Require OpenSSL 1.1.1+ or LibreSSL 3+

spec/std/openssl/pkcs5_spec.cr

@@ -13,53 +13,51 @@ describe OpenSSL::PKCS5 do
     end
   end
 
-  {% if compare_versions(LibSSL::OPENSSL_VERSION, "1.0.0") >= 0 || LibSSL::LIBRESSL_VERSION != "0.0.0" %}
-    {% if compare_versions(LibSSL::OPENSSL_VERSION, "3.0.0") < 0 %}
-      [
-        {OpenSSL::Algorithm::MD4, 1, 16, "1857f69412150bca4542581d0f9e7fd1"},
-        {OpenSSL::Algorithm::MD4, 1, 32, "1857f69412150bca4542581d0f9e7fd19332ff5c0b820cb0172457a29c5519be"},
-        {OpenSSL::Algorithm::MD4, 2**16, 16, "3d87c982c8c4223f4af39406ac3882e6"},
-        {OpenSSL::Algorithm::MD4, 2**16, 32, "3d87c982c8c4223f4af39406ac3882e6e6b92685dcf89f74df8caf7500b41883"},
-        {OpenSSL::Algorithm::RIPEMD160, 1, 16, "b725258b125e0bacb0e2307e34feb16a"},
-        {OpenSSL::Algorithm::RIPEMD160, 1, 32, "b725258b125e0bacb0e2307e34feb16a4d0d6aed6cb4b0eee458fc1829020428"},
-        {OpenSSL::Algorithm::RIPEMD160, 2**16, 16, "93a8e007de2608e54911684cbebe2780"},
-        {OpenSSL::Algorithm::RIPEMD160, 2**16, 32, "93a8e007de2608e54911684cbebe27808cc39fa59de9acdf74492155b46c4d2d"},
-      ].each do |(algorithm, iterations, key_size, expected)|
-        it "computes pbkdf2_hmac #{algorithm}" do
-          OpenSSL::PKCS5.pbkdf2_hmac("password", "salt", iterations, algorithm, key_size).hexstring.should eq expected
-        end
-      end
-    {% end %}
-
+  {% if compare_versions(LibSSL::OPENSSL_VERSION, "3.0.0") < 0 %}
     [
-      {OpenSSL::Algorithm::MD5, 1, 16, "f31afb6d931392daa5e3130f47f9a9b6"},
-      {OpenSSL::Algorithm::MD5, 1, 32, "f31afb6d931392daa5e3130f47f9a9b6e8e72029d8350b9fb27a9e0e00b9d991"},
-      {OpenSSL::Algorithm::MD5, 2**16, 16, "8b4ffd76e400c3b74b3d0fbfd9232048"},
-      {OpenSSL::Algorithm::MD5, 2**16, 32, "8b4ffd76e400c3b74b3d0fbfd9232048762c86fe7684992c6f581f073f6625ee"},
-      {OpenSSL::Algorithm::SHA1, 1, 16, "0c60c80f961f0e71f3a9b524af601206"},
-      {OpenSSL::Algorithm::SHA1, 1, 32, "0c60c80f961f0e71f3a9b524af6012062fe037a6e0f0eb94fe8fc46bdc637164"},
-      {OpenSSL::Algorithm::SHA1, 2**16, 16, "1b345dd55f62a35aecdb9229bc7ae95b"},
-      {OpenSSL::Algorithm::SHA1, 2**16, 32, "1b345dd55f62a35aecdb9229bc7ae95b305a8d538940134627e46f82d3a41e5e"},
-      {OpenSSL::Algorithm::SHA224, 1, 16, "3c198cbdb9464b7857966bd05b7bc92b"},
-      {OpenSSL::Algorithm::SHA224, 1, 32, "3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e63155d4e490557fd85989497"},
