Ensure wolfSSL uses old pre 1.1.0 OpenSSL path for getting ciphers

Normally when wolfSSL is compiled with --enable-openvpn it reports an
OpenSSL version before 1.1.0. When compiled normally it reports an
OpenSSL version higher than this.

So explicitly check for wolfSSL instead of relying on its OpenSSL version
trickery.

Change-Id: I47fc0dc93a7ed6b71feb611194cee02a81d91769
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1448
Message-Id: <20251217130743.28786-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35127.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 48bbdfce97dc4d45e347166bfefaff33c33bdc59..35b75eb815ae92a016d139a5b4dc6efaab276ef1 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2547,7 +2547,7 @@ show_available_tls_ciphers_list(const char *cipher_list, const char *tls_cert_pr
         crypto_msg(M_FATAL, "Cannot create SSL object");
     }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC) || defined(ENABLE_CRYPTO_WOLFSSL)
     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
 #else
     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);