FreeBSD Bugzilla – Attachment 228395 Details for
Bug 258885
security/stunnel: still fails to build with libressl
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
0001-security-stunnel-add-optional-patch-for-LibreSSL
0001-security-stunnel-add-optional-patch-for-LibreSSL.patch (text/plain), 16.95 KB, created by
Felix Palmen
on 2021-10-03 11:14:28 UTC
(
hide
)
Description:
0001-security-stunnel-add-optional-patch-for-LibreSSL
Filename:
MIME Type:
Creator:
Felix Palmen
Created:
2021-10-03 11:14:28 UTC
Size:
16.95 KB
patch
obsolete
>From d40915f14c14bdfcbacc36eaa7784a2fe7ac3e62 Mon Sep 17 00:00:00 2001 >From: Felix Palmen <felix@palmen-it.de> >Date: Sun, 3 Oct 2021 13:00:54 +0200 >Subject: [PATCH] security/stunnel: add optional patch for LibreSSL > >--- > security/stunnel/Makefile | 15 +- > .../stunnel/files/extra-patch-libressl-compat | 363 ++++++++++++++++++ > 2 files changed, 377 insertions(+), 1 deletion(-) > create mode 100644 security/stunnel/files/extra-patch-libressl-compat > >diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile >index 764412548e5c..535c2c09b0c3 100644 >--- a/security/stunnel/Makefile >+++ b/security/stunnel/Makefile >@@ -36,7 +36,7 @@ CONFIGURE_ARGS= --localstatedir=/var/tmp --enable-static --disable-systemd \ > --with-ssl="${OPENSSLBASE}" > SHEBANG_FILES= src/stunnel3.in > >-OPTIONS_DEFINE= DOCS EXAMPLES FIPS IPV6 LIBWRAP >+OPTIONS_DEFINE= DOCS EXAMPLES FIPS IPV6 LIBRESSL_PATCH LIBWRAP > OPTIONS_SINGLE= THREAD > OPTIONS_SINGLE_THREAD= FORK PTHREAD UCONTEXT > OPTIONS_DEFAULT= PTHREAD >@@ -47,6 +47,7 @@ LIBWRAP_CONFIGURE_ENABLE= libwrap > > FIPS_DESC= Enable OpenSSL FIPS mode > FORK_DESC= Use the fork(3) threading model >+LIBRESSL_PATCH_DESC= Add unofficial patch to support LibreSSL > PTHREAD_DESC= Use the pthread(3) threading model > UCONTEXT_DESC= Use the ucontext(3) threading model > >@@ -58,6 +59,10 @@ GROUPS= ${STUNNEL_GROUP} > > .include <bsd.port.options.mk> > >+.if ${PORT_OPTIONS:MLIBRESSL_PATCH} >+EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-libressl-compat >+.endif >+ > .if ${PORT_OPTIONS:MLIBWRAP} > LDFLAGS+= -lwrap > .endif >@@ -74,6 +79,14 @@ LDFLAGS+= -lpthread > > .include <bsd.port.pre.mk> > >+.if !${PORT_OPTIONS:MLIBRESSL_PATCH} && ${SSL_DEFAULT:Mlibressl*} >+IGNORE= Build with LibreSSL is broken and requires an extra patch, set LIBRESSL_PATCH option to use it >+.endif >+ >+.if ${PORT_OPTIONS:MLIBRESSL_PATCH} && !${SSL_DEFAULT:Mlibressl*} >+IGNORE= The LIBRESSL_PATCH option can only be used for building with LibreSSL >+.endif >+ > .if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT:Mlibressl*} > IGNORE= LibreSSL does not support FIPS standard > .endif >diff --git a/security/stunnel/files/extra-patch-libressl-compat b/security/stunnel/files/extra-patch-libressl-compat >new file mode 100644 >index 000000000000..05884d02bbfb >--- /dev/null >+++ b/security/stunnel/files/extra-patch-libressl-compat >@@ -0,0 +1,363 @@ >+--- src/client.c.orig 2021-04-05 21:21:38 UTC >++++ src/client.c >+@@ -742,7 +742,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiat >+ NOEXPORT void transfer(CLI *c) { >+ int timeout; /* s_poll_wait timeout in seconds */ >+ int pending; /* either processed on unprocessed TLS data */ >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ int has_pending=0, prev_has_pending; >+ #endif >+ int watchdog=0; /* a counter to detect an infinite loop */ >+@@ -789,7 +789,7 @@ NOEXPORT void transfer(CLI *c) { >+ >+ /****************************** wait for an event */ >+ pending=SSL_pending(c->ssl); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ /* only attempt to process SSL_has_pending() data once */ >+ prev_has_pending=has_pending; >+ has_pending=SSL_has_pending(c->ssl); >+@@ -1194,7 +1194,7 @@ NOEXPORT void transfer(CLI *c) { >+ s_log(LOG_ERR, >+ "please report the problem to Michal.Trojnara@stunnel.org"); >+ stunnel_info(LOG_ERR); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d", >+ SSL_get_version(c->ssl), >+ SSL_pending(c->ssl), SSL_has_pending(c->ssl)); >+--- src/ctx.c.orig 2021-08-16 18:58:06 UTC >++++ src/ctx.c >+@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *); >+ NOEXPORT int ui_retry(); >+ >+ /* session tickets */ >+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L >++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int generate_session_ticket_cb(SSL *, void *); >+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *, >+ const unsigned char *, size_t, SSL_TICKET_STATUS, void *); >+@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char * >+ >+ /**************************************** initialize section->ctx */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ typedef long unsigned SSL_OPTIONS_TYPE; >+ #else >+ typedef long SSL_OPTIONS_TYPE; >+@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE; >+ >+ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ >+ /* create a new TLS context */ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ if(section->option.client) >+ section->ctx=SSL_CTX_new(TLS_client_method()); >+ else /* server mode */ >+@@ -173,7 +173,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T >+ } >+ current_section=section; /* setup