Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Apr 2018 09:46:32 +0000 (UTC)
From:      Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r466298 - head/www/nghttp2/files
Message-ID:  <201804030946.w339kWFj079115@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: sunpoet
Date: Tue Apr  3 09:46:31 2018
New Revision: 466298
URL: https://svnweb.freebsd.org/changeset/ports/466298

Log:
  Fix build with LibreSSL 2.7
  
  PR:		226922
  Submitted by:	brnrd

Added:
  head/www/nghttp2/files/patch-examples-client.c   (contents, props changed)
  head/www/nghttp2/files/patch-examples-libevent-client.c   (contents, props changed)
  head/www/nghttp2/files/patch-examples-libevent-server.c   (contents, props changed)
  head/www/nghttp2/files/patch-src-HttpServer.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-asio_common.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-h2load.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-nghttp.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-shrpx_client_handler.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-shrpx_config.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-shrpx_connection.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-shrpx_http2_session.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-shrpx_live_check.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-shrpx_tls.cc   (contents, props changed)
  head/www/nghttp2/files/patch-src-ssl_compat.h   (contents, props changed)

Added: head/www/nghttp2/files/patch-examples-client.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-examples-client.c	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,12 @@
+--- examples/client.c.orig	2018-02-02 12:19:16 UTC
++++ examples/client.c
+@@ -375,7 +375,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ct
+   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
+   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+   /* Set NPN callback */
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
++#endif
+ }
+ 
+ static void ssl_handshake(SSL *ssl, int fd) {

Added: head/www/nghttp2/files/patch-examples-libevent-client.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-examples-libevent-client.c	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,22 @@
+--- examples/libevent-client.c.orig	2018-02-02 12:19:16 UTC
++++ examples/libevent-client.c
+@@ -335,7 +335,9 @@ static SSL_CTX *create_ssl_ctx(void) {
+                       SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
+                           SSL_OP_NO_COMPRESSION |
+                           SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
++#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
+@@ -504,7 +506,9 @@ static void eventcb(struct bufferevent *
+ 
+     ssl = bufferevent_openssl_get_ssl(session_data->bev);
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+     SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+     if (alpn == NULL) {
+       SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);

Added: head/www/nghttp2/files/patch-examples-libevent-server.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-examples-libevent-server.c	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,22 @@
+--- examples/libevent-server.c.orig	2018-02-02 12:19:16 UTC
++++ examples/libevent-server.c
+@@ -172,7 +172,9 @@ static SSL_CTX *create_ssl_ctx(const cha
+          NGHTTP2_PROTO_VERSION_ID_LEN);
+   next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
++#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
+@@ -690,7 +692,9 @@ static void eventcb(struct bufferevent *
+ 
+     ssl = bufferevent_openssl_get_ssl(session_data->bev);
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+     SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+     if (alpn == NULL) {
+       SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);

Added: head/www/nghttp2/files/patch-src-HttpServer.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-HttpServer.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,22 @@
+--- src/HttpServer.cc.orig	2018-02-17 11:15:19 UTC
++++ src/HttpServer.cc
+@@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() {
+   const unsigned char *next_proto = nullptr;
+   unsigned int next_proto_len;
+   // Check the negotiated protocol in NPN or ALPN
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len);
++#endif
+   for (int i = 0; i < 2; ++i) {
+     if (next_proto) {
+       auto proto = StringRef{next_proto, next_proto_len};
+@@ -2205,7 +2207,9 @@ int HttpServer::run() {
+ 
+     next_proto = util::get_default_alpn();
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+     SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+     // ALPN selection callback
+     SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this);

Added: head/www/nghttp2/files/patch-src-asio_common.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-asio_common.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,12 @@
+--- src/asio_common.cc.orig	2018-02-02 12:19:16 UTC
++++ src/asio_common.cc
+@@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socke
+   const unsigned char *next_proto = nullptr;
+   unsigned int next_proto_len = 0;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   if (next_proto == nullptr) {
+     SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);