-      {OpenSSL::Algorithm::SHA224, 2**16, 16, "53a7f042a8154092058cfe87e7fbf1c1"},
-      {OpenSSL::Algorithm::SHA224, 2**16, 32, "53a7f042a8154092058cfe87e7fbf1c1f96826a9a2ffd8bcfda50bb9f60786f0"},
-      {OpenSSL::Algorithm::SHA256, 1, 16, "120fb6cffcf8b32c43e7225256c4f837"},
-      {OpenSSL::Algorithm::SHA256, 1, 32, "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"},
-      {OpenSSL::Algorithm::SHA256, 2**16, 16, "4156f668bb31db3a17f4d1b91424ef0d"},
-      {OpenSSL::Algorithm::SHA256, 2**16, 32, "4156f668bb31db3a17f4d1b91424ef0d417ad1f35d055aceaebd8da0f6a44b7e"},
-      {OpenSSL::Algorithm::SHA384, 1, 16, "c0e14f06e49e32d73f9f52ddf1d0c5c7"},
-      {OpenSSL::Algorithm::SHA384, 1, 32, "c0e14f06e49e32d73f9f52ddf1d0c5c7191609233631dadd76a567db42b78676"},
-      {OpenSSL::Algorithm::SHA384, 2**16, 16, "c7b5b0b726f6556587cced08d184253b"},
-      {OpenSSL::Algorithm::SHA384, 2**16, 32, "c7b5b0b726f6556587cced08d184253bc9d2eb802db134fb9029b86ab25e7cd0"},
-      {OpenSSL::Algorithm::SHA512, 1, 16, "867f70cf1ade02cff3752599a3a53dc4"},
-      {OpenSSL::Algorithm::SHA512, 1, 32, "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252"},
-      {OpenSSL::Algorithm::SHA512, 2**16, 16, "6f64c3f8023813d8c2cab43cabfaa65e"},
-      {OpenSSL::Algorithm::SHA512, 2**16, 32, "6f64c3f8023813d8c2cab43cabfaa65ed061822afe974060d8079d122fb869f4"},
+      {OpenSSL::Algorithm::MD4, 1, 16, "1857f69412150bca4542581d0f9e7fd1"},
+      {OpenSSL::Algorithm::MD4, 1, 32, "1857f69412150bca4542581d0f9e7fd19332ff5c0b820cb0172457a29c5519be"},
+      {OpenSSL::Algorithm::MD4, 2**16, 16, "3d87c982c8c4223f4af39406ac3882e6"},
+      {OpenSSL::Algorithm::MD4, 2**16, 32, "3d87c982c8c4223f4af39406ac3882e6e6b92685dcf89f74df8caf7500b41883"},
+      {OpenSSL::Algorithm::RIPEMD160, 1, 16, "b725258b125e0bacb0e2307e34feb16a"},
+      {OpenSSL::Algorithm::RIPEMD160, 1, 32, "b725258b125e0bacb0e2307e34feb16a4d0d6aed6cb4b0eee458fc1829020428"},
+      {OpenSSL::Algorithm::RIPEMD160, 2**16, 16, "93a8e007de2608e54911684cbebe2780"},
+      {OpenSSL::Algorithm::RIPEMD160, 2**16, 32, "93a8e007de2608e54911684cbebe27808cc39fa59de9acdf74492155b46c4d2d"},
     ].each do |(algorithm, iterations, key_size, expected)|
       it "computes pbkdf2_hmac #{algorithm}" do
         OpenSSL::PKCS5.pbkdf2_hmac("password", "salt", iterations, algorithm, key_size).hexstring.should eq expected
       end
     end
   {% end %}
+
+  [
+    {OpenSSL::Algorithm::MD5, 1, 16, "f31afb6d931392daa5e3130f47f9a9b6"},
