--- configure.ac.orig 2013-05-15 18:33:58.000000000 +0200 +++ configure.ac 2014-11-29 23:21:53.948448713 +0100 @@ -2007,6 +2007,13 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX +### Fix build with LibreSSL (does not have RAND_egd) +### PR195513, http://bugs.python.org/issue21356 +AC_CHECK_LIB(crypto, RAND_egd, + AC_DEFINE(HAVE_RAND_EGD, 1, + [Define if the libcrypto has RAND_egd])) +### PR195513 + # only check for sem_init if thread support is requested if test "$with_threads" = "yes" -o -z "$with_threads"; then AC_SEARCH_LIBS(sem_init, pthread rt posix4) # 'Real Time' functions on Solaris --- configure.orig 2014-11-29 23:18:15.340158000 +0100 +++ configure 2014-11-29 23:22:00.604363850 +0100 @@ -8081,6 +8081,52 @@ fi # Dynamic linking for HP-UX +### Fix build with LibreSSL (does not have RAND_egd) +### PR195513, http://bugs.python.org/issue21356 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5 +$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_RAND_egd+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char RAND_egd (); +int +main () +{ +return RAND_egd (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_RAND_egd=yes +else + ac_cv_lib_crypto_RAND_egd=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5 +$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; } +if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then : + +$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h + +fi + +### PR195513 + # only check for sem_init if thread support is requested if test "$with_threads" = "yes" -o -z "$with_threads"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sem_init" >&5 --- pyconfig.h.in.orig 2013-05-15 18:33:58.000000000 +0200 +++ pyconfig.h.in 2014-11-29 23:23:53.763587019 +0100 @@ -545,6 +545,12 @@ /* Define to 1 if you have the `putenv' function. */ #undef HAVE_PUTENV +/* ### Fix build with LibreSSL (does not have RAND_egd) + ### PR195513, http://bugs.python.org/issue21356 */ +/* Define if the libcrypto has RAND_egd */ +#undef HAVE_RAND_EGD +/* ### PR195513 */ + /* Define to 1 if you have the `readlink' function. */ #undef HAVE_READLINK --- Modules/_ssl.c.orig 2013-05-15 18:33:53.000000000 +0200 +++ Modules/_ssl.c 2014-11-29 23:26:19.250394351 +0100 @@ -1911,6 +1911,9 @@ It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ using the ssl() function."); +/* ### Fix build with LibreSSL (does not have RAND_egd) + ### PR195513, http://bugs.python.org/issue21356 */ +#ifdef HAVE_RAND_EGD static PyObject * PySSL_RAND_egd(PyObject *self, PyObject *args) { @@ -1938,6 +1941,8 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\ Returns number of bytes read. Raises SSLError if connection to EGD\n\ fails or if it does provide enough data to seed PRNG."); +#endif /* HAVE_RAND_EGD */ +/* ### End PR195513 */ #endif @@ -1951,8 +1956,12 @@ #ifdef HAVE_OPENSSL_RAND {"RAND_add", PySSL_RAND_add, METH_VARARGS, PySSL_RAND_add_doc}, +/* ### Fix build with LibreSSL (does not have RAND_egd) + ### PR195513, http://bugs.python.org/issue21356 */ +#ifdef HAVE_RAND_EGD {"RAND_egd", PySSL_RAND_egd, METH_VARARGS, PySSL_RAND_egd_doc}, +#endif /* HAVE_RAND_EGD */ {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, PySSL_RAND_status_doc}, #endif --- Lib/ssl.py.orig 2013-05-15 18:33:46.000000000 +0200 +++ Lib/ssl.py 2014-11-29 23:29:01.185329238 +0100 @@ -63,7 +63,16 @@ from _ssl import _SSLContext, SSLError from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 -from _ssl import RAND_status, RAND_egd, RAND_add +### Fix build with LibreSSL (does not have RAND_egd) +### PR195513, http://bugs.python.org/issue21356 +from _ssl import RAND_status, RAND_add +try: + from _ssl import RAND_egd +except ImportError: + # LibreSSL does not provide RAND_egd + pass +### End PR195513 + from _ssl import ( SSL_ERROR_ZERO_RETURN, SSL_ERROR_WANT_READ, --- Lib/test/test_ssl.py.orig 2013-05-15 18:33:50.000000000 +0200 +++ Lib/test/test_ssl.py 2014-11-29 23:31:11.880396558 +0100 @@ -103,8 +103,12 @@ sys.stdout.write("\n RAND_status is %d (%s)\n" % (v, (v and "sufficient randomness") or "insufficient randomness")) - self.assertRaises(TypeError, ssl.RAND_egd, 1) - self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) +### Fix build with LibreSSL (does not have RAND_egd) +### PR195513, http://bugs.python.org/issue21356 + if hasattr(ssl, 'RAND_egd'): + self.assertRaises(TypeError, ssl.RAND_egd, 1) + self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) +### End PR195513 ssl.RAND_add("this is a random string", 75.0) def test_parse_cert(self):