Added: head/www/nghttp2/files/patch-src-h2load.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-h2load.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,23 @@
+--- src/h2load.cc.orig	2018-02-02 12:19:16 UTC
++++ src/h2load.cc
+@@ -857,7 +857,9 @@ int Client::connection_made() {
+     const unsigned char *next_proto = nullptr;
+     unsigned int next_proto_len;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+     SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+     if (next_proto == nullptr) {
+       SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);
+@@ -2399,8 +2401,10 @@ int main(int argc, char **argv) {
+     exit(EXIT_FAILURE);
+   }
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb,
+                                    nullptr);
++#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   std::vector<unsigned char> proto_list;

Added: head/www/nghttp2/files/patch-src-nghttp.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-nghttp.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,11 @@
+--- src/nghttp.cc.orig	2018-03-25 12:28:55 UTC
++++ src/nghttp.cc
+@@ -680,7 +680,7 @@ int HttpClient::initiate_connection() {
+       const auto &host_string =
+           config.host_override.empty() ? host : config.host_override;
+ 
+-#if (!defined(LIBRESSL_VERSION_NUMBER) &&                                      \
++#if (!(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) && \
+      OPENSSL_VERSION_NUMBER >= 0x10002000L) ||                                 \
+     defined(OPENSSL_IS_BORINGSSL)
+       auto param = SSL_get0_param(ssl);

Added: head/www/nghttp2/files/patch-src-shrpx_client_handler.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-shrpx_client_handler.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,12 @@
+--- src/shrpx_client_handler.cc.orig	2018-02-02 12:19:16 UTC
++++ src/shrpx_client_handler.cc
+@@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto()
+   // First set callback for catch all cases
+   on_read_ = &ClientHandler::upstream_read;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   if (next_proto == nullptr) {
+     SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);

