--- Makefile (revision 513462) +++ Makefile (working copy) @@ -2,6 +2,7 @@ PORTNAME= network DISTVERSION= ${QT5_VERSION} +PORTREVISION= 1 CATEGORIES= net ipv6 PKGNAMEPREFIX= qt5- --- files/patch-qsslsocket_openssl11_symbols_p.h (nonexistent) +++ files/patch-qsslsocket_openssl11_symbols_p.h (working copy) @@ -0,0 +1,71 @@ +--- src/network/ssl/qsslsocket_openssl11_symbols_p.h.orig 2019-10-01 07:47:24 UTC ++++ src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -77,19 +77,48 @@ + + const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); + ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L ++// LibreSSL 2.7 has stack_st but not OPENSSL_STACK ++typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ ++// From the signature in LibreSSL ++#define OPENSSL_INIT_SETTINGS void ++// https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63 ++typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); ++#endif ++ ++ + Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); + Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); + +-int q_DSA_bits(DSA *a); ++#ifdef LIBRESSL_VERSION_NUMBER ++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p) ++#else ++ int q_DSA_bits(DSA *a); ++#endif + int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); + int q_EVP_PKEY_base_id(EVP_PKEY *a); + int q_RSA_bits(RSA *a); ++#ifdef LIBRESSL_VERSION_NUMBER ++int q_sk_num(OPENSSL_STACK *a); ++void q_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ++OPENSSL_STACK *q_sk_new_null(); ++void q_sk_push(OPENSSL_STACK *st, void *data); ++void q_sk_free(OPENSSL_STACK *a); ++void * q_sk_value(OPENSSL_STACK *a, int b); ++#define q_OPENSSL_sk_num(a) q_sk_num(a) ++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) ++#define q_OPENSSL_sk_new_null() q_sk_new_null() ++#define q_OPENSSL_sk_push(a, b) q_sk_push(a, b) ++#define q_OPENSSL_sk_free q_sk_free ++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) ++#else + Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a); + Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); + Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null(); + Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); + Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a); + Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ++#endif + int q_SSL_session_reused(SSL *a); + unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); + int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +@@ -110,12 +139,15 @@ STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE + void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); + int q_DH_bits(DH *dh); + +-# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ ++#define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +- ++#ifdef LIBRESSL_VERSION_NUMBER ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) ++#else + #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) + #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) +- ++#endif + #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) --- files/patch-src_network_ssl_qsslcontext_openssl.cpp (nonexistent) +++ files/patch-src_network_ssl_qsslcontext_openssl.cpp (working copy) @@ -0,0 +1,11 @@ +--- src/network/ssl/qsslcontext_openssl.cpp.orig 2019-10-01 08:05:51 UTC ++++ src/network/ssl/qsslcontext_openssl.cpp +@@ -265,7 +265,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC + } + #endif // ocsp + +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { + QSharedPointer cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free); + if (cctx) { --- files/patch-src_network_ssl_qsslsocket_openssl.cpp (nonexistent) +++ files/patch-src_network_ssl_qsslsocket_openssl.cpp (working copy) @@ -0,0 +1,11 @@ +--- src/network/ssl/qsslsocket_openssl.cpp.orig 2019-10-01 08:09:52 UTC ++++ src/network/ssl/qsslsocket_openssl.cpp +@@ -604,7 +604,7 @@ bool QSslSocketBackendPrivate::initSslContext() + q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback); + } + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x10101006L ++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER) + // Set the client callback for TLSv1.3 PSK + if (mode == QSslSocket::SslClientMode + && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) { --- files/patch-src_network_ssl_qsslsocket_openssl_symbols.cpp (nonexistent) +++ files/patch-src_network_ssl_qsslsocket_openssl_symbols.cpp (working copy) @@ -0,0 +1,106 @@ +Redefine SSL stack functions to their proper symbols in LibreSSL. +Also reference a redefined DSA_bits() that does not natively exist +in LibreSSL. + +Ensure that we link to the correct ssl library selected in +DEFAULT_VERSIONS. + +Do not define SSL_CONF_CTX symbols absent from