+    {OpenSSL::Algorithm::MD5, 1, 32, "f31afb6d931392daa5e3130f47f9a9b6e8e72029d8350b9fb27a9e0e00b9d991"},
+    {OpenSSL::Algorithm::MD5, 2**16, 16, "8b4ffd76e400c3b74b3d0fbfd9232048"},
+    {OpenSSL::Algorithm::MD5, 2**16, 32, "8b4ffd76e400c3b74b3d0fbfd9232048762c86fe7684992c6f581f073f6625ee"},
+    {OpenSSL::Algorithm::SHA1, 1, 16, "0c60c80f961f0e71f3a9b524af601206"},
+    {OpenSSL::Algorithm::SHA1, 1, 32, "0c60c80f961f0e71f3a9b524af6012062fe037a6e0f0eb94fe8fc46bdc637164"},
+    {OpenSSL::Algorithm::SHA1, 2**16, 16, "1b345dd55f62a35aecdb9229bc7ae95b"},
+    {OpenSSL::Algorithm::SHA1, 2**16, 32, "1b345dd55f62a35aecdb9229bc7ae95b305a8d538940134627e46f82d3a41e5e"},
+    {OpenSSL::Algorithm::SHA224, 1, 16, "3c198cbdb9464b7857966bd05b7bc92b"},
+    {OpenSSL::Algorithm::SHA224, 1, 32, "3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e63155d4e490557fd85989497"},
+    {OpenSSL::Algorithm::SHA224, 2**16, 16, "53a7f042a8154092058cfe87e7fbf1c1"},
+    {OpenSSL::Algorithm::SHA224, 2**16, 32, "53a7f042a8154092058cfe87e7fbf1c1f96826a9a2ffd8bcfda50bb9f60786f0"},
+    {OpenSSL::Algorithm::SHA256, 1, 16, "120fb6cffcf8b32c43e7225256c4f837"},
+    {OpenSSL::Algorithm::SHA256, 1, 32, "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"},
+    {OpenSSL::Algorithm::SHA256, 2**16, 16, "4156f668bb31db3a17f4d1b91424ef0d"},
+    {OpenSSL::Algorithm::SHA256, 2**16, 32, "4156f668bb31db3a17f4d1b91424ef0d417ad1f35d055aceaebd8da0f6a44b7e"},
+    {OpenSSL::Algorithm::SHA384, 1, 16, "c0e14f06e49e32d73f9f52ddf1d0c5c7"},
+    {OpenSSL::Algorithm::SHA384, 1, 32, "c0e14f06e49e32d73f9f52ddf1d0c5c7191609233631dadd76a567db42b78676"},
+    {OpenSSL::Algorithm::SHA384, 2**16, 16, "c7b5b0b726f6556587cced08d184253b"},
+    {OpenSSL::Algorithm::SHA384, 2**16, 32, "c7b5b0b726f6556587cced08d184253bc9d2eb802db134fb9029b86ab25e7cd0"},
+    {OpenSSL::Algorithm::SHA512, 1, 16, "867f70cf1ade02cff3752599a3a53dc4"},
+    {OpenSSL::Algorithm::SHA512, 1, 32, "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252"},
+    {OpenSSL::Algorithm::SHA512, 2**16, 16, "6f64c3f8023813d8c2cab43cabfaa65e"},
+    {OpenSSL::Algorithm::SHA512, 2**16, 32, "6f64c3f8023813d8c2cab43cabfaa65ed061822afe974060d8079d122fb869f4"},
+  ].each do |(algorithm, iterations, key_size, expected)|
+    it "computes pbkdf2_hmac #{algorithm}" do
+      OpenSSL::PKCS5.pbkdf2_hmac("password", "salt", iterations, algorithm, key_size).hexstring.should eq expected
+    end
+  end
 end

