FreeBSD Bugzilla – Attachment 177850 Details for
Bug 215196
www/tomcat-native: Fix build with LibreSSL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for www/tomcat-native
patch-www_tomcat-native-LibreSSL (text/plain), 12.63 KB, created by
Bernard Spil
on 2016-12-10 13:29:11 UTC
(
hide
)
Description:
svn diff for www/tomcat-native
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2016-12-10 13:29:11 UTC
Size:
12.63 KB
patch
obsolete
>Index: www/tomcat-native/Makefile >=================================================================== >--- www/tomcat-native/Makefile (revision 428108) >+++ www/tomcat-native/Makefile (working copy) >@@ -40,8 +40,4 @@ > IGNORE_FreeBSD_10= Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl) > .endif > >-.if ${SSL_DEFAULT:Mlibressl*} >-IGNORE= Detected LibreSSL (missing numerous symbols during linking) >-.endif >- > .include <bsd.port.post.mk> >Index: www/tomcat-native/files/patch-include_ssl__private.h >=================================================================== >--- www/tomcat-native/files/patch-include_ssl__private.h (nonexistent) >+++ www/tomcat-native/files/patch-include_ssl__private.h (working copy) >@@ -0,0 +1,32 @@ >+--- include/ssl_private.h.orig 2016-04-19 10:08:10 UTC >++++ include/ssl_private.h >+@@ -49,6 +49,9 @@ >+ /* Avoid tripping over an engine build installed globally and detected >+ * when the user points at an explicit non-engine flavor of OpenSSL >+ */ >++#ifdef LIBRESSL_VERSION_NUMBER >++#define OPENSSL_NO_ENGINE >++#endif >+ #ifndef OPENSSL_NO_ENGINE >+ #include <openssl/engine.h> >+ #endif >+@@ -204,7 +207,7 @@ >+ #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ >+ >+ /* OpenSSL 1.0.2 compatibility */ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER) >+ #define OpenSSL_version SSLeay_version >+ #define OpenSSL_version_num SSLeay >+ #define OPENSSL_VERSION SSLEAY_VERSION >+@@ -231,6 +234,10 @@ >+ #define TLS_server_method SSLv23_server_method >+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ >+ >++#ifdef LIBRESSL_VERSION_NUMBER >++#define SSL_CTX_add0_chain_cert SSL_CTX_add_extra_chain_cert >++#endif >++ >+ #define MAX_ALPN_NPN_PROTO_SIZE 65535 >+ #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1 >+ > >Property changes on: www/tomcat-native/files/patch-include_ssl__private.h >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: www/tomcat-native/files/patch-src_ssl.c >=================================================================== >--- www/tomcat-native/files/patch-src_ssl.c (nonexistent) >+++ www/tomcat-native/files/patch-src_ssl.c (working copy) >@@ -0,0 +1,110 @@ >+--- src/ssl.c.orig 2016-04-19 10:08:10 UTC >++++ src/ssl.c >+@@ -34,7 +34,7 @@ tcn_pass_cb_t tcn_password_callback; >+ static jclass byteArrayClass; >+ static jclass stringClass; >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ /* Global reference to the pool used by the dynamic mutexes */ >+ static apr_pool_t *dynlockpool = NULL; >+ >+@@ -193,7 +193,7 @@ static const jint supported_ssl_opts = 0 >+ #endif >+ | 0; >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ /* OpenSSL Pre-1.1.0 compatibility */ >+ /* Taken from OpenSSL 1.1.0 snapshot 20160410 */ >+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) >+@@ -295,7 +295,7 @@ DH *SSL_get_dh_params(unsigned keylen) >+ return NULL; /* impossible to reach. */ >+ } >+ >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ static void init_bio_methods(void); >+ static void free_bio_methods(void); >+ #endif >+@@ -330,7 +330,7 @@ static apr_status_t ssl_init_cleanup(voi >+ tcn_password_callback.cb.obj); >+ } >+ >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ free_bio_methods(); >+ #endif >+ free_dh_params(); >+@@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(voi >+ ENGINE_cleanup(); >+ #endif >+ CRYPTO_cleanup_all_ex_data(); >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ ERR_remove_thread_state(NULL); >+ #else >+ ERR_remove_thread_state(); >+@@ -387,7 +387,7 @@ static ENGINE *ssl_try_load_engine(const >+ * To ensure thread-safetyness in OpenSSL >+ */ >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ static apr_thread_mutex_t **ssl_lock_cs; >+ static int ssl_lock_num_locks; >+ >+@@ -427,7 +427,7 @@ static unsigned long ssl_thread_id(void) >+ #endif >+ } >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ static void ssl_set_thread_id(CRYPTO_THREADID *id) >+ { >+ CRYPTO_THREADID_set_numeric(id, ssl_thread_id()); >+@@ -720,7 +720,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize >+ #endif >+ OPENSSL_load_builtin_modules(); >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ /* Initialize thread support */ >+ ssl_thread_setup(tcn_global_pool); >+ #endif >+@@ -766,7 +766,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize >+ SSL_init_app_data2_3_idx(); >+ >+ init_dh_params(); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ init_bio_methods(); >+ #endif >+ >+@@ -928,7 +928,7 @@ static int jbs_new(BIO *bi) >+ j->refcount = 1; >+ BIO_set_shutdown(bi, 1); >+ BIO_set_init(bi, 0); >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ /* No setter method for OpenSSL 1.1.0 available, >+ * but I can't find any functional use of the >+ * "num" field there either. >+@@ -1064,7 +1064,7 @@ static long jbs_ctrl(BIO *b, int cmd, lo >+ return ret; >+ } >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ static BIO_METHOD jbs_methods = { >+ BIO_TYPE_FILE, >+ "Java Callback", >+@@ -1100,7 +1100,7 @@ static void free_bio_methods(void) >+ >+ static BIO_METHOD *BIO_jbs() >+ { >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ return(&jbs_methods); >+ #else >+ return jbs_methods; > >Property changes on: www/tomcat-native/files/patch-src_ssl.