Added: head/www/nghttp2/files/patch-src-shrpx_config.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-shrpx_config.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,109 @@
+--- src/shrpx_config.cc.orig	2018-02-27 12:18:50 UTC
++++ src/shrpx_config.cc
+@@ -1222,7 +1222,7 @@ int parse_subcert_params(SubcertParams &
+     auto param = StringRef{first, end};
+ 
+     if (util::istarts_with_l(param, "sct-dir=")) {
+-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+       auto sct_dir =
+           StringRef{std::begin(param) + str_size("sct-dir="), std::end(param)};
+       if (sct_dir.empty()) {
+@@ -1230,9 +1230,9 @@ int parse_subcert_params(SubcertParams &
+         return -1;
+       }
+       out.sct_dir = sct_dir;
+-#else  // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
++#else  // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
+       LOG(WARN) << "subcert: sct-dir requires OpenSSL >= 1.0.2";
+-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
++#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
+     } else if (!param.empty()) {
+       LOG(ERROR) << "subcert: " << param << ": unknown keyword";
+       return -1;
+@@ -1364,7 +1364,7 @@ int read_tls_sct_from_dir(std::vector<ui
+ }
+ } // namespace
+ 
+-#if !LIBRESSL_IN_USE
++#if !LIBRESSL_1_0_API
+ namespace {
+ // Reads PSK secrets from path, and parses each line.  The result is
+ // directly stored into config->tls.psk_secrets.  This function
+@@ -1428,9 +1428,9 @@ int parse_psk_secrets(Config *config, co
+   return 0;
+ }
+ } // namespace
+-#endif // !LIBRESSL_IN_USE
++#endif // !LIBRESSL_1_0_API
+ 
+-#if !LIBRESSL_IN_USE
++#if !LIBRESSL_1_0_API
+ namespace {
+ // Reads PSK secrets from path, and parses each line.  The result is
+ // directly stored into config->tls.client.psk.  This function returns
+@@ -1490,7 +1490,7 @@ int parse_client_psk_secrets(Config *con
+   return 0;
+ }
+ } // namespace
+-#endif // !LIBRESSL_IN_USE
++#endif // !LIBRESSL_1_0_API
+ 
+ // generated by gennghttpxfun.py
+ int option_lookup_token(const char *name, size_t namelen) {
+@@ -3454,19 +3454,19 @@ int parse_config(Config *config, int opt
+     return parse_uint_with_unit(
+         &config->http2.downstream.decoder_dynamic_table_size, opt, optarg);
+   case SHRPX_OPTID_ECDH_CURVES:
+-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+     config->tls.ecdh_curves = make_string_ref(config->balloc, optarg);
+-#else  // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
++#else  // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
+     LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2";
+-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
++#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
+     return 0;
+   case SHRPX_OPTID_TLS_SCT_DIR:
+-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+     return read_tls_sct_from_dir(config->tls.sct_data, opt, optarg);
+-#else  // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
++#else  // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
+     LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2";
+     return 0;
+-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
++#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
+   case SHRPX_OPTID_DNS_CACHE_TIMEOUT:
+     return parse_duration(&config->dns.timeout.cache, opt, optarg);
+   case SHRPX_OPTID_DNS_LOOKUP_TIMEOUT:
+@@ -3489,23 +3489,23 @@ int parse_config(Config *config, int opt
+     return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
+                           optarg);
+   case SHRPX_OPTID_PSK_SECRETS:
+-#if !LIBRESSL_IN_USE
++#if !LIBRESSL_1_0_API
+     return parse_psk_secrets(config, optarg);
+-#else  // LIBRESSL_IN_USE
++#else  // LIBRESSL_1_0_API
+     LOG(WARN)
+         << opt
+         << ": ignored because underlying TLS library does not support PSK";
+     return 0;
+-#endif // LIBRESSL_IN_USE
++#endif // LIBRESSL_1_0_API
+   case SHRPX_OPTID_CLIENT_PSK_SECRETS:
+-#if !LIBRESSL_IN_USE
++#if !LIBRESSL_1_0_API
+     return parse_client_psk_secrets(config, optarg);
+-#else  // LIBRESSL_IN_USE
++#else  // LIBRESSL_1_0_API
+     LOG(WARN)
+         << opt
+         << ": ignored because underlying TLS library does not support PSK";
+     return 0;
+-#endif // LIBRESSL_IN_USE
++#endif // LIBRESSL_1_0_API
+   case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
+     config->tls.client.no_http2_cipher_black_list =
+         util::strieq_l("yes", optarg);

Added: head/www/nghttp2/files/patch-src-shrpx_connection.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-shrpx_connection.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,12 @@
+--- src/shrpx_connection.cc.orig	2018-02-02 12:19:16 UTC
++++ src/shrpx_connection.cc
+@@ -523,7 +523,9 @@ int Connection::check_http2_requirement(
+   const unsigned char *next_proto = nullptr;
+   unsigned int next_proto_len;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   if (next_proto == nullptr) {
+     SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len);

Added: head/www/nghttp2/files/patch-src-shrpx_http2_session.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-shrpx_http2_session.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,12 @@
+--- src/shrpx_http2_session.cc.orig	2018-02-02 12:19:16 UTC
++++ src/shrpx_http2_session.cc
+@@ -1649,7 +1649,9 @@ int Http2Session::connection_made() {
+     const unsigned char *next_proto = nullptr;
+     unsigned int next_proto_len = 0;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+     SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+     if (!next_proto) {
+       SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);

Added: head/www/nghttp2/files/patch-src-shrpx_live_check.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-shrpx_live_check.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,12 @@
+--- src/shrpx_live_check.cc.orig	2018-02-02 12:19:16 UTC
++++ src/shrpx_live_check.cc
+@@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() {
+   const unsigned char *next_proto = nullptr;
+   unsigned int next_proto_len = 0;
+ 
++#ifndef OPENSSL_NO_NEXTPROTONEG
+   SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+   if (next_proto == nullptr) {
+     SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);