current section for callbacks */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ /* set the security level */ >+ if(section->security_level>=0) { >+ /* set the user-specified value */ >+@@ -258,7 +258,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T >+ #endif >+ >+ /* setup session tickets */ >+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L >++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) >+ SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, >+ decrypt_session_ticket_cb, NULL); >+ #endif /* OpenSSL 1.1.1 or later */ >+@@ -533,7 +533,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { >+ /**************************************** initialize OpenSSL CONF */ >+ >+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { >+-#if OPENSSL_VERSION_NUMBER>=0x10002000L >++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) >+ SSL_CONF_CTX *cctx; >+ NAME_LIST *curr; >+ char *cmd, *param; >+@@ -1039,7 +1039,7 @@ NOEXPORT int ui_retry() { >+ >+ /**************************************** session tickets */ >+ >+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L >++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ typedef struct { >+ void *session_authenticated; >+@@ -1532,7 +1532,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, >+ >+ c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli); >+ if(c) { >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); >+ #else >+ int state=SSL_get_state((SSL *)ssl); >+--- src/options.c.orig 2021-08-05 07:19:52 UTC >++++ src/options.c >+@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *); >+ NOEXPORT void sni_free(SERVICE_OPTIONS *); >+ #endif /* !defined(OPENSSL_NO_TLSEXT) */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int str_to_proto_version(const char *); >+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ >+ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); >+@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *); >+ NOEXPORT void psk_free(PSK_KEYS *); >+ #endif /* !defined(OPENSSL_NO_PSK) */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L >++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT TICKET_KEY *key_read(char *, char *); >+ NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *); >+ NOEXPORT void key_free(TICKET_KEY *); >+@@ -3252,7 +3252,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O >+ break; >+ } >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ /* sslVersion */ >+ switch(cmd) { >+@@ -3421,7 +3421,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O >+ } >+ #endif >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L >++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ /* ticketKeySecret */ >+ switch(cmd) { >+@@ -3904,7 +3904,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { >+ >+ /**************************************** modern TLS version handling */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ NOEXPORT int str_to_proto_version(const char *name) { >+ if(!strcasecmp(name, "all")) >+@@ -4229,7 +4229,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) { >+ >+ /**************************************** read ticket key */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L >++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ >+ NOEXPORT TICKET_KEY *key_read(char *arg, char *option) { >+ char *key_str; >+--- src/prototypes.h.orig 2021-05-30 20:19:44 UTC >++++ src/prototypes.h >+@@ -250,7 +250,7 @@ typedef struct service_options_struct { >+ #if OPENSSL_VERSION_NUMBER>=0x009080dfL >+ long unsigned ssl_options_clear; >+ #endif /* OpenSSL 0.9.8m or later */ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ int min_proto_version, max_proto_version; >+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ >+ SSL_METHOD *client_method, *server_method; >+@@ -722,7 +722,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, >+ extern CLI *thread_head; >+ #endif >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ #ifdef USE_OS_THREADS >+ >+@@ -773,7 +773,7 @@ typedef enum { >+ >+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ >+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); >+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); >+--- src/ssl.c.orig 2021-04-05 21:19:15 UTC >++++ src/ssl.c >+@@ -39,12 +39,17 @@ >+ #include "prototypes.h" >+ >+ /* global OpenSSL initialization: compression, engine, entropy */ >++#ifdef LIBRESSL_VERSION_NUMBER >++NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, >++ int idx, long argl, void *argp); >++#else >+ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, >+ int idx, long argl, void *argp); >+-#if OPENSSL_VERSION_NUMBER>=0x30000000L >++#endif >++#if OPENSSL_VERSION_NUMBER>=0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, >+ void **from_d, int idx, long argl, void *argp); >+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L >++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, >+ void *from_d, int idx, long argl, void *argp); >+ #else >+@@ -83,7 +88,7 @@ int fips_available() { /* either FIPS provider or cont >+ } >+ >+ int ssl_init(void) { /* init TLS before parsing configuration file */ >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ OPENSSL_INIT_SETTINGS *conf=OPENSSL_INIT_new(); >+ #ifdef USE_WIN32 >+ OPENSSL_INIT_set_config_filename(conf, "..