From e3b5ec6e1726187e56612eaad7ff8d612163ab24 Mon Sep 17 00:00:00 2001
From: Thomas Braun <thomas.braun@byte-physics.de>
Date: Fri, 16 Feb 2024 11:36:49 -0800
Subject: [PATCH] ssl_transport_security.cc: Make it compile with libressl
 (#35615)

Compiling grpc latest master [1] on Windows 10 Pro using MSVC 2019 and using LibreSSL 3.8.2 as SSL provider (package) does currently not work, as the functions X509_STORE_set_get_crl/X509_STORE_set_check_crl and the define SSL_OP_NO_RENEGOTIATION are not present.

Employ a workaround seen in the surrounding code by making the code block only for openssl available.

[1]: 24f89637 ([Test] Removed obsolete node test from run_tests.py (#35525), 2024-01-19)

Closes #35615

COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35615 from t-b:fix-compiliation-libressl 858f430715fa54fc010b715ae917120e50983fe5
PiperOrigin-RevId: 607752281
---
 src/core/tsi/ssl_transport_security.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/core/tsi/ssl_transport_security.cc b/src/core/tsi/ssl_transport_security.cc
index ef79db1c0a2..4d8ac159d06 100644
--- a/src/core/tsi/ssl_transport_security.cc
+++ b/src/core/tsi/ssl_transport_security.cc
@@ -2081,7 +2081,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
 #else
   ssl_context = SSL_CTX_new(TLSv1_2_method());
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10101000
+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
   SSL_CTX_set_options(ssl_context, SSL_OP_NO_RENEGOTIATION);
 #endif
   if (ssl_context == nullptr) {
@@ -2184,7 +2184,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
                                      nullptr);
   }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
   if (options->crl_provider != nullptr) {
     SSL_CTX_set_ex_data(impl->ssl_context, g_ssl_ctx_ex_crl_provider_index,
                         options->crl_provider.get());
@@ -2301,7 +2301,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
 #else
       impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10101000
+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
       SSL_CTX_set_options(impl->ssl_contexts[i], SSL_OP_NO_RENEGOTIATION);
 #endif
       if (impl->ssl_contexts[i] == nullptr) {
@@ -2388,7 +2388,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
           break;
       }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
       if (options->crl_provider != nullptr) {
         SSL_CTX_set_ex_data(impl->ssl_contexts[i],
                             g_ssl_ctx_ex_crl_provider_index,