From c632f952ed6b10504e8e78b85a5210760c0a4011 Mon Sep 17 00:00:00 2001
From: Rodolphe Breard <rodolphe@what.tf>
Date: Fri, 26 Apr 2019 20:11:54 +0200
Subject: [PATCH] Support OpenSSL 1.0

AlpnError::ALERT_FATAL has been added in OpenSSL 1.1.0, hence build will
fail on any previous version. This commit allows older versions to fall
back to AlpnError::NOACK instead.
---
 tacd/src/server.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tacd/src/server.rs b/tacd/src/server.rs
index 86840da..8a9c7c5 100644
--- a/tacd/src/server.rs
+++ b/tacd/src/server.rs
@@ -1,12 +1,17 @@
 use acme_common::error::Error;
 use log::debug;
 use openssl::pkey::{PKey, Private};
-use openssl::ssl::{self, SslAcceptor, SslMethod};
+use openssl::ssl::{self, AlpnError, SslAcceptor, SslMethod};
 use openssl::x509::X509;
 use std::net::TcpListener;
 use std::sync::Arc;
 use std::thread;
 
+#[cfg(ossl110)]
+const ALPN_ERROR: AlpnError = AlpnError::ALERT_FATAL;
+#[cfg(not(ossl110))]
+const ALPN_ERROR: AlpnError = AlpnError::NOACK;
+
 pub fn start(
     listen_addr: &str,
     certificate: &X509,
@@ -16,7 +21,7 @@ pub fn start(
     acceptor.set_alpn_select_callback(|_, client| {
         debug!("ALPN negociation");
         ssl::select_next_proto(crate::ALPN_ACME_PROTO_NAME, client)
-            .ok_or(ssl::AlpnError::ALERT_FATAL)
+            .ok_or(ALPN_ERROR)
     });
     acceptor.set_private_key(private_key)?;
     acceptor.set_certificate(certificate)?;