Attachment #177850 for bug #215196

View | Details | Raw Unified | Return to bug 215196
Collapse All | Expand All

Lines 40-47 Link Here

(-)www/tomcat-native/Makefile (-4 lines)
40	IGNORE_FreeBSD_10= Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl)	40	IGNORE_FreeBSD_10= Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl)
41	.endif	41	.endif
42		42
43	.if ${SSL_DEFAULT:Mlibressl*}
44	IGNORE= Detected LibreSSL (missing numerous symbols during linking)
45	.endif
46
47	.include <bsd.port.post.mk>	43	.include <bsd.port.post.mk>




--- include/ssl_private.h.orig	2016-04-19 10:08:10 UTC
+++ include/ssl_private.h
@@ -49,6 +49,9 @@
 /* Avoid tripping over an engine build installed globally and detected
  * when the user points at an explicit non-engine flavor of OpenSSL
  */
+#ifdef LIBRESSL_VERSION_NUMBER
+#define OPENSSL_NO_ENGINE
+#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -204,7 +207,7 @@
 #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
 
 /* OpenSSL 1.0.2 compatibility */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER)
 #define OpenSSL_version                  SSLeay_version
 #define OpenSSL_version_num              SSLeay
 #define OPENSSL_VERSION                  SSLEAY_VERSION
@@ -231,6 +234,10 @@
 #define TLS_server_method                SSLv23_server_method
 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 
+#ifdef LIBRESSL_VERSION_NUMBER
+#define SSL_CTX_add0_chain_cert          SSL_CTX_add_extra_chain_cert
+#endif
+
 #define MAX_ALPN_NPN_PROTO_SIZE 65535
 #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL            1
 




--- src/ssl.c.orig	2016-04-19 10:08:10 UTC
+++ src/ssl.c
@@ -34,7 +34,7 @@ tcn_pass_cb_t tcn_password_callback;
 static jclass byteArrayClass;
 static jclass stringClass;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* Global reference to the pool used by the dynamic mutexes */
 static apr_pool_t *dynlockpool = NULL;
 
@@ -193,7 +193,7 @@ static const jint supported_ssl_opts = 0
 #endif
      | 0;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* OpenSSL Pre-1.1.0 compatibility */
 /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
@@ -295,7 +295,7 @@ DH *SSL_get_dh_params(unsigned keylen)
     return NULL; /* impossible to reach. */
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 static void init_bio_methods(void);
 static void free_bio_methods(void);
 #endif
@@ -330,7 +330,7 @@ static apr_status_t ssl_init_cleanup(voi
                          tcn_password_callback.cb.obj);
     }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     free_bio_methods();
 #endif
     free_dh_params();
@@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(voi
     ENGINE_cleanup();
 #endif
     CRYPTO_cleanup_all_ex_data();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     ERR_remove_thread_state(NULL);
 #else
     ERR_remove_thread_state();
@@ -387,7 +387,7 @@ static ENGINE *ssl_try_load_engine(const
  * To ensure thread-safetyness in OpenSSL
  */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static apr_thread_mutex_t **ssl_lock_cs;
 static int                  ssl_lock_num_locks;
 
@@ -427,7 +427,7 @@ static unsigned long ssl_thread_id(void)
 #endif
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static void ssl_set_thread_id(CRYPTO_THREADID *id)
 {
     CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
@@ -720,7 +720,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
 #endif
     OPENSSL_load_builtin_modules();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     /* Initialize thread support */
     ssl_thread_setup(tcn_global_pool);
 #endif
@@ -766,7 +766,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
     SSL_init_app_data2_3_idx();
 
     init_dh_params();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     init_bio_methods();
 #endif
 
@@ -928,7 +928,7 @@ static int jbs_new(BIO *bi)
     j->refcount  = 1;
     BIO_set_shutdown(bi, 1);
     BIO_set_init(bi, 0);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     /* No setter method for OpenSSL 1.1.0 available,
      * but I can't find any functional use of the
      * "num" field there either.
@@ -1064,7 +1064,7 @@ static long jbs_ctrl(BIO *b, int cmd, lo
     return ret;
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static BIO_METHOD jbs_methods = {
     BIO_TYPE_FILE,
     "Java Callback",
@@ -1100,7 +1100,7 @@ static void free_bio_methods(void)
 
 static BIO_METHOD *BIO_jbs()
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     return(&jbs_methods);
 #else
     return jbs_methods;




--- src/sslcontext.c.orig	2016-04-18 09:49:28 UTC
+++ src/sslcontext.c
@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     tcn_ssl_ctxt_t *c = NULL;
     SSL_CTX *ctx = NULL;
     jclass clazz;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     jint prot;
 #endif
 
@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
         BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     /* always disable SSLv2, as per RFC 6176 */
     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
     if (!(protocol & SSL_PROTOCOL_SSLV3))
@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
 #endif
 
-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
+#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
     /* We first determine the maximum protocol version we should provide */
     if (protocol & SSL_PROTOCOL_TLSV1_2) {
         prot = TLS1_2_VERSION;
@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
         prot = SSL3_VERSION;
     }
     SSL_CTX_set_min_proto_version(ctx, prot);
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
+#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
 
     /*
      * Configure additional context ingredients
@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
 }
 
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /*
  * Adapted from OpenSSL:
@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica
     if (cipher == NULL) {
         return "UNKNOWN";
     }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     kx = cipher->algorithm_mkey;
     auth = cipher->algorithm_auth;
 #else
@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica
         {
     case TCN_SSL_kRSA:
         return SSL_TXT_RSA;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     case TCN_SSL_kDHr:
         return SSL_TXT_DH "_" SSL_TXT_RSA;
     case TCN_SSL_kDHd:
@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica
         default:
             return "UNKNOWN";
             }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     case TCN_SSL_kKRB5:
         return SSL_TXT_KRB5;
     case TCN_SSL_kECDHr:
@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica
 }
 
 static const char* SSL_authentication_method(const SSL* ssl) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
    return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
 #else
     /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */




--- src/sslinfo.c.orig	2016-03-23 18:06:39 UTC
+++ src/sslinfo.c
@@ -25,6 +25,13 @@
 #ifdef HAVE_OPENSSL
 #include "ssl_private.h"
 
+#ifdef LIBRESSL_VERSION_NUMBER
+int X509_get_signature_nid(const X509 *x)
+{
+    return OBJ_obj2nid(x->sig_alg->algorithm);
+}
+#endif
+
 static const char *hex_basis = "0123456789ABCDEF";
 
 static char *convert_to_hex(const void *buf, size_t len)

Line 0 Link Here

(-)www/tomcat-native/files/patch-src_sslutils.c (+11 lines)
	1	--- src/sslutils.c.orig 2016-04-19 09:15:43 UTC
	2	+++ src/sslutils.c
	3	@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_
	4	* may yield NULL. Return early, but leave the ctx error as is. */
	5	return OCSP_STATUS_UNKNOWN;
	6	}
	7	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
	8	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	9	else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) {
	10	#else
	11	/* No need to check cert->valid, because ssl_verify_OCSP() only

Return to bug 215196

Line 0 Link Here

(-)www/tomcat-native/files/patch-include_ssl__private.h (+32 lines)
	1	--- include/ssl_private.h.orig 2016-04-19 10:08:10 UTC
	2	+++ include/ssl_private.h
	3	@@ -49,6 +49,9 @@
	4	/* Avoid tripping over an engine build installed globally and detected
	5	* when the user points at an explicit non-engine flavor of OpenSSL
	6	*/
	7	+#ifdef LIBRESSL_VERSION_NUMBER
	8	+#define OPENSSL_NO_ENGINE
	9	+#endif
	10	#ifndef OPENSSL_NO_ENGINE
	11	#include <openssl/engine.h>
	12	#endif
	13	@@ -204,7 +207,7 @@
	14	#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
	15
	16	/* OpenSSL 1.0.2 compatibility */
	17	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
	18	+#if OPENSSL_VERSION_NUMBER < 0x10100001L \|\| defined(LIBRESSL_VERSION_NUMBER)
	19	#define OpenSSL_version SSLeay_version
	20	#define OpenSSL_version_num SSLeay
	21	#define OPENSSL_VERSION SSLEAY_VERSION
	22	@@ -231,6 +234,10 @@
	23	#define TLS_server_method SSLv23_server_method
	24	#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
	25
	26	+#ifdef LIBRESSL_VERSION_NUMBER
	27	+#define SSL_CTX_add0_chain_cert SSL_CTX_add_extra_chain_cert
	28	+#endif
	29	+
	30	#define MAX_ALPN_NPN_PROTO_SIZE 65535
	31	#define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1
	32

