Use OPENSSL_VERSION_NUMBER to compile code matching the applied libssl version.

This renders Makefile.ssl11 redundant.

Makefile.ssl11

@@ -1,106 +0,0 @@
-# Makefile for proxytunnel
-#
-# Please uncomment the appropriate settings
-
-name = proxytunnel
-version = $(shell awk 'BEGIN { FS="\"" } /^\#define VERSION / { print $$2 }' config.h)
-
-CC ?= cc
-CFLAGS ?= -Wall -O2 -ggdb -DOPENSSL11
-
-# Comment on non-gnu systems
-OPTFLAGS += -DHAVE_GETOPT_LONG
-
-# Comment if you don't have/want ssl
-OPTFLAGS += -DUSE_SSL
-
-# Most systems
-OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2
-
-# Comment if you don't have this flag
-OPTFLAGS += -DSO_REUSEPORT
-
-# System dependant blocks... if your system is listed below, uncomment
-# the relevant lines
-
-# OpenBSD
-#OPTFLAGS += -DHAVE_SYS_PSTAT_H
-
-# DARWIN
-#OPTFLAGS += -DDARWIN
-
-# CYGWIN
-#OPTFLAGS += -DCYGWIN
-
-# SOLARIS
-#LDFLAGS += -lsocket -lnsl
-#LDFLAGS += -L/usr/local/ssl/lib	# Path to your SSL lib dir
-
-# END system dependant block
-
-SSL_LIBS := $(shell pkg-config --libs openssl 2>/dev/null)
-ifeq ($(SSL_LIBS),)
-SSL_LIBS := $(shell pkg-config --libs libssl 2>/dev/null)
-endif
-ifeq ($(SSL_LIBS),)
-SSL_LIBS := -lssl -lcrypto
-endif
-LDFLAGS += $(SSL_LIBS)
-
-prefix = /usr/local
-bindir = $(prefix)/bin
-datadir = $(prefix)/share
-mandir = $(datadir)/man
-
-# Remove strlcpy/strlcat on (open)bsd/darwin systems
-OBJ = proxytunnel.o	\
-	base64.o	\
-	strzcat.o	\
-	setproctitle.o	\
-	io.o		\
-	http.o		\
-	basicauth.o	\
-	globals.o	\
-	readpassphrase.o	\
-	messages.o	\
-	cmdline.o	\
-	ntlm.o		\
-	ptstream.o
-
-UNAME = $(shell uname)
-ifneq ($(UNAME),Darwin)
-OBJ += strlcpy.o	\
-	strlcat.o
-endif
-
-.PHONY: all clean docs install
-
-all: proxytunnel
-
-docs:
-	$(MAKE) -C docs
-
-proxytunnel: $(OBJ)
-	$(CC) -o $(name) $(CFLAGS) $(OPTFLAGS) $(OBJ) $(LDFLAGS)
-
-clean:
-	@rm -f $(name) $(OBJ)
-	$(MAKE) -C docs clean
-
-install:
-	install -d $(DESTDIR)$(bindir)
-	install -p -m555 $(name) $(DESTDIR)$(bindir)
-	$(MAKE) -C docs install
-
-.c.o:
-	$(CC) $(CFLAGS) $(OPTFLAGS) -c -o $@ $<
-
-dist: clean docs
-	sed -i -e 's/^Version:.*$$/Version: $(version)/' contrib/proxytunnel.spec
-	find . ! -wholename '*/.svn*' | pax -d -w -x ustar -s ,^./,$(name)-$(version)/, | bzip2 >../$(name)-$(version).tar.bz2
-
-rpm: dist
-	rpmbuild -tb --clean --rmsource --rmspec --define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" --define "_rpmdir ../" ../$(name)-$(version).tar.bz2
-
-srpm: dist
-	rpmbuild -ts --clean --rmsource --rmspec --define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" --define "_srcrpmdir ../" ../$(name)-$(version).tar.bz2

ptstream.c

@@ -222,7 +222,7 @@ int check_cert_names(X509 *cert, char *peer_host) {
 		for (i = 0; i < san_count; i++) {
 			gn = sk_GENERAL_NAME_value(gen_names, i);
 			if (gn->type == GEN_DNS && !(peer_host_is_ipv4 || peer_host_is_ipv6)) {
-#ifdef OPENSSL11
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 				if (check_cert_valid_host((char*)ASN1_STRING_get0_data(gn->d.ia5), peer_host)) {
 #else
 				if (check_cert_valid_host((char*)ASN1_STRING_data(gn->d.ia5), peer_host)) {
@@ -280,7 +280,7 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
 
 	/* Initialise the connection */
 	SSLeay_add_ssl_algorithms();
-#ifdef OPENSSL11
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	meth = TLS_client_method();
 #else
 	meth = SSLv23_client_method();

ptstream.h

@@ -21,6 +21,7 @@
 
 #include <stddef.h>
 #ifdef USE_SSL
+#include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>