\\config\\openssl.cnf"); >+@@ -143,21 +148,33 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM * >+ #endif >+ #endif >+ >++#ifdef LIBRESSL_VERSION_NUMBER >++NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, >++ int idx, long argl, void *argp) { >++#else >+ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, >+ int idx, long argl, void *argp) { >++#endif >+ (void)parent; /* squash the unused parameter warning */ >+ (void)ptr; /* squash the unused parameter warning */ >+ (void)argl; /* squash the unused parameter warning */ >+ s_log(LOG_DEBUG, "Initializing application specific data for %s", >+ (char *)argp); >+- if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) >++ if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) { >+ sslerror("CRYPTO_set_ex_data"); >++#ifdef LIBRESSL_VERSION_NUMBER >++ return 0; >++#endif >++ } >++#ifdef LIBRESSL_VERSION_NUMBER >++ return 1; >++#endif >+ } >+ >+-#if OPENSSL_VERSION_NUMBER>=0x30000000L >++#if OPENSSL_VERSION_NUMBER>=0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, >+ void **from_d, int idx, long argl, void *argp) { >+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L >++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, >+ void *from_d, int idx, long argl, void *argp) { >+ #else >+@@ -256,7 +273,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configu >+ >+ #ifndef OPENSSL_NO_COMP >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100000L >++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ NOEXPORT int COMP_get_type(const COMP_METHOD *meth) { >+ return meth->type; >+@@ -347,7 +364,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *global) { >+ const RAND_METHOD *meth=RAND_get_rand_method(); >+ >+ /* skip PRNG initialization when no seeding methods are available */ >+- if(meth->status==NULL || meth->add==NULL) { >++ if(meth==NULL || meth->status==NULL || meth->add==NULL) { >+ s_log(LOG_DEBUG, "No PRNG seeding methods"); >+ return 0; /* success */ >+ } >+--- src/sthreads.c.orig 2021-02-10 11:39:36 UTC >++++ src/sthreads.c >+@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) { >+ >+ #endif /* USE_WIN32 */ >+ >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L >++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \ >++ defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { >+ CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); >+ } >+ #endif >+ >+ void thread_id_init(void) { >+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L >++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \ >++ defined(LIBRESSL_VERSION_NUMBER) >+ CRYPTO_THREADID_set_callback(threadid_func); >+ #endif >+ #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED) >+@@ -120,7 +122,7 @@ void thread_id_init(void) { >+ /**************************************** locking */ >+ >+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ #ifdef USE_PTHREAD >+ >+@@ -279,7 +281,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO >+ >+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100004L >++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) >+ >+ #ifdef USE_OS_THREADS >+ >+@@ -387,7 +389,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, >+ >+ void locking_init(void) { >+ size_t i; >+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L >++#if defined(USE_OS_THREADS) && \ >++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) >+ size_t num; >+ >+ /* initialize the OpenSSL static locking */ >+--- src/tls.c.orig 2021-02-10 11:39:36 UTC >++++ src/tls.c >+@@ -41,7 +41,7 @@ >+ volatile int tls_initialized=0; >+ >+ NOEXPORT void tls_platform_init(); >+-#if OPENSSL_VERSION_NUMBER<0x10100000L >++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT void free_function(void *); >+ #endif >+ >+@@ -52,7 +52,7 @@ void tls_init() { >+ tls_platform_init(); >+ tls_initialized=1; >+ ui_tls=tls_alloc(NULL, NULL, "ui"); >+-#if OPENSSL_VERSION_NUMBER>=0x10100000L >++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ CRYPTO_set_mem_functions(str_alloc_detached_debug, >+ str_realloc_detached_debug, str_free_debug); >+ #else >+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { >+ >+ /**************************************** OpenSSL allocator hook */ >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100000L >++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ NOEXPORT void free_function(void *ptr) { >+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ >+ /* unfortunately, OpenSSL provides no file:line information here */ >+--- src/verify.c.orig 2021-08-05 07:19:52 UTC >++++ src/verify.c >+@@ -351,7 +351,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback >+ cert=X509_STORE_CTX_get_current_cert(callback_ctx); >+ subject=X509_get_subject_name(cert); >+ >+-#if OPENSSL_VERSION_NUMBER<0x10100006L >++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) >+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs >+ #endif >+ /* modern API allows retrieving multiple matching certificates */ >-- >2.32.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 258885
:
228392
|
228394
| 228395