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: www/tomcat-native/files/patch-src_sslcontext.c >=================================================================== >--- www/tomcat-native/files/patch-src_sslcontext.c (nonexistent) >+++ www/tomcat-native/files/patch-src_sslcontext.c (working copy) >@@ -0,0 +1,83 @@ >+--- src/sslcontext.c.orig 2016-04-18 09:49:28 UTC >++++ src/sslcontext.c >+@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma >+ tcn_ssl_ctxt_t *c = NULL; >+ SSL_CTX *ctx = NULL; >+ jclass clazz; >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ jint prot; >+ #endif >+ >+@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma >+ BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); >+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL); >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ /* always disable SSLv2, as per RFC 6176 */ >+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); >+ if (!(protocol & SSL_PROTOCOL_SSLV3)) >+@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma >+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); >+ #endif >+ >+-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ >++#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ >+ /* We first determine the maximum protocol version we should provide */ >+ if (protocol & SSL_PROTOCOL_TLSV1_2) { >+ prot = TLS1_2_VERSION; >+@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma >+ prot = SSL3_VERSION; >+ } >+ SSL_CTX_set_min_proto_version(ctx, prot); >+-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ >++#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ >+ >+ /* >+ * Configure additional context ingredients >+@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set >+ } >+ >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ /* >+ * Adapted from OpenSSL: >+@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica >+ if (cipher == NULL) { >+ return "UNKNOWN"; >+ } >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ kx = cipher->algorithm_mkey; >+ auth = cipher->algorithm_auth; >+ #else >+@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica >+ { >+ case TCN_SSL_kRSA: >+ return SSL_TXT_RSA; >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ case TCN_SSL_kDHr: >+ return SSL_TXT_DH "_" SSL_TXT_RSA; >+ case TCN_SSL_kDHd: >+@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica >+ default: >+ return "UNKNOWN"; >+ } >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ case TCN_SSL_kKRB5: >+ return SSL_TXT_KRB5; >+ case TCN_SSL_kECDHr: >+@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica >+ } >+ >+ static const char* SSL_authentication_method(const SSL* ssl) { >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); >+ #else >+ /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */ > >Property changes on: www/tomcat-native/files/patch-src_sslcontext.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: www/tomcat-native/files/patch-src_sslinfo.c >=================================================================== >--- www/tomcat-native/files/patch-src_sslinfo.c (nonexistent) >+++ www/tomcat-native/files/patch-src_sslinfo.c (working copy) >@@ -0,0 +1,16 @@ >+--- src/sslinfo.c.orig 2016-03-23 18:06:39 UTC >++++ src/sslinfo.c >+@@ -25,6 +25,13 @@ >+ #ifdef HAVE_OPENSSL >+ #include "ssl_private.h" >+ >++#ifdef LIBRESSL_VERSION_NUMBER >++int X509_get_signature_nid(const X509 *x) >++{ >++ return OBJ_obj2nid(x->sig_alg->algorithm); >++} >++#endif >++ >+ static const char *hex_basis = "0123456789ABCDEF"; >+ >+ static char *convert_to_hex(const void *buf, size_t len) > >Property changes on: www/tomcat-native/files/patch-src_sslinfo.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: www/tomcat-native/files/patch-src_sslutils.c >=================================================================== >--- www/tomcat-native/files/patch-src_sslutils.c (nonexistent) >+++ www/tomcat-native/files/patch-src_sslutils.c (working copy) >@@ -0,0 +1,11 @@ >+--- src/sslutils.c.orig 2016-04-19 09:15:43 UTC >++++ src/sslutils.c >+@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_ >+ * may yield NULL. Return early, but leave the ctx error as is. */ >+ return OCSP_STATUS_UNKNOWN; >+ } >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) { >+ #else >+ /* No need to check cert->valid, because ssl_verify_OCSP() only > >Property changes on: www/tomcat-native/files/patch-src_sslutils.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=177850">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
brnrd
:
maintainer-approval?
(
ale
)
Actions:
View
|
Diff
Attachments on
bug 215196
: 177850