Sat Oct 16 14:02:56 2021 UTC ()
Fix build on OpenBSD with native LibreSSL with patches taken from
OpenBSD ports. NFCI on other platforms.
(schmonz)
diff -r1.51 -r1.52 pkgsrc/security/p5-Net-SSLeay/distinfo
diff -r0 -r1.1 pkgsrc/security/p5-Net-SSLeay/patches/patch-SSLeay.xs
diff -r0 -r1.1 pkgsrc/security/p5-Net-SSLeay/patches/patch-t_local_43__misc__functions.t
--- pkgsrc/security/p5-Net-SSLeay/distinfo 2021/10/07 14:54:16 1.51
+++ pkgsrc/security/p5-Net-SSLeay/distinfo 2021/10/16 14:02:56 1.52
| @@ -1,5 +1,7 @@ | | | @@ -1,5 +1,7 @@ |
1 | $NetBSD: distinfo,v 1.51 2021/10/07 14:54:16 nia Exp $ | | 1 | $NetBSD: distinfo,v 1.52 2021/10/16 14:02:56 schmonz Exp $ |
2 | | | 2 | |
3 | RMD160 (Net-SSLeay-1.90.tar.gz) = f4efc35e2b150b0bcfd84dfeceaec0d2c4860546 | | 3 | RMD160 (Net-SSLeay-1.90.tar.gz) = f4efc35e2b150b0bcfd84dfeceaec0d2c4860546 |
4 | SHA512 (Net-SSLeay-1.90.tar.gz) = 8a5f251b5ef1d8c2d619d984594a7a22ddeed2e5e726fe683a45f299d7878f4ca8ffab00480ebf5ef7a94ae1fcf6be05dfdaa68b8bfe2ad68443150765adb891 | | 4 | SHA512 (Net-SSLeay-1.90.tar.gz) = 8a5f251b5ef1d8c2d619d984594a7a22ddeed2e5e726fe683a45f299d7878f4ca8ffab00480ebf5ef7a94ae1fcf6be05dfdaa68b8bfe2ad68443150765adb891 |
5 | Size (Net-SSLeay-1.90.tar.gz) = 534246 bytes | | 5 | Size (Net-SSLeay-1.90.tar.gz) = 534246 bytes |
| | | 6 | SHA1 (patch-SSLeay.xs) = f7937ae0c2dcf97462a44d6344ff20483cf07566 |
| | | 7 | SHA1 (patch-t_local_43__misc__functions.t) = 176e4993f9327237038312d2f23c5cfc065acc81 |
$NetBSD: patch-SSLeay.xs,v 1.1 2021/10/16 14:02:56 schmonz Exp $
Build with OpenBSD's LibreSSL (patch taken from OpenBSD ports).
--- SSLeay.xs.orig Thu Jan 21 15:14:11 2021
+++ SSLeay.xs
@@ -6172,7 +6172,7 @@ SSL_total_renegotiations(ssl)
OUTPUT:
RETVAL
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
void
SSL_SESSION_get_master_key(s)
SSL_SESSION * s
$NetBSD: patch-t_local_43__misc__functions.t,v 1.1 2021/10/16 14:02:56 schmonz Exp $
Patch taken from OpenBSD ports:
LibreSSL uses different names for TLS 1.3 ciphers.
LibreSSL does not define TLS1_3_VERSION, but test discovers TLS 1.3.
--- t/local/43_misc_functions.t.orig Thu Jan 21 15:14:11 2021
+++ t/local/43_misc_functions.t
@@ -40,6 +40,10 @@ our %tls_1_3_aead_cipher_to_keyblock_size = (
'TLS_AES_128_GCM_SHA256' => 56,
'TLS_AES_256_GCM_SHA384' => 88,
'TLS_CHACHA20_POLY1305_SHA256' => 88,
+ # LibreSSL uses different names
+ 'AEAD-AES128-GCM-SHA256' => 56,
+ 'AEAD-AES256-GCM-SHA384' => 88,
+ 'AEAD-CHACHA20-POLY1305-SHA256' => 88,
);
# Combine the AEAD hashes
@@ -56,6 +60,11 @@ our %version_str2int =
'TLSv1.2' => sub {return eval {Net::SSLeay::TLS1_2_VERSION();}},
'TLSv1.3' => sub {return eval {Net::SSLeay::TLS1_3_VERSION();}},
);
+
+# LibreSSL does not define TLS1_3_VERSION
+if (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) {
+ $version_str2int{'TLSv1.3'} = sub {return 0x0304};
+}
# Tests that don't need a connection
client_test_ciphersuites();