Line 0 Link Here

(-)www/tomcat-native/files/patch-src_ssl.c (+110 lines)
		1	--- src/ssl.c.orig 2016-04-19 10:08:10 UTC
		2	+++ src/ssl.c
		3	@@ -34,7 +34,7 @@ tcn_pass_cb_t tcn_password_callback;
		4	static jclass byteArrayClass;
		5	static jclass stringClass;
		6
		7	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		8	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		9	/* Global reference to the pool used by the dynamic mutexes */
		10	static apr_pool_t *dynlockpool = NULL;
		11
		12	@@ -193,7 +193,7 @@ static const jint supported_ssl_opts = 0
		13	#endif
		14	\| 0;
		15
		16	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		17	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		18	/* OpenSSL Pre-1.1.0 compatibility */
		19	/* Taken from OpenSSL 1.1.0 snapshot 20160410 */
		20	int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)
		21	@@ -295,7 +295,7 @@ DH *SSL_get_dh_params(unsigned keylen)
		22	return NULL; /* impossible to reach. */
		23	}
		24
		25	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		26	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		27	static void init_bio_methods(void);
		28	static void free_bio_methods(void);
		29	#endif
		30	@@ -330,7 +330,7 @@ static apr_status_t ssl_init_cleanup(voi
		31	tcn_password_callback.cb.obj);
		32	}
		33
		34	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		35	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		36	free_bio_methods();
		37	#endif
		38	free_dh_params();
		39	@@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(voi
		40	ENGINE_cleanup();
		41	#endif
		42	CRYPTO_cleanup_all_ex_data();
		43	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		44	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		45	ERR_remove_thread_state(NULL);
		46	#else
		47	ERR_remove_thread_state();
		48	@@ -387,7 +387,7 @@ static ENGINE *ssl_try_load_engine(const
		49	* To ensure thread-safetyness in OpenSSL
		50	*/
		51
		52	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		53	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		54	static apr_thread_mutex_t **ssl_lock_cs;
		55	static int ssl_lock_num_locks;
		56
		57	@@ -427,7 +427,7 @@ static unsigned long ssl_thread_id(void)
		58	#endif
		59	}
		60
		61	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		62	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		63	static void ssl_set_thread_id(CRYPTO_THREADID *id)
		64	{
65	CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
66	@@ -720,7 +720,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
67	#endif
68	OPENSSL_load_builtin_modules();
69
70	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
71	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
72	/* Initialize thread support */
73	ssl_thread_setup(tcn_global_pool);
74	#endif
75	@@ -766,7 +766,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
76	SSL_init_app_data2_3_idx();
77
78	init_dh_params();
79	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
80	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
81	init_bio_methods();
82	#endif
83
84	@@ -928,7 +928,7 @@ static int jbs_new(BIO *bi)
85	j->refcount = 1;
86	BIO_set_shutdown(bi, 1);
87	BIO_set_init(bi, 0);
88	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
89	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
90	/* No setter method for OpenSSL 1.1.0 available,
91	* but I can't find any functional use of the
92	* "num" field there either.
93	@@ -1064,7 +1064,7 @@ static long jbs_ctrl(BIO *b, int cmd, lo
94	return ret;
95	}
96
97	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
98	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
99	static BIO_METHOD jbs_methods = {
100	BIO_TYPE_FILE,
101	"Java Callback",
102	@@ -1100,7 +1100,7 @@ static void free_bio_methods(void)
103
104	static BIO_METHOD *BIO_jbs()
105	{
106	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
107	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
108	return(&jbs_methods);
109	#else
110	return jbs_methods;

Line 0 Link Here

(-)www/tomcat-native/files/patch-src_sslcontext.c (+83 lines)
		1	--- src/sslcontext.c.orig 2016-04-18 09:49:28 UTC
		2	+++ src/sslcontext.c
		3	@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
		4	tcn_ssl_ctxt_t *c = NULL;
		5	SSL_CTX *ctx = NULL;
		6	jclass clazz;
		7	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		8	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		9	jint prot;
		10	#endif
		11
		12	@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
		13	BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE \| BIO_FP_TEXT);
		14	SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
		15
		16	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		17	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		18	/* always disable SSLv2, as per RFC 6176 */
		19	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
		20	if (!(protocol & SSL_PROTOCOL_SSLV3))
		21	@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
		22	SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
		23	#endif
		24
		25	-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
		26	+#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER) */
		27	/* We first determine the maximum protocol version we should provide */
		28	if (protocol & SSL_PROTOCOL_TLSV1_2) {
		29	prot = TLS1_2_VERSION;
		30	@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
		31	prot = SSL3_VERSION;
		32	}
		33	SSL_CTX_set_min_proto_version(ctx, prot);
		34	-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
		35	+#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER) */
		36
		37	/*
		38	* Configure additional context ingredients
		39	@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
		40	}
		41
		42
		43	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		44	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		45
		46	/*
		47	* Adapted from OpenSSL:
		48	@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica
		49	if (cipher == NULL) {
		50	return "UNKNOWN";
		51	}
		52	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		53	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		54	kx = cipher->algorithm_mkey;
		55	auth = cipher->algorithm_auth;
		56	#else
		57	@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica
		58	{
		59	case TCN_SSL_kRSA:
		60	return SSL_TXT_RSA;
		61	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
		62	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		63	case TCN_SSL_kDHr:
		64	return SSL_TXT_DH "_" SSL_TXT_RSA;
65	case TCN_SSL_kDHd:
66	@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica
67	default:
68	return "UNKNOWN";
69	}
70	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
71	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
72	case TCN_SSL_kKRB5:
73	return SSL_TXT_KRB5;
74	case TCN_SSL_kECDHr:
75	@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica
76	}
77
78	static const char* SSL_authentication_method(const SSL* ssl) {
79	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
80	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
81	return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
82	#else
83	/* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */

Line 0 Link Here

(-)www/tomcat-native/files/patch-src_sslinfo.c (+16 lines)
	1	--- src/sslinfo.c.orig 2016-03-23 18:06:39 UTC
	2	+++ src/sslinfo.c
	3	@@ -25,6 +25,13 @@
	4	#ifdef HAVE_OPENSSL
	5	#include "ssl_private.h"
	6
	7	+#ifdef LIBRESSL_VERSION_NUMBER
	8	+int X509_get_signature_nid(const X509 *x)
	9	+{
	10	+ return OBJ_obj2nid(x->sig_alg->algorithm);
	11	+}
	12	+#endif
	13	+
	14	static const char *hex_basis = "0123456789ABCDEF";
	15
	16	static char convert_to_hex(const void buf, size_t len)