LibreSSL. + +--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2018-12-03 11:15:26 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -152,6 +152,14 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, + DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) + DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) + DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) ++#ifdef LIBRESSL_VERSION_NUMBER ++DEFINEFUNC(int, sk_num, OPENSSL_STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++DEFINEFUNC(OPENSSL_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) ++DEFINEFUNC2(void, sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) ++#else + DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) + DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) + DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +@@ -159,6 +167,7 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMY + DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) + DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) ++#endif + DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) + DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) + #ifdef TLS1_3_VERSION +@@ -443,7 +452,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a + DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return) + DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return) + DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return); + DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return); + DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return); +@@ -846,8 +855,8 @@ static QPair loadOpenSsl() + #endif + #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so + // first attempt: the canonical name is libssl.so. +- libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER)); +- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); + if (libcrypto->load() && libssl->load()) { + // libssl.so. and libcrypto.so. found + return pair; +@@ -876,8 +885,8 @@ static QPair loadOpenSsl() + // macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third + // attempt, _after_ /Contents/Frameworks has been searched. + // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. +- libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); +- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1); + if (libcrypto->load() && libssl->load()) { + // libssl.so.0 and libcrypto.so.0 found + return pair; +@@ -961,12 +970,21 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(EVP_CIPHER_CTX_reset) + RESOLVEFUNC(EVP_PKEY_base_id) + RESOLVEFUNC(RSA_bits) ++#ifdef LIBRESSL_VERSION_NUMBER ++ RESOLVEFUNC(sk_new_null) ++ RESOLVEFUNC(sk_push) ++ RESOLVEFUNC(sk_free) ++ RESOLVEFUNC(sk_num) ++ RESOLVEFUNC(sk_pop_free) ++ RESOLVEFUNC(sk_value) ++#else + RESOLVEFUNC(OPENSSL_sk_new_null) + RESOLVEFUNC(OPENSSL_sk_push) + RESOLVEFUNC(OPENSSL_sk_free) + RESOLVEFUNC(OPENSSL_sk_num) + RESOLVEFUNC(OPENSSL_sk_pop_free) + RESOLVEFUNC(OPENSSL_sk_value) ++#endif + RESOLVEFUNC(DH_get0_pqg) + RESOLVEFUNC(SSL_CTX_set_options) + #ifdef TLS1_3_VERSION +@@ -1001,7 +1019,9 @@ bool q_resolveOpenSslSymbols() + + RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) + RESOLVEFUNC(DH_bits) ++#ifndef LIBRESSL_VERSION_NUMBER + RESOLVEFUNC(DSA_bits) ++#endif + + #if QT_CONFIG(dtls) + RESOLVEFUNC(DTLSv1_listen) +@@ -1237,7 +1257,7 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey) + RESOLVEFUNC(SSL_CTX_use_PrivateKey_file) + RESOLVEFUNC(SSL_CTX_get_cert_store); +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + RESOLVEFUNC(SSL_CONF_CTX_new); + RESOLVEFUNC(SSL_CONF_CTX_free); + RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx); --- files/patch-src_network_ssl_qsslsocket_openssl_symbols_p.h (nonexistent) +++ files/patch-src_network_ssl_qsslsocket_openssl_symbols_p.h (working copy) @@ -0,0 +1,24 @@ +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2019-10-01 07:47:06 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -72,6 +72,12 @@ + #include "qsslsocket_openssl_p.h" + #include + ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L ++# define TLS1_2_VERSION 0x0303 ++# define TLS_MAX_VERSION TLS1_2_VERSION ++# define TLS_ANY_VERSION 0x10000 ++#endif ++ + #if QT_CONFIG(ocsp) + #include "qocsp_p.h" + #endif +@@ -372,7 +378,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); + int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b); + int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c); + X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a); +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *q_SSL_CONF_CTX_new(); + void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a); + void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);