Index: Makefile =================================================================== --- Makefile (revision 438121) +++ Makefile (working copy) @@ -174,9 +174,6 @@ .if ${SSL_DEFAULT:Mopenssl-devel} BROKEN= Does not build with openssl-devel .endif -.if ${SSL_DEFAULT:Mlibressl*} -BROKEN= Does not build with libressl -.endif .if !defined(_BUILDING_PROFTPD_MODULE) Index: files/patch-contrib_mod__tls.c =================================================================== --- files/patch-contrib_mod__tls.c (nonexistent) +++ files/patch-contrib_mod__tls.c (working copy) @@ -0,0 +1,193 @@ +--- contrib/mod_tls.c.orig 2017-01-16 01:13:01 UTC ++++ contrib/mod_tls.c +@@ -42,6 +42,11 @@ + # include "mod_ctrls.h" + #endif + ++/* Define if you have the LibreSSL library. */ ++#if defined(LIBRESSL_VERSION_NUMBER) ++# define HAVE_LIBRESSL 1 ++#endif ++ + /* Note that the openssl/ssl.h header is already included in mod_tls.h, so + * we don't need to include it here. + */ +@@ -96,7 +101,7 @@ static DH *get_dh(BIGNUM *p, BIGNUM *g) + return NULL; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + if (DH_set0_pqg(dh, p, NULL, g) != 1) { + pr_trace_msg(trace_channel, 3, "error setting DH p/q parameters: %s", + ERR_error_string(ERR_get_error(), NULL)); +@@ -114,7 +119,7 @@ static DH *get_dh(BIGNUM *p, BIGNUM *g) + static X509 *read_cert(FILE *fh, SSL_CTX *ssl_ctx) { + X509 *cert; + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + cert = PEM_read_X509(fh, NULL, SSL_CTX_get_default_passwd_cb(ssl_ctx), + SSL_CTX_get_default_passwd_cb_userdata(ssl_ctx)); + #else +@@ -128,7 +133,7 @@ static X509 *read_cert(FILE *fh, SSL_CTX + static int get_pkey_type(EVP_PKEY *pkey) { + int pkey_type; + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + pkey_type = EVP_PKEY_id(pkey); + #else + pkey_type = EVP_PKEY_type(pkey->type); +@@ -609,7 +614,7 @@ static void tls_diags_cb(const SSL *ssl, + break; + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + case TLS_ST_OK: + #else + case SSL_ST_OK: +@@ -633,7 +638,7 @@ static void tls_diags_cb(const SSL *ssl, + + ssl_state = SSL_get_state(ssl); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + if (ssl_state == TLS_ST_SR_CLNT_HELLO) { + #else + if (ssl_state == SSL3_ST_SR_CLNT_HELLO_A || +@@ -4837,7 +4842,7 @@ static int tls_dotlogin_allow(const char + + pr_signals_handle(); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + X509_get0_signature(&client_sig, NULL, client_cert); + X509_get0_signature(&file_sig, NULL, file_cert); + #else +@@ -4845,7 +4850,7 @@ static int tls_dotlogin_allow(const char + file_sig = file_cert->signature; + #endif /* OpenSSL-1.1.x and later */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + if (!ASN1_STRING_cmp(client_sig, file_sig)) { + #else + if (!M_ASN1_BIT_STRING_cmp(client_sig, file_sig)) { +@@ -5320,7 +5325,7 @@ static void tls_setup_cert_dn_environ(co + int nentries; + char *k, *v; + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + nentries = X509_NAME_entry_count(name); + #else + nentries = sk_X509_NAME_ENTRY_num(name->entries); +@@ -5333,7 +5338,7 @@ static void tls_setup_cert_dn_environ(co + + pr_signals_handle(); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + entry = X509_NAME_get_entry(name, i); + nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(entry)); + entry_data = ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)); +@@ -5512,7 +5517,7 @@ static void tls_setup_cert_environ(const + BIO_free(bio); + + bio = BIO_new(BIO_s_mem()); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + X509_get0_signature(NULL, &algo, cert); + #else + algo = cert->cert_info->signature; +@@ -5528,7 +5533,7 @@ static void tls_setup_cert_environ(const + BIO_free(bio); + + bio = BIO_new(BIO_s_mem()); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + pubkey = X509_get_X509_PUBKEY(cert); + X509_PUBKEY_get0_param(NULL, NULL, NULL, &algo, pubkey); + #else +@@ -5587,7 +5592,7 @@ static void tls_setup_environ(SSL *ssl) + const unsigned char *sess_data; + unsigned int sess_datalen; + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + sess_data = SSL_SESSION_get_id(ssl_session, &sess_datalen); + #else + sess_datalen = ssl_session->session_id_length; +@@ -5738,7 +5743,7 @@ static int tls_verify_cb(int ok, X509_ST + X509 *cert = X509_STORE_CTX_get_current_cert(ctx); + int ctx_error, depth = X509_STORE_CTX_get_error_depth(ctx); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + verify_err = X509_STORE_CTX_get_error(ctx); + #else + verify_err = ctx->error; +@@ -5755,7 +5760,7 @@ static int tls_verify_cb(int ok, X509_ST + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + ctx_error = X509_STORE_CTX_get_error(ctx); + #else + ctx_error = ctx->error; +@@ -5886,7 +5891,7 @@ static int tls_verify_crl(int ok, X509_S + X509_STORE_CTX_init(store_ctx, tls_crl_store, NULL, NULL); + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + crls = X509_STORE_CTX_get1_crls(store_ctx, subject); + #elif OPENSSL_VERSION_NUMBER >= 0x10000000L + crls = X509_STORE_get1_crls(store_ctx, subject); +@@ -5906,14 +5911,14 @@ static int tls_verify_crl(int ok, X509_S + X509_NAME_print(b, issuer, 0); + + BIO_printf(b, ", lastUpdate: "); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + ASN1_UTCTIME_print(b, X509_CRL_get_lastUpdate(crl)); + #else + ASN1_UTCTIME_print(b, crl->crl->lastUpdate); + #endif /* OpenSSL-1.1.x and later */ + + BIO_printf(b, ", nextUpdate: "); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + ASN1_UTCTIME_print(b, X509_CRL_get_nextUpdate(crl)); + #else + ASN1_UTCTIME_print(b, crl->crl->nextUpdate); +@@ -5983,7 +5988,7 @@ static int tls_verify_crl(int ok, X509_S + * the current certificate in order to check for revocation. + */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + crls = X509_STORE_CTX_get1_crls(store_ctx, subject); + #elif OPENSSL_VERSION_NUMBER >= 0x10000000L + crls = X509_STORE_get1_crls(store_ctx, subject); +@@ -6005,7 +6010,7 @@ static int tls_verify_crl(int ok, X509_S + ASN1_INTEGER *sn; + + revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + sn = X509_REVOKED_get0_serialNumber(revoked); + #else + sn = revoked->serialNumber; +@@ -6371,7 +6376,7 @@ static int tls_verify_ocsp_url(X509_STOR + return FALSE; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(HAVE_LIBRESSL) + store = X509_STORE_CTX_get0_store(ctx); + #else + store = ctx->ctx; Property changes on: files/patch-contrib_mod__tls.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property