View | Details | Raw Unified | Return to bug 215196
Collapse All | Expand All

(-)www/tomcat-native/Makefile (-4 lines)
Lines 40-47 Link Here
40
IGNORE_FreeBSD_10=	Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl)
40
IGNORE_FreeBSD_10=	Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl)
41
.endif
41
.endif
42
42
43
.if ${SSL_DEFAULT:Mlibressl*}
44
IGNORE=	Detected LibreSSL (missing numerous symbols during linking)
45
.endif
46
47
.include <bsd.port.post.mk>
43
.include <bsd.port.post.mk>
(-)www/tomcat-native/files/patch-include_ssl__private.h (+32 lines)
Line 0 Link Here
1
--- include/ssl_private.h.orig	2016-04-19 10:08:10 UTC
2
+++ include/ssl_private.h
3
@@ -49,6 +49,9 @@
4
 /* Avoid tripping over an engine build installed globally and detected
5
  * when the user points at an explicit non-engine flavor of OpenSSL
6
  */
7
+#ifdef LIBRESSL_VERSION_NUMBER
8
+#define OPENSSL_NO_ENGINE
9
+#endif
10
 #ifndef OPENSSL_NO_ENGINE
11
 #include <openssl/engine.h>
12
 #endif
13
@@ -204,7 +207,7 @@
14
 #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
15
 
16
 /* OpenSSL 1.0.2 compatibility */
17
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
18
+#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER)
19
 #define OpenSSL_version                  SSLeay_version
20
 #define OpenSSL_version_num              SSLeay
21
 #define OPENSSL_VERSION                  SSLEAY_VERSION
22
@@ -231,6 +234,10 @@
23
 #define TLS_server_method                SSLv23_server_method
24
 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
25
 
26
+#ifdef LIBRESSL_VERSION_NUMBER
27
+#define SSL_CTX_add0_chain_cert          SSL_CTX_add_extra_chain_cert
28
+#endif
29
+
30
 #define MAX_ALPN_NPN_PROTO_SIZE 65535
31
 #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL            1
32
 
(-)www/tomcat-native/files/patch-src_ssl.c (+110 lines)
Line 0 Link Here
1
--- src/ssl.c.orig	2016-04-19 10:08:10 UTC
2
+++ src/ssl.c
3
@@ -34,7 +34,7 @@ tcn_pass_cb_t tcn_password_callback;
4
 static jclass byteArrayClass;
5
 static jclass stringClass;
6
 
7
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
8
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
9
 /* Global reference to the pool used by the dynamic mutexes */
10
 static apr_pool_t *dynlockpool = NULL;
11
 
12
@@ -193,7 +193,7 @@ static const jint supported_ssl_opts = 0
13
 #endif
14
      | 0;
15
 
16
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
17
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
18
 /* OpenSSL Pre-1.1.0 compatibility */
19
 /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
20
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
21
@@ -295,7 +295,7 @@ DH *SSL_get_dh_params(unsigned keylen)
22
     return NULL; /* impossible to reach. */
23
 }
24
 
25
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
26
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
27
 static void init_bio_methods(void);
28
 static void free_bio_methods(void);
29
 #endif
30
@@ -330,7 +330,7 @@ static apr_status_t ssl_init_cleanup(voi
31
                          tcn_password_callback.cb.obj);
32
     }
33
 
34
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
35
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
36
     free_bio_methods();
37
 #endif
38
     free_dh_params();
39
@@ -349,7 +349,7 @@ static apr_status_t ssl_init_cleanup(voi
40
     ENGINE_cleanup();
41
 #endif
42
     CRYPTO_cleanup_all_ex_data();
43
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
44
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
45
     ERR_remove_thread_state(NULL);
46
 #else
47
     ERR_remove_thread_state();
48
@@ -387,7 +387,7 @@ static ENGINE *ssl_try_load_engine(const
49
  * To ensure thread-safetyness in OpenSSL
50
  */
51
 
52
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
53
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
54
 static apr_thread_mutex_t **ssl_lock_cs;
55
 static int                  ssl_lock_num_locks;
56
 
57
@@ -427,7 +427,7 @@ static unsigned long ssl_thread_id(void)
58
 #endif
59
 }
60
 
61
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
62
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
63
 static void ssl_set_thread_id(CRYPTO_THREADID *id)
64
 {
65
     CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
66
@@ -720,7 +720,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
67
 #endif
68
     OPENSSL_load_builtin_modules();
69
 
70
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
71
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
72
     /* Initialize thread support */
73
     ssl_thread_setup(tcn_global_pool);
74
 #endif
75
@@ -766,7 +766,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
76
     SSL_init_app_data2_3_idx();
77
 
