FreeBSD Bugzilla – Attachment 182586 Details for
Bug 216790
mail/postfix: Fix x25519 kex with LibreSSL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for mail/postfix-current
patch-mail_postfix-current-3.3.20170502-LibreSSL (text/plain), 3.77 KB, created by
Bernard Spil
on 2017-05-14 09:34:19 UTC
(
hide
)
Description:
svn diff for mail/postfix-current
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2017-05-14 09:34:19 UTC
Size:
3.77 KB
patch
obsolete
>Index: mail/postfix-current/files/patch-src_tls_tls.h >=================================================================== >--- mail/postfix-current/files/patch-src_tls_tls.h (revision 440867) >+++ mail/postfix-current/files/patch-src_tls_tls.h (working copy) >@@ -1,7 +1,8 @@ >-# fix build against LibreSSL >-# Obtained from: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/stable/patches/ >-# >---- src/tls/tls.h.orig 2016-02-06 20:09:41 UTC >+$OpenBSD: patch-src_tls_tls_h,v 1.2 2017/03/04 22:09:43 sthen Exp $ >+ >+Fix building with LibreSSL >+ >+--- src/tls/tls.h.orig 2017-01-01 22:22:13 UTC > +++ src/tls/tls.h > @@ -89,7 +89,7 @@ extern const char *str_tls_level(int); > #endif >@@ -12,3 +13,13 @@ > #define OpenSSL_version_num SSLeay > #define OpenSSL_version SSLeay_version > #define OPENSSL_VERSION SSLEAY_VERSION >+@@ -104,6 +104,9 @@ extern const char *str_tls_level(int); >+ #define ASN1_STRING_get0_data ASN1_STRING_data >+ #define X509_getm_notBefore X509_get_notBefore >+ #define X509_getm_notAfter X509_get_notAfter >++#endif >++ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ #define TLS_method SSLv23_method >+ #define TLS_client_method SSLv23_client_method >+ #define TLS_server_method SSLv23_server_method >Index: mail/postfix-current/files/patch-src_tls_tls__dh.c >=================================================================== >--- mail/postfix-current/files/patch-src_tls_tls__dh.c (revision 440867) >+++ mail/postfix-current/files/patch-src_tls_tls__dh.c (working copy) >@@ -1,48 +1,15 @@ >-PR 216732: Fix build with libressl < 2.5.1 >-========================================================= >+$OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $ >+ >+Fix building with LibreSSL >+ > --- src/tls/tls_dh.c.orig 2016-12-26 23:47:24 UTC > +++ src/tls/tls_dh.c >-@@ -94,7 +94,7 @@ >- #define TLS_INTERNAL >- #include <tls.h> >- #include <openssl/dh.h> >--#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) >-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER) >- #include <openssl/ec.h> >- #endif >- >-@@ -244,7 +244,7 @@ DH *tls_tmp_dh_cb(SSL *unused_ssl, i >- >- void tls_auto_eecdh_curves(SSL_CTX *ctx) >- { >--#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) >-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER) >- SSL_CTX *tmpctx; >- int *nids; >- int space = 5; >-@@ -337,14 +337,14 @@ void tls_set_eecdh_curve(SSL_CTX *ser >- #define TLS_EECDH_NONE 1 >- #define TLS_EECDH_STRONG 2 >- #define TLS_EECDH_ULTRA 3 >--#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL >-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER) >- #define TLS_EECDH_AUTO 4 >- #endif >- static NAME_CODE eecdh_table[] = { >- "none", TLS_EECDH_NONE, >- "strong", TLS_EECDH_STRONG, >- "ultra", TLS_EECDH_ULTRA, >--#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL >-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER) >- "auto", TLS_EECDH_AUTO, >- #endif >- 0, TLS_EECDH_INVALID, >-@@ -364,7 +364,7 @@ void tls_set_eecdh_curve(SSL_CTX *ser >- case TLS_EECDH_ULTRA: >- curve = var_tls_eecdh_ultra; >- break; >--#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL >-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER) >- case TLS_EECDH_AUTO: >- tls_auto_eecdh_curves(server_ctx); >- return; >+@@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *c >+ * This is a NOP in OpenSSL 1.1.0 and later, where curves are always >+ * auto-negotiated. >+ */ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000UL >++#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER) >+ if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) { >+ msg_warn("failed to enable automatic ECDHE curve selection"); >+ tls_print_errors();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=182586">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 216790
:
179608
|
179639
|
179641
|
180193
|
180229
|
180231
|
180532
|
182015
|
182584
| 182586