spec/std/openssl/ssl/context_spec.cr

@@ -11,11 +11,7 @@ describe OpenSSL::SSL::Context do
     context = OpenSSL::SSL::Context::Client.new
 
     (context.options & OpenSSL::SSL::Options::ALL).should eq(OpenSSL::SSL::Options::ALL)
-    (context.options & OpenSSL::SSL::Options::NO_SSL_V2).should eq(OpenSSL::SSL::Options::NO_SSL_V2)
-    (context.options & OpenSSL::SSL::Options::NO_SSL_V3).should eq(OpenSSL::SSL::Options::NO_SSL_V3)
     (context.options & OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
-    (context.options & OpenSSL::SSL::Options::SINGLE_ECDH_USE).should eq(OpenSSL::SSL::Options::SINGLE_ECDH_USE)
-    (context.options & OpenSSL::SSL::Options::SINGLE_DH_USE).should eq(OpenSSL::SSL::Options::SINGLE_DH_USE)
 
     context.modes.should eq(OpenSSL::SSL::Modes.flags(AUTO_RETRY, RELEASE_BUFFERS))
     context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::PEER)
@@ -27,14 +23,8 @@ describe OpenSSL::SSL::Context do
     context = OpenSSL::SSL::Context::Server.new
 
     (context.options & OpenSSL::SSL::Options::ALL).should eq(OpenSSL::SSL::Options::ALL)
-    (context.options & OpenSSL::SSL::Options::NO_SSL_V2).should eq(OpenSSL::SSL::Options::NO_SSL_V2)
-    (context.options & OpenSSL::SSL::Options::NO_SSL_V3).should eq(OpenSSL::SSL::Options::NO_SSL_V3)
     (context.options & OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
-    (context.options & OpenSSL::SSL::Options::SINGLE_ECDH_USE).should eq(OpenSSL::SSL::Options::SINGLE_ECDH_USE)
-    (context.options & OpenSSL::SSL::Options::SINGLE_DH_USE).should eq(OpenSSL::SSL::Options::SINGLE_DH_USE)
-    {% if LibSSL::Options.has_constant?(:NO_RENEGOTIATION) %}
-      (context.options & OpenSSL::SSL::Options::NO_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_RENEGOTIATION)
-    {% end %}
+    (context.options & OpenSSL::SSL::Options::NO_RENEGOTIATION).should eq(OpenSSL::SSL::Options::NO_RENEGOTIATION)
 
     context.modes.should eq(OpenSSL::SSL::Modes.flags(AUTO_RETRY, RELEASE_BUFFERS))
     context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::NONE)
@@ -47,11 +37,7 @@ describe OpenSSL::SSL::Context do
     context.should be_a(OpenSSL::SSL::Context::Client)
     context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::NONE)
     context.options.no_ssl_v3?.should_not be_true
-    {% if compare_versions(LibSSL::OPENSSL_VERSION, "1.1.1") >= 0 || compare_versions(LibSSL::LIBRESSL_VERSION, "3.2.0") >= 0 %}
-      context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
-    {% else %}
-      context.modes.should eq(OpenSSL::SSL::Modes::None)
-    {% end %}
+    context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
 
     OpenSSL::SSL::Context::Client.insecure(LibSSL.tlsv1_method)
   end
@@ -61,11 +47,7 @@ describe OpenSSL::SSL::Context do
     context.should be_a(OpenSSL::SSL::Context::Server)
     context.verify_mode.should eq(OpenSSL::SSL::VerifyMode::NONE)
     context.options.no_ssl_v3?.should_not be_true
-    {% if compare_versions(LibSSL::OPENSSL_VERSION, "1.1.1") >= 0 || compare_versions(LibSSL::LIBRESSL_VERSION, "3.2.0") >= 0 %}
-      context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
-    {% else %}
-      context.modes.should eq(OpenSSL::SSL::Modes::None)
-    {% end %}
+    context.modes.should eq(OpenSSL::SSL::Modes::AUTO_RETRY)
 
     OpenSSL::SSL::Context::Server.insecure(LibSSL.tlsv1_method)
   end

src/openssl/lib_crypto.cr

@@ -109,47 +109,25 @@ lib LibCrypto
   alias BioMethodDestroy = Bio* -> Int
   alias BioMethodCallbackCtrl = (Bio*, Int, Void*) -> Long
 
