From owner-svn-ports-head@freebsd.org  Sun Sep 11 17:05:35 2016
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64A30BD6086;
 Sun, 11 Sep 2016 17:05:35 +0000 (UTC)
 (envelope-from marino@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 40101C88;
 Sun, 11 Sep 2016 17:05:35 +0000 (UTC)
 (envelope-from marino@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8BH5Y5c079372;
 Sun, 11 Sep 2016 17:05:34 GMT (envelope-from marino@FreeBSD.org)
Received: (from marino@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8BH5YxK079370;
 Sun, 11 Sep 2016 17:05:34 GMT (envelope-from marino@FreeBSD.org)
Message-Id: <201609111705.u8BH5YxK079370@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: marino set sender to
 marino@FreeBSD.org using -f
From: John Marino <marino@FreeBSD.org>
Date: Sun, 11 Sep 2016 17:05:34 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r421843 - in head/security/wpa_supplicant: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Sep 2016 17:05:35 -0000

Author: marino
Date: Sun Sep 11 17:05:34 2016
New Revision: 421843
URL: https://svnweb.freebsd.org/changeset/ports/421843

Log:
  security/wpa_supplicant: Add support for LibreSSL

Added:
  head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c   (contents, props changed)
Modified:
  head/security/wpa_supplicant/Makefile

Modified: head/security/wpa_supplicant/Makefile
==============================================================================
--- head/security/wpa_supplicant/Makefile	Sun Sep 11 16:55:08 2016	(r421842)
+++ head/security/wpa_supplicant/Makefile	Sun Sep 11 17:05:34 2016	(r421843)
@@ -9,12 +9,12 @@ MASTER_SITES=	http://w1.fi/releases/
 MAINTAINER=	marino@FreeBSD.org
 COMMENT=	Supplicant (client) for WPA/802.1x protocols
 
-USES=		cpe gmake readline
-USE_OPENSSL=	yes
+USES=		cpe gmake readline ssl
 BUILD_WRKSRC=	${WRKSRC}/wpa_supplicant
 INSTALL_WRKSRC=	${WRKSRC}/src
 CFLAGS+=	${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS
-LDFLAGS+=	-lutil
+CFLAGS+=	-I${OPENSSLINC}
+LDFLAGS+=	-L${OPENSSLLIB} -lutil
 
 SUB_FILES=	pkg-message
 PORTDOCS=	README ChangeLog

Added: head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c	Sun Sep 11 17:05:34 2016	(r421843)
@@ -0,0 +1,67 @@
+Compatibility fixes for LibreSSL
+
+--- src/crypto/tls_openssl.c.orig	2015-09-27 19:02:05 UTC
++++ src/crypto/tls_openssl.c
+@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_d
+ 	}
+ 
+ 	if (certs) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_clear_chain_certs(ssl);
+ 		while ((cert = sk_X509_pop(certs)) != NULL) {
+ 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
+@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_d
+ 			/* Try to continue anyway */
+ 		}
+ 		sk_X509_free(certs);
+-#ifndef OPENSSL_IS_BORINGSSL
++#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+ 		res = SSL_build_cert_chain(ssl,
+ 					   SSL_BUILD_CHAIN_FLAG_CHECK |
+ 					   SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_
+ 	if (conn == NULL || keys == NULL)
+ 		return -1;
+ 	ssl = conn->ssl;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
+ 		return -1;
+ 
+@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_
+ #ifndef CONFIG_FIPS
+ static int openssl_get_keyblock_size(SSL *ssl)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	const EVP_CIPHER *c;
+ 	const EVP_MD *h;
+ 	int md_size;
+@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_co
+ 		   "mode");
+ 	return -1;
+ #else /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL *ssl;
+ 	u8 *rnd;
+ 	int ret = -1;
+@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void
+ 
+ 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
+ 	if (os_strstr(buf, ":ADH-")) {
+ 		/*
+@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void
+ 	struct tls_connection *conn = arg;
+ 	int ret;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (conn == NULL || conn->session_ticket_cb == NULL)
+ 		return 0;
+