Added: head/www/nghttp2/files/patch-src-shrpx_tls.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-shrpx_tls.cc	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,144 @@
+--- src/shrpx_tls.cc.orig	2018-03-25 12:28:55 UTC
++++ src/shrpx_tls.cc
+@@ -360,7 +360,7 @@ int tls_session_new_cb(SSL *ssl, SSL_SES
+ 
+ namespace {
+ SSL_SESSION *tls_session_get_cb(SSL *ssl,
+-#if OPENSSL_1_1_API
++#if OPENSSL_1_1_API && !LIBRESSL_1_1_API
+                                 const unsigned char *id,
+ #else  // !OPENSSL_1_1_API
+                                 unsigned char *id,
+@@ -563,7 +563,7 @@ int alpn_select_proto_cb(SSL *ssl, const
+ } // namespace
+ #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+ 
+-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+ 
+ #ifndef TLSEXT_TYPE_signed_certificate_timestamp
+ #define TLSEXT_TYPE_signed_certificate_timestamp 18
+@@ -653,9 +653,9 @@ int legacy_sct_parse_cb(SSL *ssl, unsign
+ } // namespace
+ 
+ #endif // !OPENSSL_1_1_1_API
+-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+ 
+-#if !LIBRESSL_IN_USE
++#ifndef OPENSSL_NO_PSK
+ namespace {
+ unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
+                            unsigned int max_psk_len) {
+@@ -679,9 +679,9 @@ unsigned int psk_server_cb(SSL *ssl, con
+   return static_cast<unsigned int>(secret.size());
+ }
+ } // namespace
+-#endif // !LIBRESSL_IN_USE
++#endif // !OPENSSL_NO_PSK
+ 
+-#if !LIBRESSL_IN_USE
++#ifndef OPENSSL_NO_PSK
+ namespace {
+ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
+                            unsigned int max_identity_len, unsigned char *psk,
+@@ -714,7 +714,7 @@ unsigned int psk_client_cb(SSL *ssl, con
+   return static_cast<unsigned int>(secret.size());
+ }
+ } // namespace
+-#endif // !LIBRESSL_IN_USE
++#endif // !OPENSSL_NO_PSK
+ 
+ struct TLSProtocol {
+   StringRef name;
+@@ -792,7 +792,7 @@ SSL_CTX *create_ssl_context(const char *
+   }
+ 
+ #ifndef OPENSSL_NO_EC
+-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+   if (SSL_CTX_set1_curves_list(ssl_ctx, tlsconf.ecdh_curves.c_str()) != 1) {
+     LOG(FATAL) << "SSL_CTX_set1_curves_list " << tlsconf.ecdh_curves
+                << " failed";
+@@ -803,7 +803,7 @@ SSL_CTX *create_ssl_context(const char *
+   // function was deprecated in OpenSSL 1.1.0 and BoringSSL.
+   SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
+ #endif // !defined(OPENSSL_IS_BORINGSSL) && !OPENSSL_1_1_API
+-#else  // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L
++#else  // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L
+   // Use P-256, which is sufficiently secure at the time of this
+   // writing.
+   auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+@@ -814,7 +814,7 @@ SSL_CTX *create_ssl_context(const char *
+   }
+   SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
+   EC_KEY_free(ecdh);
+-#endif // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L
++#endif // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L
+ #endif // OPENSSL_NO_EC
+ 
+   if (!tlsconf.dh_param_file.empty()) {
+@@ -931,7 +931,7 @@ SSL_CTX *create_ssl_context(const char *
+   SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
+ #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+ 
+-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !LIBRESSL_1_0_API && !LIBRESSL_1_1_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+   // SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp)
+   // returns 1, which means OpenSSL internally handles it.  But
+   // OpenSSL handles signed_certificate_timestamp extension specially,
+@@ -962,11 +962,11 @@ SSL_CTX *create_ssl_context(const char *
+     }
+ #endif // !OPENSSL_1_1_1_API
+   }
+-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
+ 
+-#if !LIBRESSL_IN_USE
++#ifndef OPENSSL_NO_PSK
+   SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
+-#endif // !LIBRESSL_IN_USE
++#endif // !OPENSSL_NO_PSK
+ 
+   auto tls_ctx_data = new TLSContextData();
+   tls_ctx_data->cert_file = cert_file;
+@@ -1114,9 +1114,9 @@ SSL_CTX *create_ssl_client_context(
+ #endif // HAVE_NEVERBLEED
+   }
+ 
+-#if !LIBRESSL_IN_USE
++#ifndef OPENSSL_NO_PSK
+   SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
+-#endif // !LIBRESSL_IN_USE
++#endif // !OPENSSL_NO_PSK
+ 
+   // NPN selection callback.  This is required to set SSL_CTX because
+   // OpenSSL does not offer SSL_set_next_proto_select_cb.
+@@ -1553,15 +1553,15 @@ int cert_lookup_tree_add_ssl_ctx(
+     SSL_CTX *ssl_ctx) {
+   std::array<uint8_t, NI_MAXHOST> buf;
+ 
+-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if !defined(LIBRESSL_1_0_API) && OPENSSL_VERSION_NUMBER >= 0x10002000L
+   auto cert = SSL_CTX_get0_certificate(ssl_ctx);
+-#else  // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
++#else  // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER <
+   // 0x10002000L
+   auto tls_ctx_data =
+       static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
+   auto cert = load_certificate(tls_ctx_data->cert_file);
+   auto cert_deleter = defer(X509_free, cert);
+-#endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
++#endif // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER <
+        // 0x10002000L
+ 
+   auto altnames = static_cast<GENERAL_NAMES *>(
+@@ -1977,7 +1977,7 @@ StringRef get_x509_issuer_name(BlockAllo
+ #endif /* !WORDS_BIGENDIAN */
+ 
+ StringRef get_x509_serial(BlockAllocator &balloc, X509 *x) {
+-#if OPENSSL_1_1_API
++#if OPENSSL_1_1_API && !LIBRESSL_1_1_API
+   auto sn = X509_get0_serialNumber(x);
+   uint64_t r;
+   if (ASN1_INTEGER_get_uint64(&r, sn) != 1) {

