OpaqueVal, OCSP, X509: drop outdated LibreSSL guards to fix OpenBSD

build Whatever is used with recent OpenSSL is also available with latest LibreSSL on OpenBSD 7.8-beta as of today. Some of these hunks have been in the net/bro port for years, others I recently added whilst gradually updating from 6.0.5 to 8.0.1.
2025-10-08 09:38:19 +00:00 · 2025-09-23 01:42:10 +03:00 · 2025-09-23 01:42:10 +03:00 · 54634ae241
commit 54634ae241
parent 416d997263
4 changed files with 16 additions and 16 deletions
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@ -65,7 +65,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
 	const ASN1_OCTET_STRING* key  = nullptr;
 	const X509_NAME*         name = nullptr;

-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
 	OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId;

 	if ( resp_id->type == V_OCSP_RESPID_NAME )
@ -359,7 +359,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c

 	// Because we actually want to be able to give nice error messages that show why we were
 	// not able to verify the OCSP response - do our own verification logic first.
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
 	signer = x509_get_ocsp_signer(basic->certs, basic);
 #else
 	signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic);
@ -730,7 +730,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 	uint32_t cert_length;
 	if ( precert )
 		{
-#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER)
+#if ( OPENSSL_VERSION_NUMBER < 0x10002000L )
 		x->cert_info->enc.modified = 1;
 		cert_length = i2d_X509_CINF(x->cert_info, &cert_out);
 #else