Date: Sun, 26 Mar 2017 18:57:11 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436979 - in head/www/tomcat-native: . files Message-ID: <201703261857.v2QIvBot026643@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sun Mar 26 18:57:11 2017 New Revision: 436979 URL: https://svnweb.freebsd.org/changeset/ports/436979 Log: www/tomcat-native: Fix build with LibreSSL - Remove IGNORE for LibreSSL - Add patches for OPENSSL_VERSION_NUMBER checks - Disable engine support for LibreSSL - Add compat macro and function PR: 215196 Added: head/www/tomcat-native/files/patch-include_ssl__private.h (contents, props changed) head/www/tomcat-native/files/patch-src_sslcontext.c (contents, props changed) head/www/tomcat-native/files/patch-src_sslinfo.c (contents, props changed) head/www/tomcat-native/files/patch-src_sslutils.c (contents, props changed) Modified: head/www/tomcat-native/Makefile Modified: head/www/tomcat-native/Makefile ============================================================================== --- head/www/tomcat-native/Makefile Sun Mar 26 18:55:21 2017 (r436978) +++ head/www/tomcat-native/Makefile Sun Mar 26 18:57:11 2017 (r436979) @@ -40,8 +40,4 @@ post-install: IGNORE_FreeBSD_10= Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl) .endif -.if ${SSL_DEFAULT:Mlibressl*} -IGNORE= Detected LibreSSL (missing numerous symbols during linking) -.endif - .include <bsd.port.post.mk> Added: head/www/tomcat-native/files/patch-include_ssl__private.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/tomcat-native/files/patch-include_ssl__private.h Sun Mar 26 18:57:11 2017 (r436979) @@ -0,0 +1,32 @@ +--- include/ssl_private.h.orig 2016-04-19 10:08:10 UTC ++++ include/ssl_private.h +@@ -49,6 +49,9 @@ + /* Avoid tripping over an engine build installed globally and detected + * when the user points at an explicit non-engine flavor of OpenSSL + */ ++#ifdef LIBRESSL_VERSION_NUMBER ++#define OPENSSL_NO_ENGINE ++#endif + #ifndef OPENSSL_NO_ENGINE + #include <openssl/engine.h> + #endif +@@ -204,7 +207,7 @@ + #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ + + /* OpenSSL 1.0.2 compatibility */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER) + #define OpenSSL_version SSLeay_version + #define OpenSSL_version_num SSLeay + #define OPENSSL_VERSION SSLEAY_VERSION +@@ -231,6 +234,10 @@ + #define TLS_server_method SSLv23_server_method + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + ++#ifdef LIBRESSL_VERSION_NUMBER ++#define SSL_CTX_add0_chain_cert SSL_CTX_add_extra_chain_cert ++#endif ++ + #define MAX_ALPN_NPN_PROTO_SIZE 65535 + #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1 + Added: head/www/tomcat-native/files/patch-src_sslcontext.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/tomcat-native/files/patch-src_sslcontext.c Sun Mar 26 18:57:11 2017 (r436979) @@ -0,0 +1,83 @@ +--- src/sslcontext.c.orig 2016-04-18 09:49:28 UTC ++++ src/sslcontext.c +@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + tcn_ssl_ctxt_t *c = NULL; + SSL_CTX *ctx = NULL; + jclass clazz; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + jint prot; + #endif + +@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + SSL_CTX_set_options(c->ctx, SSL_OP_ALL); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* always disable SSLv2, as per RFC 6176 */ + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + if (!(protocol & SSL_PROTOCOL_SSLV3)) +@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); + #endif + +-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ ++#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ + /* We first determine the maximum protocol version we should provide */ + if (protocol & SSL_PROTOCOL_TLSV1_2) { + prot = TLS1_2_VERSION; +@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + prot = SSL3_VERSION; + } + SSL_CTX_set_min_proto_version(ctx, prot); +-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ ++#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ + + /* + * Configure additional context ingredients +@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set + } + + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * Adapted from OpenSSL: +@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica + if (cipher == NULL) { + return "UNKNOWN"; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + kx = cipher->algorithm_mkey; + auth = cipher->algorithm_auth; + #else +@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica + { + case TCN_SSL_kRSA: + return SSL_TXT_RSA; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + case TCN_SSL_kDHr: + return SSL_TXT_DH "_" SSL_TXT_RSA; + case TCN_SSL_kDHd: +@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica + default: + return "UNKNOWN"; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + case TCN_SSL_kKRB5: + return SSL_TXT_KRB5; + case TCN_SSL_kECDHr: +@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica + } + + static const char* SSL_authentication_method(const SSL* ssl) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); + #else + /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */ Added: head/www/tomcat-native/files/patch-src_sslinfo.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/tomcat-native/files/patch-src_sslinfo.c Sun Mar 26 18:57:11 2017 (r436979) @@ -0,0 +1,16 @@ +--- src/sslinfo.c.orig 2016-03-23 18:06:39 UTC ++++ src/sslinfo.c +@@ -25,6 +25,13 @@ + #ifdef HAVE_OPENSSL + #include "ssl_private.h" + ++#ifdef LIBRESSL_VERSION_NUMBER ++int X509_get_signature_nid(const X509 *x) ++{ ++ return OBJ_obj2nid(x->sig_alg->algorithm); ++} ++#endif ++ + static const char *hex_basis = "0123456789ABCDEF"; + + static char *convert_to_hex(const void *buf, size_t len) Added: head/www/tomcat-native/files/patch-src_sslutils.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/tomcat-native/files/patch-src_sslutils.c Sun Mar 26 18:57:11 2017 (r436979) @@ -0,0 +1,11 @@ +--- src/sslutils.c.orig 2016-04-19 09:15:43 UTC ++++ src/sslutils.c +@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_ + * may yield NULL. Return early, but leave the ctx error as is. */ + return OCSP_STATUS_UNKNOWN; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) { + #else + /* No need to check cert->valid, because ssl_verify_OCSP() only
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703261857.v2QIvBot026643>