-  {% if compare_versions(LibCrypto::OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "2.7.0") >= 0 %}
-    type BioMethod = Void
-  {% else %}
-    struct BioMethod
-      type_id : Int
-      name : Char*
-      bwrite : BioMethodWriteOld
-      bread : BioMethodReadOld
-      bputs : BioMethodPuts
-      bgets : BioMethodGets
-      ctrl : BioMethodCtrl
-      create : BioMethodCreate
-      destroy : BioMethodDestroy
-      callback_ctrl : BioMethodCallbackCtrl
-    end
-  {% end %}
+  type BioMethod = Void
 
   fun BIO_new(BioMethod*) : Bio*
   fun BIO_free(Bio*) : Int
 
-  {% if compare_versions(LibCrypto::OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "2.7.0") >= 0 %}
-    fun BIO_set_data(Bio*, Void*)
-    fun BIO_get_data(Bio*) : Void*
-    fun BIO_set_init(Bio*, Int)
-    fun BIO_set_shutdown(Bio*, Int)
-
-    fun BIO_meth_new(Int, Char*) : BioMethod*
-    fun BIO_meth_set_read(BioMethod*, BioMethodReadOld)
-    fun BIO_meth_set_write(BioMethod*, BioMethodWriteOld)
-    fun BIO_meth_set_puts(BioMethod*, BioMethodPuts)
-    fun BIO_meth_set_gets(BioMethod*, BioMethodGets)
-    fun BIO_meth_set_ctrl(BioMethod*, BioMethodCtrl)
-    fun BIO_meth_set_create(BioMethod*, BioMethodCreate)
-    fun BIO_meth_set_destroy(BioMethod*, BioMethodDestroy)
-    fun BIO_meth_set_callback_ctrl(BioMethod*, BioMethodCallbackCtrl)
-  {% end %}
-  # LibreSSL does not define these symbols
-  {% if compare_versions(LibCrypto::OPENSSL_VERSION, "1.1.1") >= 0 %}
-    fun BIO_meth_set_read_ex(BioMethod*, BioMethodRead)
-    fun BIO_meth_set_write_ex(BioMethod*, BioMethodWrite)
-  {% end %}
+  fun BIO_set_data(Bio*, Void*)
+  fun BIO_get_data(Bio*) : Void*
+  fun BIO_set_init(Bio*, Int)
+  fun BIO_set_shutdown(Bio*, Int)
+
+  fun BIO_meth_new(Int, Char*) : BioMethod*
+  fun BIO_meth_set_read(BioMethod*, BioMethodReadOld)
+  fun BIO_meth_set_write(BioMethod*, BioMethodWriteOld)
+  fun BIO_meth_set_puts(BioMethod*, BioMethodPuts)
+  fun BIO_meth_set_gets(BioMethod*, BioMethodGets)
+  fun BIO_meth_set_ctrl(BioMethod*, BioMethodCtrl)
+  fun BIO_meth_set_create(BioMethod*, BioMethodCreate)
+  fun BIO_meth_set_destroy(BioMethod*, BioMethodDestroy)
+  fun BIO_meth_set_callback_ctrl(BioMethod*, BioMethodCallbackCtrl)
 
   fun sha1 = SHA1(data : Char*, length : SizeT, md : Char*) : Char*
 
@@ -175,9 +153,7 @@ lib LibCrypto
   fun obj_obj2nid = OBJ_obj2nid(obj : ASN1_OBJECT) : Int
   fun obj_ln2nid = OBJ_ln2nid(ln : Char*) : Int
   fun obj_sn2nid = OBJ_sn2nid(sn : Char*) : Int
-  {% if compare_versions(OPENSSL_VERSION, "1.0.2") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
-    fun obj_find_sigid_algs = OBJ_find_sigid_algs(sigid : Int32, pdig_nid : Int32*, ppkey_nid : Int32*) : Int32
-  {% end %}
+  fun obj_find_sigid_algs = OBJ_find_sigid_algs(sigid : Int32, pdig_nid : Int32*, ppkey_nid : Int32*) : Int32
 
   fun asn1_object_free = ASN1_OBJECT_free(obj : ASN1_OBJECT)
   fun asn1_string_data = ASN1_STRING_data(x : ASN1_STRING) : Char*
@@ -230,13 +206,8 @@ lib LibCrypto
 
   fun evp_digestfinal_ex = EVP_DigestFinal_ex(ctx : EVP_MD_CTX, md : UInt8*, size : UInt32*) : Int32
 
