Fixed #5050 -- dropped support for an old LibresSSL release (#5056)

* Fixed #5050 -- dropped support for an old LibresSSL release

* Changelog

10 files changed, 12 insertions, 16 deletions

diff --git a/.travis.yml b/.travis.yml
index 82d533ed..eac49d98 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -60,8 +60,6 @@ matrix:
         - python: 3.8
           env: TOXENV=py38 OPENSSL=1.1.1d OPENSSL_CONFIG_FLAGS=no-engine
         - python: 3.8
-          env: TOXENV=py38 LIBRESSL=2.6.5
-        - python: 3.8
           env: TOXENV=py38 LIBRESSL=2.7.5
         - python: 3.8
           env: TOXENV=py38 LIBRESSL=2.8.3
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index b727c8aa..964f43da 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -10,6 +10,7 @@ Changelog
 
 * Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL
   will need to upgrade.
+* Support for LibreSSL 2.6.x has been removed.
 * Removed support for calling
   :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes`
   with no arguments, as per our deprecation policy. You must now pass
diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py
index 0e6cb38c..8f5a3e6a 100644
--- a/src/_cffi_src/openssl/bio.py
+++ b/src/_cffi_src/openssl/bio.py
@@ -41,7 +41,7 @@ void BIO_clear_retry_flags(BIO *);
 """
 
 CUSTOMIZATIONS = """
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 int BIO_up_ref(BIO *b) {
     CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
     return 1;
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index ac32fdff..ddcbf2bd 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -34,14 +34,11 @@ INCLUDES = """
 #endif
 
 #if CRYPTOGRAPHY_IS_LIBRESSL
-#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \
-    (LIBRESSL_VERSION_NUMBER >= 0x2070000f)
 #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \
     (LIBRESSL_VERSION_NUMBER >= 0x2080000f)
 #define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER \
     (LIBRESSL_VERSION_NUMBER >= 0x2090100f)
 #else
-#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0)
 #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0)
 #define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER (0)
 #endif
diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py
index 6fdc7dd6..0e1df23a 100644
--- a/src/_cffi_src/openssl/dh.py
+++ b/src/_cffi_src/openssl/dh.py
@@ -39,7 +39,7 @@ int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x);
 
 CUSTOMIZATIONS = """
 /* These functions were added in OpenSSL 1.1.0 */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 void DH_get0_pqg(const DH *dh,
                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 {
diff --git a/src/_cffi_src/openssl/dsa.py b/src/_cffi_src/openssl/dsa.py
index a4a87c36..938c18fc 100644
--- a/src/_cffi_src/openssl/dsa.py
+++ b/src/_cffi_src/openssl/dsa.py
@@ -35,7 +35,7 @@ int DSA_generate_parameters_ex(DSA *, int, unsigned char *, int,
 
 CUSTOMIZATIONS = """
 /* These functions were added in OpenSSL 1.1.0 */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 void DSA_get0_pqg(const DSA *d,
                   const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 {
diff --git a/src/_cffi_src/openssl/rsa.py b/src/_cffi_src/openssl/rsa.py
index 216e633a..4b915463 100644
--- a/src/_cffi_src/openssl/rsa.py
+++ b/src/_cffi_src/openssl/rsa.py
@@ -76,7 +76,7 @@ int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *,
 #endif
 
 /* These functions were added in OpenSSL 1.1.0 */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 {
     /* If the fields n and e in r are NULL, the corresponding input
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 071ac76a..307cce46 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -570,7 +570,7 @@ static const long Cryptography_HAS_VERIFIED_CHAIN = 1;
 
 /* Added in 1.1.0 in the great opaquing, but we need to define it for older
    OpenSSLs. Such is our burden. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 /* from ssl/ssl_lib.c */
 size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
 {
@@ -651,7 +651,7 @@ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
 static const long Cryptography_HAS_NEXTPROTONEG = 1;
 
 /* SSL_get0_param was added in OpenSSL 1.0.2. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL
 X509_VERIFY_PARAM *(*SSL_get0_param)(SSL *) = NULL;
 #else
 #endif
@@ -834,7 +834,7 @@ int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int,
 int (*SSL_extension_supported)(unsigned int) = NULL;
 #endif
 
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 int (*SSL_CIPHER_is_aead)(const SSL_CIPHER *) = NULL;
 int (*SSL_CIPHER_get_cipher_nid)(const SSL_CIPHER *) = NULL;
 int (*SSL_CIPHER_get_digest_nid)(const SSL_CIPHER *) = NULL;
diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index b48f3179..991e1f09 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -270,7 +270,7 @@ void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **,
 CUSTOMIZATIONS = """
 /* Added in 1.0.2 beta but we need it in all versions now due to the great
    opaquing. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL
 /* from x509/x_x509.c version 1.0.2 */
 void X509_get0_signature(const ASN1_BIT_STRING **psig,
                          const X509_ALGOR **palg, const X509 *x)
@@ -327,7 +327,7 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
     return i2d_X509_CRL_INFO(crl->crl, pp);
 }
 
-#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if !CRYPTOGRAPHY_IS_LIBRESSL
 int X509_up_ref(X509 *x) {
    return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
 }
diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py
index 42da3b1e..675ce823 100644
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -269,7 +269,7 @@ static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
 static const long X509_V_FLAG_SUITEB_192_LOS = 0;
 static const long X509_V_FLAG_SUITEB_128_LOS = 0;
 
-#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if !CRYPTOGRAPHY_IS_LIBRESSL
 int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
                                    size_t) = NULL;
 int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
@@ -307,7 +307,7 @@ static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0;
 static const long X509_V_FLAG_TRUSTED_FIRST = 0;
 #endif
 
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
 Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) {
     return ctx->objs;
 }