(SslMethod::dtls(), stream);
@ -432,7 +432,7 @@ run_test!(get_peer_certificate, |method, stream| {
 });
 #[test]
-#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
+#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_write_dtlsv1() {
    let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n"));
    let ctx = SslContext::builder(SslMethod::dtls()).unwrap();
@ -771,7 +771,7 @@ fn test_alpn_server_select_none() {
 }
 #[test]
-#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
+#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_read_dtlsv1() {
    let (_s, stream) = Server::new_dtlsv1(Some("hello"));
@ -849,7 +849,7 @@ fn test_write_nonblocking() {
 }
 #[test]
-#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467)
+#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467)
 fn test_read_nonblocking() {
    let (_s, stream) = Server::new();
    stream.set_nonblocking(true).unwrap();
--- a/openssl/src/version.rs
+++ b/openssl/src/version.rs
@ -92,8 +92,13 @@ fn test_versions() {
    println!("Platform: '{}'", platform());
    println!("Dir: '{}'", dir());
    #[cfg(not(libressl))]
    fn expected_name() -> &'static str { "OpenSSL" }
    #[cfg(libressl)]
    fn expected_name() -> &'static str { "LibreSSL" }
    assert!(number() > 0);
-    assert!(version().starts_with("OpenSSL"));
+    assert!(version().starts_with(expected_name()));
    assert!(c_flags().starts_with("compiler:"));
    assert!(built_on().starts_with("built on:"));
    assert!(dir().starts_with("OPENSSLDIR:"));
--- a/systest/build.rs
+++ b/systest/build.rs
@ -22,7 +22,11 @@ fn main() {
        }
    }
-    cfg.cfg(&format!("ossl{}", env::var("DEP_OPENSSL_VERSION").unwrap()), None);
+    if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") {
        cfg.cfg("libressl", None);
    } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
        cfg.cfg(&format!("ossl{}", version), None);
    }
    if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
        for var in vars.split(",") {
            cfg.cfg("osslconf", Some(var));