Date: Wed, 11 Oct 2017 07:17:15 +0000 (UTC) From: Guido Falsi <madpilot@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r451734 - head/net/pjsip/files Message-ID: <201710110717.v9B7HFJd038194@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: madpilot Date: Wed Oct 11 07:17:14 2017 New Revision: 451734 URL: https://svnweb.freebsd.org/changeset/ports/451734 Log: Update pjsip patch to work with libressl after the latest update to 2.7, which broke it. PR: 216898 Submitted by: OlivierW <olivierw1+bugzilla-freebsd@hotmail.com> Modified: head/net/pjsip/files/patch-pjlib_src_pj_ssl__sock__ossl.c Modified: head/net/pjsip/files/patch-pjlib_src_pj_ssl__sock__ossl.c ============================================================================== --- head/net/pjsip/files/patch-pjlib_src_pj_ssl__sock__ossl.c Wed Oct 11 05:30:48 2017 (r451733) +++ head/net/pjsip/files/patch-pjlib_src_pj_ssl__sock__ossl.c Wed Oct 11 07:17:14 2017 (r451734) @@ -1,7 +1,7 @@ ---- pjlib/src/pj/ssl_sock_ossl.c.orig 2017-01-24 05:41:05 UTC +--- pjlib/src/pj/ssl_sock_ossl.c.orig 2017-09-14 05:03:45 UTC +++ pjlib/src/pj/ssl_sock_ossl.c -@@ -54,7 +54,7 @@ - #include <openssl/engine.h> +@@ -53,7 +53,7 @@ + #include <openssl/rand.h> #include <openssl/opensslconf.h> -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL @@ -9,7 +9,7 @@ # include <openssl/obj_mac.h> -@@ -112,7 +112,7 @@ static unsigned get_nid_from_cid(unsigned cid) +@@ -111,7 +111,7 @@ static unsigned get_nid_from_cid(unsigned cid) #endif @@ -18,8 +18,42 @@ # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */ # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x) # define M_ASN1_STRING_length(x) ASN1_STRING_length(x) -@@ -452,7 +452,7 @@ static pj_status_t init_openssl(void) +@@ -126,7 +126,7 @@ static unsigned get_nid_from_cid(unsigned cid) + + #ifdef _MSC_VER +-# if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + # pragma comment(lib, "libcrypto") + # pragma comment(lib, "libssl") + # pragma comment(lib, "crypt32") +@@ -535,13 +535,13 @@ static pj_status_t init_openssl(void) + pj_assert(status == PJ_SUCCESS); + + /* Init OpenSSL lib */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSL_library_init(); + SSL_load_error_strings(); + #else + OPENSSL_init_ssl(0, NULL); + #endif +-#if OPENSSL_VERSION_NUMBER < 0x009080ffL ++#if OPENSSL_VERSION_NUMBER < 0x009080ffL || defined(LIBRESSL_VERSION_NUMBER) + /* This is now synonym of SSL_library_init() */ + OpenSSL_add_all_algorithms(); + #endif +@@ -556,7 +556,7 @@ static pj_status_t init_openssl(void) + int nid; + const char *cname; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + meth = (SSL_METHOD*)SSLv23_server_method(); + if (!meth) + meth = (SSL_METHOD*)TLSv1_server_method(); +@@ -599,7 +599,7 @@ static pj_status_t init_openssl(void) + SSL_set_session(ssl, SSL_SESSION_new()); -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL @@ -27,8 +61,44 @@ openssl_curves_num = SSL_get_shared_curve(ssl,-1); if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves)) openssl_curves_num = PJ_ARRAY_SIZE(openssl_curves); -@@ -1069,7 +1069,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssoc +@@ -768,7 +768,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) + BIO *bio; + DH *dh; + long options; +-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) + EC_KEY *ecdh; + #endif + SSL_METHOD *ssl_method = NULL; +@@ -791,7 +791,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) + ssock->param.proto = PJ_SSL_SOCK_PROTO_SSL23; + /* Determine SSL method to use */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + switch (ssock->param.proto) { + case PJ_SSL_SOCK_PROTO_TLS1: + ssl_method = (SSL_METHOD*)TLSv1_method(); +@@ -927,7 +927,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) + if (dh != NULL) { + if (SSL_CTX_set_tmp_dh(ctx, dh)) { + options = SSL_OP_CIPHER_SERVER_PREFERENCE | +- #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L ++ #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_OP_SINGLE_ECDH_USE | + #endif + SSL_OP_SINGLE_DH_USE; +@@ -995,7 +995,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) + if (SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) { + PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized " + "(automatic), faster PFS ciphers enabled")); +- #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L ++ #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) + } else { + /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ + ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +@@ -1228,7 +1228,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssoc + static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) { -#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL @@ -36,7 +106,7 @@ int ret; int curves[PJ_SSL_SOCK_MAX_CURVES]; unsigned cnt; -@@ -1100,7 +1100,7 @@ static pj_status_t set_curves_list(pj_ssl_sock_t *ssoc +@@ -1259,7 +1259,7 @@ static pj_status_t set_curves_list(pj_ssl_sock_t *ssoc static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710110717.v9B7HFJd038194>