78
     init_dh_params();
79
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
80
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
81
     init_bio_methods();
82
 #endif
83
 
84
@@ -928,7 +928,7 @@ static int jbs_new(BIO *bi)
85
     j->refcount  = 1;
86
     BIO_set_shutdown(bi, 1);
87
     BIO_set_init(bi, 0);
88
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
89
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
90
     /* No setter method for OpenSSL 1.1.0 available,
91
      * but I can't find any functional use of the
92
      * "num" field there either.
93
@@ -1064,7 +1064,7 @@ static long jbs_ctrl(BIO *b, int cmd, lo
94
     return ret;
95
 }
96
 
97
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
98
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
99
 static BIO_METHOD jbs_methods = {
100
     BIO_TYPE_FILE,
101
     "Java Callback",
102
@@ -1100,7 +1100,7 @@ static void free_bio_methods(void)
103
 
104
 static BIO_METHOD *BIO_jbs()
105
 {
106
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
107
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
108
     return(&jbs_methods);
109
 #else
110
     return jbs_methods;
(-)www/tomcat-native/files/patch-src_sslcontext.c (+83 lines)
Line 0 Link Here
1
--- src/sslcontext.c.orig	2016-04-18 09:49:28 UTC
2
+++ src/sslcontext.c
3
@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
4
     tcn_ssl_ctxt_t *c = NULL;
5
     SSL_CTX *ctx = NULL;
6
     jclass clazz;
7
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
8
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
9
     jint prot;
10
 #endif
11
 
12
@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
13
         BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
14
     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
15
 
16
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
17
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
18
     /* always disable SSLv2, as per RFC 6176 */
19
     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
20
     if (!(protocol & SSL_PROTOCOL_SSLV3))
21
@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
22
         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
23
 #endif
24
 
25
-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
26
+#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
27
     /* We first determine the maximum protocol version we should provide */
28
     if (protocol & SSL_PROTOCOL_TLSV1_2) {
29
         prot = TLS1_2_VERSION;
30
@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
31
         prot = SSL3_VERSION;
32
     }
33
     SSL_CTX_set_min_proto_version(ctx, prot);
34
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
35
+#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
36
 
37
     /*
38
      * Configure additional context ingredients
39
@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
40
 }
41
 
42
 
43
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
44
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
45
 
46
 /*
47
  * Adapted from OpenSSL:
48
@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica
49
     if (cipher == NULL) {
50
         return "UNKNOWN";
51
     }
52
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
53
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
54
     kx = cipher->algorithm_mkey;
55
     auth = cipher->algorithm_auth;
56
 #else
57
@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica
58
         {
59
     case TCN_SSL_kRSA:
60
         return SSL_TXT_RSA;
61
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
62
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
63
     case TCN_SSL_kDHr:
64
         return SSL_TXT_DH "_" SSL_TXT_RSA;
65
     case TCN_SSL_kDHd:
66
@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica
67
         default:
68
             return "UNKNOWN";
69
             }
70
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
71
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
72
     case TCN_SSL_kKRB5:
73
         return SSL_TXT_KRB5;
74
     case TCN_SSL_kECDHr:
75
@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica
76
 }
77
 
78
 static const char* SSL_authentication_method(const SSL* ssl) {
79
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
80
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
81
    return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
82
 #else
83
     /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */
(-)www/tomcat-native/files/patch-src_sslinfo.c (+16 lines)
Line 0 Link Here
1
--- src/sslinfo.c.orig	2016-03-23 18:06:39 UTC
2
+++ src/sslinfo.c
3
@@ -25,6 +25,13 @@
4
 #ifdef HAVE_OPENSSL
5
 #include "ssl_private.h"
6
 
7
+#ifdef LIBRESSL_VERSION_NUMBER
8
+int X509_get_signature_nid(const X509 *x)
9
+{
10
+    return OBJ_obj2nid(x->sig_alg->algorithm);
11
+}
12
+#endif
13
+
14
 static const char *hex_basis = "0123456789ABCDEF";
15
 
16
 static char *convert_to_hex(const void *buf, size_t len)
(-)www/tomcat-native/files/patch-src_sslutils.c (+11 lines)
Line 0 Link Here
1
--- src/sslutils.c.orig	2016-04-19 09:15:43 UTC
2
+++ src/sslutils.c
3
@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_
4
          * may yield NULL. Return early, but leave the ctx error as is. */
5
         return OCSP_STATUS_UNKNOWN;
6
     }
7
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
8
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
9
     else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) {
10
 #else
11
     /* No need to check cert->valid, because ssl_verify_OCSP() only

Return to bug 215196