FreeBSD Bugzilla – Attachment 187440 Details for
Bug 223196
net/haproxy-devel: fix build with LibreSSL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for net/haproxy-devel
patch-net_haproxy-devel-1.8dev3 (text/plain), 7.67 KB, created by
Bernard Spil
on 2017-10-24 14:31:23 UTC
(
hide
)
Description:
svn diff for net/haproxy-devel
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2017-10-24 14:31:23 UTC
Size:
7.67 KB
patch
obsolete
>Index: net/haproxy-devel/Makefile >=================================================================== >--- net/haproxy-devel/Makefile (revision 452645) >+++ net/haproxy-devel/Makefile (working copy) >@@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= haproxy >-DISTVERSION= 1.8-dev2 >-PORTREVISION= 2 >+DISTVERSION= 1.8-dev3 > CATEGORIES= net www > MASTER_SITES= http://www.haproxy.org/download/1.8/src/devel/ > PKGNAMESUFFIX= -devel >Index: net/haproxy-devel/distinfo >=================================================================== >--- net/haproxy-devel/distinfo (revision 452645) >+++ net/haproxy-devel/distinfo (working copy) >@@ -1,5 +1,3 @@ >-TIMESTAMP = 1504203934 >-SHA256 (haproxy-1.8-dev2.tar.gz) = 45f42107e8730fc7bf324523d148d67aae6a65f0d4a4b981273d3dcefd6de2e1 >-SIZE (haproxy-1.8-dev2.tar.gz) = 1850881 >-SHA256 (deviceatlas-enterprise-c-2.1.2_2.tgz) = feaa9198a5d6bed125b34742bd626ad0a0fcb862803916cd7d974413f8bdfdce >-SIZE (deviceatlas-enterprise-c-2.1.2_2.tgz) = 184368 >+TIMESTAMP = 1508842116 >+SHA256 (haproxy-1.8-dev3.tar.gz) = 8f6856b4ff03408af702fbdb3b9374c3e718b8479cd999445a33d4f2c48f7711 >+SIZE (haproxy-1.8-dev3.tar.gz) = 1893407 >Index: net/haproxy-devel/files/patch-src_ssl__sock.c >=================================================================== >--- net/haproxy-devel/files/patch-src_ssl__sock.c (revision 452645) >+++ net/haproxy-devel/files/patch-src_ssl__sock.c (working copy) >@@ -1,4 +1,4 @@ >---- src/ssl_sock.c.orig 2017-06-02 13:59:51 UTC >+--- src/ssl_sock.c.orig 2017-10-22 08:13:45 UTC > +++ src/ssl_sock.c > @@ -56,7 +56,7 @@ > #include <openssl/engine.h> >@@ -5,7 +5,7 @@ > #endif > > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) > #include <openssl/async.h> > #endif > >@@ -14,32 +14,29 @@ > #endif > > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) > /* > * openssl async fd handler > */ >-@@ -1034,10 +1034,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *c >+@@ -1044,8 +1044,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c > ocsp = NULL; > > #ifndef SSL_CTX_get_tlsext_status_cb >--# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ >-- *cb = (void (*) (void))ctx->tlsext_status_cb; > +#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB > +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 >++#endif >+ # define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ >+- *cb = (void (*) (void))ctx->tlsext_status_cb; >++ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) > #endif >-+ callback = SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, 0, callback); >-+#else > SSL_CTX_get_tlsext_status_cb(ctx, &callback); >-+#endif > >- if (!callback) { >- struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg)); >-@@ -1063,7 +1066,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c >+@@ -1073,7 +1076,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c > int key_type; > EVP_PKEY *pkey; > > -#ifdef SSL_CTX_get_tlsext_status_arg >-+#if defined(SSL_CTX_get_tlsext_status_arg) || (LIBRESSL_VERSION_NUMBER >= 0x2050100fL) >++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER) > +#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG > +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 > +#endif >@@ -46,75 +43,57 @@ > SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); > #else > cb_arg = ctx->tlsext_status_arg; >-@@ -3403,7 +3409,7 @@ int ssl_sock_load_cert_list_file(char *f >- #define SSL_MODE_SMALL_BUFFERS 0 >- #endif >- >--#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) && !defined(OPENSSL_IS_BORINGSSL) >-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) && !defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER) >- static void ssl_set_SSLv3_func(SSL_CTX *ctx, int is_server) >- { >- #if SSL_OP_NO_SSLv3 >-@@ -3560,7 +3566,7 @@ ssl_sock_initial_ctx(struct bind_conf *b >+@@ -3627,7 +3633,7 @@ ssl_sock_initial_ctx(struct bind_conf *b > options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE; > SSL_CTX_set_options(ctx, options); > > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) > if (global_ssl.async) > mode |= SSL_MODE_ASYNC; > #endif >-@@ -4010,7 +4016,7 @@ int ssl_sock_prepare_srv_ctx(struct serv >+@@ -4125,7 +4131,7 @@ int ssl_sock_prepare_srv_ctx(struct serv > options |= SSL_OP_NO_TICKET; > SSL_CTX_set_options(ctx, options); > > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) > if (global_ssl.async) > mode |= SSL_MODE_ASYNC; > #endif >-@@ -4526,7 +4532,7 @@ int ssl_sock_handshake(struct connection >- fd_cant_recv(conn->t.sock.fd); >+@@ -4638,7 +4644,7 @@ int ssl_sock_handshake(struct connection >+ fd_cant_recv(conn->handle.fd); > return 0; > } > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) > else if (ret == SSL_ERROR_WANT_ASYNC) { > ssl_async_process_fds(conn, conn->xprt_ctx); > return 0; >-@@ -4610,7 +4616,7 @@ int ssl_sock_handshake(struct connection >- fd_cant_recv(conn->t.sock.fd); >+@@ -4722,7 +4728,7 @@ int ssl_sock_handshake(struct connection >+ fd_cant_recv(conn->handle.fd); > return 0; > } > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) > else if (ret == SSL_ERROR_WANT_ASYNC) { > ssl_async_process_fds(conn, conn->xprt_ctx); > return 0; >-@@ -4802,7 +4808,7 @@ static int ssl_sock_to_buf(struct connec >- fd_cant_recv(conn->t.sock.fd); >- break; >- } >+@@ -4784,7 +4790,7 @@ int ssl_sock_handshake(struct connection >+ >+ reneg_ok: >+ > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >- else if (ret == SSL_ERROR_WANT_ASYNC) { >- ssl_async_process_fds(conn, conn->xprt_ctx); >- break; >-@@ -4910,7 +4916,7 @@ static int ssl_sock_from_buf(struct conn >- __conn_sock_want_recv(conn); >- break; >- } >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) >+ /* ASYNC engine API doesn't support moving read/write >+ * buffers. So we disable ASYNC mode right after >+ * the handshake to avoid buffer oveflows. >+@@ -4908,7 +4914,7 @@ static int ssl_sock_to_buf(struct connec >+ /* handshake is running, and it needs to enable write */ >+ conn->flags |= CO_FL_SSL_WAIT_HS; >+ __conn_sock_want_send(conn); > -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >- else if (ret == SSL_ERROR_WANT_ASYNC) { >- ssl_async_process_fds(conn, conn->xprt_ctx); >- break; >-@@ -4933,7 +4939,7 @@ static int ssl_sock_from_buf(struct conn >- static void ssl_sock_close(struct connection *conn) { >- >- if (conn->xprt_ctx) { >--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL >-+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) >- if (global_ssl.async) { >- OSSL_ASYNC_FD all_fd[32], afd; >- size_t num_all_fds = 0; >++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER) >+ /* Async mode can be re-enabled, because we're leaving data state.*/ >+ if (global_ssl.async) >+ SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=187440">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 223196
:
187402
|
187439
| 187440