From owner-freebsd-ports@freebsd.org  Sat Jun 24 14:34:46 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94A59D9FB6B
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Sat, 24 Jun 2017 14:34:46 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: from apnoea.adamw.org (apnoea.adamw.org [104.225.5.94])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "apnoea.adamw.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6CD5C6E6D3
 for <freebsd-ports@freebsd.org>; Sat, 24 Jun 2017 14:34:45 +0000 (UTC)
 (envelope-from adamw@adamw.org)
Received: by apnoea.adamw.org (OpenSMTPD) with ESMTPSA id 164f573a
 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO;
 Sat, 24 Jun 2017 08:34:38 -0600 (MDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: security/libressl not API-compatible with OpenSSL, breaks
 www/apache24
From: Adam Weinberger <adamw@adamw.org>
In-Reply-To: <20170624092744.GA69225@server.rulingia.com>
Date: Sat, 24 Jun 2017 08:34:36 -0600
Cc: freebsd-ports@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9EF3C3B9-AB6A-4A1A-8AED-1D674CCECF60@adamw.org>
References: <20170624092744.GA69225@server.rulingia.com>
To: Peter Jeremy <peter@rulingia.com>
X-Mailer: Apple Mail (2.3273)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jun 2017 14:34:46 -0000

> On 24 Jun, 2017, at 3:27, Peter Jeremy <peter@rulingia.com> wrote:
>=20
> In <openssl/opensslv.h>, libressl-2.5.4 specifies
> #define OPENSSL_VERSION_NUMBER  0x20000000L
> but doesn't provide an API compatible with OpenSSL.  In particular,
> it's missing (at least) SSL_CTX_set_max_proto_version() and
> SSL_CTX_set_min_proto_version(), which were added in OpenSSL 1.1.0.
> This breaks (at least) apache-2.4 which includes the code:
> #if OPENSSL_VERSION_NUMBER >=3D 0x10100000L
>    SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
>    SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
> #endif
>=20
> Does anyone have a suggestion, other than switching from LibreSSL back =
to
> OpenSSL?
>=20
> --=20
> Peter Jeremy

Try changing it to
#if OPENSSL_VERSION_NUMBER >=3D 0x10100000L && =
!defined(LIBRESSL_VERSION_NUMBER)

# Adam


--=20
Adam Weinberger
adamw@adamw.org
https://www.adamw.org