-  {% if compare_versions(OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "2.7.0") >= 0 %}
-    fun evp_md_ctx_new = EVP_MD_CTX_new : EVP_MD_CTX
-    fun evp_md_ctx_free = EVP_MD_CTX_free(ctx : EVP_MD_CTX)
-  {% else %}
-    fun evp_md_ctx_new = EVP_MD_CTX_create : EVP_MD_CTX
-    fun evp_md_ctx_free = EVP_MD_CTX_destroy(ctx : EVP_MD_CTX)
-  {% end %}
+  fun evp_md_ctx_new = EVP_MD_CTX_new : EVP_MD_CTX
+  fun evp_md_ctx_free = EVP_MD_CTX_free(ctx : EVP_MD_CTX)
 
   fun evp_get_cipherbyname = EVP_get_cipherbyname(name : UInt8*) : EVP_CIPHER
 
@@ -307,9 +278,7 @@ lib LibCrypto
   fun md5 = MD5(data : UInt8*, length : LibC::SizeT, md : UInt8*) : UInt8*
 
   fun pkcs5_pbkdf2_hmac_sha1 = PKCS5_PBKDF2_HMAC_SHA1(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, keylen : LibC::Int, out : UInt8*) : LibC::Int
-  {% if compare_versions(OPENSSL_VERSION, "1.0.0") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
-    fun pkcs5_pbkdf2_hmac = PKCS5_PBKDF2_HMAC(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, digest : EVP_MD, keylen : LibC::Int, out : UInt8*) : LibC::Int
-  {% end %}
+  fun pkcs5_pbkdf2_hmac = PKCS5_PBKDF2_HMAC(pass : LibC::Char*, passlen : LibC::Int, salt : UInt8*, saltlen : LibC::Int, iter : LibC::Int, digest : EVP_MD, keylen : LibC::Int, out : UInt8*) : LibC::Int
 
   NID_X9_62_prime256v1 = 415
 
@@ -330,7 +299,7 @@ lib LibCrypto
   NID_commonName       = 13
   NID_subject_alt_name = 85
 
-  {% if compare_versions(OPENSSL_VERSION, "1.1.0") >= 0 %}
+  {% if OPENSSL_VERSION != "0.0.0" %}
     fun sk_free = OPENSSL_sk_free(st : Void*)
     fun sk_num = OPENSSL_sk_num(x0 : Void*) : Int
     fun sk_pop_free = OPENSSL_sk_pop_free(st : Void*, callback : (Void*) ->)
@@ -354,9 +323,7 @@ lib LibCrypto
   fun x509_get_ext = X509_get_ext(x : X509, idx : Int) : X509_EXTENSION
   fun x509_get_ext_count = X509_get_ext_count(x : X509) : Int
   fun x509_get_ext_d2i = X509_get_ext_d2i(x : X509, nid : Int, crit : Int*, idx : Int*) : Void*
-  {% if compare_versions(OPENSSL_VERSION, "1.0.2") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
-    fun x509_get_signature_nid = X509_get_signature_nid(x509 : X509) : Int32
-  {% end %}
+  fun x509_get_signature_nid = X509_get_signature_nid(x509 : X509) : Int32
 
   MBSTRING_UTF8 = 0x1000
 
@@ -381,42 +348,35 @@ lib LibCrypto
 
   fun x509_store_add_cert = X509_STORE_add_cert(ctx : X509_STORE, x : X509) : Int
 
-  {% unless compare_versions(OPENSSL_VERSION, "1.1.0") >= 0 || compare_versions(LibCrypto::LIBRESSL_VERSION, "3.0.0") >= 0 %}
-    fun err_load_crypto_strings = ERR_load_crypto_strings
-    fun openssl_add_all_algorithms = OPENSSL_add_all_algorithms_noconf
-  {% end %}
+  type X509VerifyParam = Void*
 
-  {% if compare_versions(OPENSSL_VERSION, "1.0.2") >= 0 || LIBRESSL_VERSION != "0.0.0" %}
-    type X509VerifyParam = Void*
-
-    @[Flags]
-    enum X509VerifyFlags : ULong
-      CB_ISSUER_CHECK      =      0x1
-      USE_CHECK_TIME       =      0x2
-      CRL_CHECK            =      0x4
-      CRL_CHECK_ALL        =      0x8
-      IGNORE_CRITICAL      =     0x10
-      X509_STRICT          =     0x20
-      ALLOW_PROXY_CERTS    =     0x40
-      POLICY_CHECK         =     0x80
-      EXPLICIT_POLICY      =    0x100
-      INHIBIT_ANY          =    0x200
-      INHIBIT_MAP          =    0x400
-      NOTIFY_POLICY        =    0x800
-      EXTENDED_CRL_SUPPORT =   0x1000
-      USE_DELTAS           =   0x2000
-      CHECK_SS_SIGNATURE   =   0x4000
-      TRUSTED_FIRST        =   0x8000
-      SUITEB_128_LOS_ONLY  =  0x10000
-      SUITEB_192_LOS       =  0x20000
-      SUITEB_128_LOS       =  0x30000
-      PARTIAL_CHAIN        =  0x80000
-      NO_ALT_CHAINS        = 0x100000
-    end
-
-    fun x509_verify_param_lookup = X509_VERIFY_PARAM_lookup(name : UInt8*) : X509VerifyParam
-    fun x509_verify_param_set1_host = X509_VERIFY_PARAM_set1_host(param : X509VerifyParam, name : UInt8*, len : SizeT) : Int
-    fun x509_verify_param_set1_ip_asc = X509_VERIFY_PARAM_set1_ip_asc(param : X509VerifyParam, ip : UInt8*) : Int
-    fun x509_verify_param_set_flags = X509_VERIFY_PARAM_set_flags(param : X509VerifyParam, flags : X509VerifyFlags) : Int
-  {% end %}
+  @[Flags]
+  enum X509VerifyFlags : ULong
+    CB_ISSUER_CHECK      =      0x1
+    USE_CHECK_TIME       =      0x2
+    CRL_CHECK            =      0x4
+    CRL_CHECK_ALL        =      0x8
+    IGNORE_CRITICAL      =     0x10
+    X509_STRICT          =     0x20
+    ALLOW_PROXY_CERTS    =     0x40
+    POLICY_CHECK         =     0x80
+    EXPLICIT_POLICY      =    0x100
+    INHIBIT_ANY          =    0x200
+    INHIBIT_MAP          =    0x400
+    NOTIFY_POLICY        =    0x800
+    EXTENDED_CRL_SUPPORT =   0x1000
+    USE_DELTAS           =   0x2000
+    CHECK_SS_SIGNATURE   =   0x4000
+    TRUSTED_FIRST        =   0x8000
+    SUITEB_128_LOS_ONLY  =  0x10000
+    SUITEB_192_LOS       =  0x20000
+    SUITEB_128_LOS       =  0x30000
+    PARTIAL_CHAIN        =  0x80000
+    NO_ALT_CHAINS        = 0x100000
+  end
+
+  fun x509_verify_param_lookup = X509_VERIFY_PARAM_lookup(name : UInt8*) : X509VerifyParam
+  fun x509_verify_param_set1_host = X509_VERIFY_PARAM_set1_host(param : X509VerifyParam, name : UInt8*, len : SizeT) : Int
+  fun x509_verify_param_set1_ip_asc = X509_VERIFY_PARAM_set1_ip_asc(param : X509VerifyParam, ip : UInt8*) : Int
+  fun x509_verify_param_set_flags = X509_VERIFY_PARAM_set_flags(param : X509VerifyParam, flags : X509VerifyFlags) : Int
 end