ext/openssl: SSL_SESSION is made opaque

2 files changed, 14 insertions, 4 deletions

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index e6673fbc0c..2dec2fb015 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -98,6 +98,7 @@ have_func("SSL_CTX_set_alpn_select_cb")
 have_func("SSL_get_server_tmp_key", ["openssl/ssl.h"])
 
 # added in 1.1.0
+have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
 have_func("BN_GENCB_new")
 have_func("BN_GENCB_free")
 have_func("BN_GENCB_get_arg")
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index e227e13c13..59087b4fad 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -76,13 +76,22 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
 /* SSL_SESSION_cmp() was removed without a replacement in 1.0.0 */
 static int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
 {
-    if (a->ssl_version != b->ssl_version ||
-	a->session_id_length != b->session_id_length)
+    unsigned int a_len;
+    const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
+    unsigned int b_len;
+    const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
+
+#if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */
+    if (a->ssl_version != b->ssl_version)
+	return 1;
+#endif
+    if (a_len != b_len)
 	return 1;
+
 #if defined(_WIN32)
-    return memcmp(a->session_id, b->session_id, a->session_id_length);
+    return memcmp(a_sid, b_sid, a_len);
 #else
-    return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length);
+    return CRYPTO_memcmp(a_sid, b_sid, a_len);
 #endif
 }