ports/www/tomcat-native/files/patch-src_sslcontext.c
Bernard Spil 7030a9c847 www/tomcat-native: Fix build with LibreSSL
- Remove IGNORE for LibreSSL
  - Add patches for OPENSSL_VERSION_NUMBER checks
  - Disable engine support for LibreSSL
  - Add compat macro and function

PR:		215196
2017-03-26 18:57:11 +00:00

83 lines
3.1 KiB
C

--- src/sslcontext.c.orig 2016-04-18 09:49:28 UTC
+++ src/sslcontext.c
@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
tcn_ssl_ctxt_t *c = NULL;
SSL_CTX *ctx = NULL;
jclass clazz;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
jint prot;
#endif
@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* always disable SSLv2, as per RFC 6176 */
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
if (!(protocol & SSL_PROTOCOL_SSLV3))
@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
#endif
-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
+#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
/* We first determine the maximum protocol version we should provide */
if (protocol & SSL_PROTOCOL_TLSV1_2) {
prot = TLS1_2_VERSION;
@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
prot = SSL3_VERSION;
}
SSL_CTX_set_min_proto_version(ctx, prot);
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
+#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
/*
* Configure additional context ingredients
@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/*
* Adapted from OpenSSL:
@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica
if (cipher == NULL) {
return "UNKNOWN";
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
kx = cipher->algorithm_mkey;
auth = cipher->algorithm_auth;
#else
@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica
{
case TCN_SSL_kRSA:
return SSL_TXT_RSA;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
case TCN_SSL_kDHr:
return SSL_TXT_DH "_" SSL_TXT_RSA;
case TCN_SSL_kDHd:
@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica
default:
return "UNKNOWN";
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
case TCN_SSL_kKRB5:
return SSL_TXT_KRB5;
case TCN_SSL_kECDHr:
@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica
}
static const char* SSL_authentication_method(const SSL* ssl) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
#else
/* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */