From dee566d98e85e00b917d3eff42cd7e969de089cc Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 14 Apr 2018 23:48:42 +0300
Subject: [PATCH] OpenSSL: Skip SSL_OP_NO_TLSv1_3 if not defined to fix
 LibreSSL build

LibreSSL v2.7 claims an OPENSSL_VERSION_NUMBER value that would indicate
that SSL_OP_NO_TLSv1_3 is available, but that does not seem to be the
case with LibreSSL. As such, skip this step based on whether
SSL_OP_NO_TLSv1_3 is defined to avoid build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/tls_openssl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index fa3094082..dd8022cdd 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4352,6 +4352,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 	}
 #endif
 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#ifdef SSL_OP_NO_TLSv1_3
 	if (params->flags & TLS_CONN_EAP_FAST) {
 		/* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
 		 * refuses to start the handshake with the modified ciphersuite
@@ -4359,6 +4360,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
 		SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
 	}
+#endif /* SSL_OP_NO_TLSv1_3 */
 #endif
 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */