Date: Sun, 1 Apr 2018 22:38:07 +0000 (UTC) From: Christoph Moench-Tegeder <cmt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r466188 - in head/net/qt5-network: . files Message-ID: <201804012238.w31Mc7NZ013993@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cmt Date: Sun Apr 1 22:38:06 2018 New Revision: 466188 URL: https://svnweb.freebsd.org/changeset/ports/466188 Log: restore ssl functionality with openssl The "libressl compatibility" unfortunately added a dependency on the SSL_CTX_set1_groups() function, which is neither available in base (for released versions of FreeBSD) nor ports openssl (it's only in openssl-devel and libressl). This broke SSL (most importantly HTTPS) functionalty in many Qt5-ports. This adds some #ifdefs around the SSL_CTX_set1_groups() calling sites and restores the old code in cases where libressl has not been detected. PR: 218421 Reported by: yuri Approved by: maintainer-timeout Modified: head/net/qt5-network/Makefile head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Modified: head/net/qt5-network/Makefile ============================================================================== --- head/net/qt5-network/Makefile Sun Apr 1 22:08:01 2018 (r466187) +++ head/net/qt5-network/Makefile Sun Apr 1 22:38:06 2018 (r466188) @@ -2,7 +2,7 @@ PORTNAME= network DISTVERSION= ${QT5_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net ipv6 PKGNAMEPREFIX= qt5- Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp Sun Apr 1 22:08:01 2018 (r466187) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp Sun Apr 1 22:38:06 2018 (r466188) @@ -2,21 +2,24 @@ * call the SSL_CTX_set1_groups function, which exists in LibreSSL as well as in * OpenSSL and is what would be called through the macro * ---- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC +--- src/network/ssl/qsslcontext_openssl.cpp.orig 2018-01-16 06:53:43 UTC +++ src/network/ssl/qsslcontext_openssl.cpp -@@ -350,12 +350,9 @@ init_context: +@@ -354,12 +354,18 @@ init_context: #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) // Set the curves to be used if (q_SSLeay() >= 0x10002000L) { -- // SSL_CTX_ctrl wants a non-const pointer as last argument, -- // but let's avoid a copy into a temporary array -- if (!q_SSL_CTX_ctrl(sslContext->ctx, -- SSL_CTRL_SET_CURVES, -- qcurves.size(), -- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { ++#if defined(LIBRESSL_VERSION_NUMBER) + if (!q_SSL_CTX_set1_groups(sslContext->ctx, + const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), + qcurves.size())) { ++#else // defined(LIBRESSL_VERSION_NUMBER) + // SSL_CTX_ctrl wants a non-const pointer as last argument, + // but let's avoid a copy into a temporary array + if (!q_SSL_CTX_ctrl(sslContext->ctx, + SSL_CTRL_SET_CURVES, + qcurves.size(), + const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { ++#endif // defined(LIBRESSL_VERSION_NUMBER) sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); sslContext->errorCode = QSslError::UnspecifiedError; } Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Sun Apr 1 22:08:01 2018 (r466187) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Sun Apr 1 22:38:06 2018 (r466188) @@ -3,9 +3,9 @@ * Prepend the path of the SSL libraries used for building so the same libraries are * found and loaded at runtime. Normal search finds base SSL libraries before ports. * ---- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2017-11-16 05:15:28 UTC +--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2018-01-16 06:53:43 UTC +++ src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -151,7 +151,7 @@ DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int +@@ -151,7 +151,7 @@ DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) @@ -14,15 +14,17 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) #endif DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return) -@@ -453,6 +453,7 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, retu +@@ -453,6 +453,9 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, retu DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return) #if OPENSSL_VERSION_NUMBER >= 0x10002000L DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return) ++#if defined(LIBRESSL_VERSION_NUMBER) +DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, int *b, b, int c, c, return -1, return) ++#endif // defined(LIBRESSL_VERSION_NUMBER) #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_NO_EC -@@ -658,8 +659,8 @@ static QPair<QLibrary*, QLibrary*> loadO +@@ -680,8 +683,8 @@ static QPair<QLibrary*, QLibrary*> loadO #endif #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER> @@ -33,7 +35,7 @@ if (libcrypto->load() && libssl->load()) { // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found return pair; -@@ -676,8 +677,8 @@ static QPair<QLibrary*, QLibrary*> loadO +@@ -698,8 +701,8 @@ static QPair<QLibrary*, QLibrary*> loadO // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third // attempt, _after_ <bundle>/Contents/Frameworks has been searched. // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. @@ -44,7 +46,7 @@ if (libcrypto->load() && libssl->load()) { // libssl.so.0 and libcrypto.so.0 found return pair; -@@ -790,7 +791,7 @@ bool q_resolveOpenSslSymbols() +@@ -790,7 +793,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(EC_GROUP_get_degree) #endif RESOLVEFUNC(BN_num_bits) @@ -53,19 +55,21 @@ RESOLVEFUNC(BN_is_word) #endif RESOLVEFUNC(BN_mod_word) -@@ -1020,8 +1021,10 @@ bool q_resolveOpenSslSymbols() +@@ -1020,8 +1023,12 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(EC_KEY_free) RESOLVEFUNC(EC_get_builtin_curves) #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (q_SSLeay() >= 0x10002000L) + if (q_SSLeay() >= 0x10002000L) { RESOLVEFUNC(EC_curve_nist2nid) ++#if defined(LIBRESSL_VERSION_NUMBER) + RESOLVEFUNC(SSL_CTX_set1_groups) ++#endif // defined(LIBRESSL_VERSION_NUMBER) + } #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_NO_EC RESOLVEFUNC(PKCS12_parse) -@@ -1030,10 +1033,9 @@ bool q_resolveOpenSslSymbols() +@@ -1030,10 +1037,9 @@ bool q_resolveOpenSslSymbols() delete libs.first; delete libs.second; Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Sun Apr 1 22:08:01 2018 (r466187) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Sun Apr 1 22:38:06 2018 (r466188) @@ -2,7 +2,7 @@ * * check macro is defined instead of version, LibreSSL < 2.5 doesn't have SSL_CTRL_GET_SERVER_TMP_KEY * ---- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2017-11-16 05:15:28 UTC +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2018-01-16 06:53:43 UTC +++ src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -228,7 +228,7 @@ int q_BIO_read(BIO *a, void *b, int c); Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); @@ -13,11 +13,13 @@ int q_BN_is_word(BIGNUM *a, BN_ULONG w); #else // BN_is_word is implemented purely as a -@@ -511,11 +511,12 @@ void q_EC_KEY_free(EC_KEY *ecdh); +@@ -511,11 +511,14 @@ void q_EC_KEY_free(EC_KEY *ecdh); size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); #if OPENSSL_VERSION_NUMBER >= 0x10002000L int q_EC_curve_nist2nid(const char *name); ++#if defined(LIBRESSL_VERSION_NUMBER) +int q_SSL_CTX_set1_groups(SSL_CTX *a, int *b, int c); ++#endif // defined(LIBRESSL_VERSION_NUMBER) #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_NO_EC -#if OPENSSL_VERSION_NUMBER >= 0x10002000L
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804012238.w31Mc7NZ013993>