Added: head/www/nghttp2/files/patch-src-ssl_compat.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/nghttp2/files/patch-src-ssl_compat.h	Tue Apr  3 09:46:31 2018	(r466298)
@@ -0,0 +1,32 @@
+--- src/ssl_compat.h.orig	2018-02-27 12:18:50 UTC
++++ src/ssl_compat.h
+@@ -26,16 +26,22 @@
+ 
+ #include <openssl/opensslv.h>
+ 
+-#if defined(LIBRESSL_VERSION_NUMBER)
+-#define LIBRESSL_IN_USE 1
+-#else // !defined(LIBRESSL_VERSION_NUMBER)
+-#define LIBRESSL_IN_USE 0
+-#endif // !defined(LIBRESSL_VERSION_NUMBER)
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
++#define LIBRESSL_1_0_API 1
++#define LIBRESSL_1_1_API 0
++#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++#define LIBRESSL_1_0_API 0
++#define LIBRESSL_1_1_API 1
++#else // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
++#define LIBRESSL_1_0_API 0
++#define LIBRESSL_1_1_API 0
++#endif // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
+ 
+ #define OPENSSL_1_1_API                                                        \
+-  (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
++  (!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+ 
+ #define OPENSSL_1_1_1_API                                                      \
+-  (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10101000L)
++  (!LIBRESSL_1_0_API && !LIBRESSL_1_1_API &&                                   \
++   OPENSSL_VERSION_NUMBER >= 0x10101000L)
+ 
+ #endif // OPENSSL_COMPAT_H



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804030946.w339kWFj079115>