Sat Oct 16 14:02:56 2021 UTC ()
Fix build on OpenBSD with native LibreSSL with patches taken from
OpenBSD ports. NFCI on other platforms.


(schmonz)
diff -r1.51 -r1.52 pkgsrc/security/p5-Net-SSLeay/distinfo
diff -r0 -r1.1 pkgsrc/security/p5-Net-SSLeay/patches/patch-SSLeay.xs
diff -r0 -r1.1 pkgsrc/security/p5-Net-SSLeay/patches/patch-t_local_43__misc__functions.t
cvs diff -r1.51 -r1.52 pkgsrc/security/p5-Net-SSLeay/distinfo (expand / switch to unified diff)

--- pkgsrc/security/p5-Net-SSLeay/distinfo 2021/10/07 14:54:16 1.51
+++ pkgsrc/security/p5-Net-SSLeay/distinfo 2021/10/16 14:02:56 1.52
@@ -1,5 +1,7 @@ @@ -1,5 +1,7 @@
1$NetBSD: distinfo,v 1.51 2021/10/07 14:54:16 nia Exp $ 1$NetBSD: distinfo,v 1.52 2021/10/16 14:02:56 schmonz Exp $
2 2
3RMD160 (Net-SSLeay-1.90.tar.gz) = f4efc35e2b150b0bcfd84dfeceaec0d2c4860546 3RMD160 (Net-SSLeay-1.90.tar.gz) = f4efc35e2b150b0bcfd84dfeceaec0d2c4860546
4SHA512 (Net-SSLeay-1.90.tar.gz) = 8a5f251b5ef1d8c2d619d984594a7a22ddeed2e5e726fe683a45f299d7878f4ca8ffab00480ebf5ef7a94ae1fcf6be05dfdaa68b8bfe2ad68443150765adb891 4SHA512 (Net-SSLeay-1.90.tar.gz) = 8a5f251b5ef1d8c2d619d984594a7a22ddeed2e5e726fe683a45f299d7878f4ca8ffab00480ebf5ef7a94ae1fcf6be05dfdaa68b8bfe2ad68443150765adb891
5Size (Net-SSLeay-1.90.tar.gz) = 534246 bytes 5Size (Net-SSLeay-1.90.tar.gz) = 534246 bytes
 6SHA1 (patch-SSLeay.xs) = f7937ae0c2dcf97462a44d6344ff20483cf07566
 7SHA1 (patch-t_local_43__misc__functions.t) = 176e4993f9327237038312d2f23c5cfc065acc81
File Added: pkgsrc/security/p5-Net-SSLeay/patches/Attic/patch-SSLeay.xs
$NetBSD: patch-SSLeay.xs,v 1.1 2021/10/16 14:02:56 schmonz Exp $

Build with OpenBSD's LibreSSL (patch taken from OpenBSD ports).

--- SSLeay.xs.orig	Thu Jan 21 15:14:11 2021
+++ SSLeay.xs
@@ -6172,7 +6172,7 @@ SSL_total_renegotiations(ssl)
   OUTPUT:
   RETVAL
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
 void
 SSL_SESSION_get_master_key(s)
      SSL_SESSION *   s
File Added: pkgsrc/security/p5-Net-SSLeay/patches/Attic/patch-t_local_43__misc__functions.t
$NetBSD: patch-t_local_43__misc__functions.t,v 1.1 2021/10/16 14:02:56 schmonz Exp $

Patch taken from OpenBSD ports:

LibreSSL uses different names for TLS 1.3 ciphers.

LibreSSL does not define TLS1_3_VERSION, but test discovers TLS 1.3.

--- t/local/43_misc_functions.t.orig	Thu Jan 21 15:14:11 2021
+++ t/local/43_misc_functions.t
@@ -40,6 +40,10 @@ our %tls_1_3_aead_cipher_to_keyblock_size = (
      'TLS_AES_128_GCM_SHA256' => 56,
      'TLS_AES_256_GCM_SHA384' => 88,
      'TLS_CHACHA20_POLY1305_SHA256' => 88,
+     # LibreSSL uses different names
+     'AEAD-AES128-GCM-SHA256' => 56,
+     'AEAD-AES256-GCM-SHA384' => 88,
+     'AEAD-CHACHA20-POLY1305-SHA256' => 88,
     );
 
 # Combine the AEAD hashes
@@ -56,6 +60,11 @@ our %version_str2int =
      'TLSv1.2' => sub {return eval {Net::SSLeay::TLS1_2_VERSION();}},
      'TLSv1.3' => sub {return eval {Net::SSLeay::TLS1_3_VERSION();}},
     );
+
+# LibreSSL does not define TLS1_3_VERSION
+if (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) {
+    $version_str2int{'TLSv1.3'} = sub {return 0x0304};
+}
 
 # Tests that don't need a connection
 client_test_ciphersuites();