Fix compilation without OPENSSL_API_COMPAT

Use the following for openssl 1.1+:
- X509_getm_notBefore over X509_get_notBefore
- X509_getm_notAfter  over X509_get_notAfter
- use OPENSSL_VERSION_NUMBER over SSLeay()
- add missing headers

Refs: openssl/openssl@0b7347effe
(cherry picked from commit 08981f8d752ad23e21887b42944783e843b2e281)

openssl-compat.h

@@ -34,6 +34,9 @@ static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
 
 #define TLS_method SSLv23_method
 
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_getm_notAfter X509_get_notAfter
+
 #endif /* (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
 	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) */
 

test/regress_ssl.c

@@ -148,9 +148,9 @@ ssl_getcert(EVP_PKEY *key)
 	X509_set_issuer_name(x509, name);
 	X509_NAME_free(name);
 
-	X509_time_adj(X509_get_notBefore(x509), 0, &now);
+	X509_time_adj(X509_getm_notBefore(x509), 0, &now);
 	now += 3600;
-	X509_time_adj(X509_get_notAfter(x509), 0, &now);
+	X509_time_adj(X509_getm_notAfter(x509), 0, &now);
 	X509_set_pubkey(x509, key);
 	tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
 
@@ -469,8 +469,8 @@ regress_bufferevent_openssl(void *arg)
 	type = (enum regress_openssl_type)data->setup_data;
 
 	if (type & REGRESS_OPENSSL_RENEGOTIATE) {
-		if (SSLeay() >= 0x10001000 &&
-		    SSLeay() <  0x1000104f) {
+		if (OPENSSL_VERSION_NUMBER >= 0x10001000 &&
+		    OPENSSL_VERSION_NUMBER <  0x1000104f) {
 			/* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
 			 * can't renegotiate with themselves. Disable. */
 			disable_tls_11_and_12 = 1;