Date: Tue, 3 Apr 2018 09:46:32 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r466298 - head/www/nghttp2/files Message-ID: <201804030946.w339kWFj079115@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Tue Apr 3 09:46:31 2018 New Revision: 466298 URL: https://svnweb.freebsd.org/changeset/ports/466298 Log: Fix build with LibreSSL 2.7 PR: 226922 Submitted by: brnrd Added: head/www/nghttp2/files/patch-examples-client.c (contents, props changed) head/www/nghttp2/files/patch-examples-libevent-client.c (contents, props changed) head/www/nghttp2/files/patch-examples-libevent-server.c (contents, props changed) head/www/nghttp2/files/patch-src-HttpServer.cc (contents, props changed) head/www/nghttp2/files/patch-src-asio_common.cc (contents, props changed) head/www/nghttp2/files/patch-src-h2load.cc (contents, props changed) head/www/nghttp2/files/patch-src-nghttp.cc (contents, props changed) head/www/nghttp2/files/patch-src-shrpx_client_handler.cc (contents, props changed) head/www/nghttp2/files/patch-src-shrpx_config.cc (contents, props changed) head/www/nghttp2/files/patch-src-shrpx_connection.cc (contents, props changed) head/www/nghttp2/files/patch-src-shrpx_http2_session.cc (contents, props changed) head/www/nghttp2/files/patch-src-shrpx_live_check.cc (contents, props changed) head/www/nghttp2/files/patch-src-shrpx_tls.cc (contents, props changed) head/www/nghttp2/files/patch-src-ssl_compat.h (contents, props changed) Added: head/www/nghttp2/files/patch-examples-client.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-examples-client.c Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,12 @@ +--- examples/client.c.orig 2018-02-02 12:19:16 UTC ++++ examples/client.c +@@ -375,7 +375,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ct + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); + /* Set NPN callback */ ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); ++#endif + } + + static void ssl_handshake(SSL *ssl, int fd) { Added: head/www/nghttp2/files/patch-examples-libevent-client.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-examples-libevent-client.c Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,22 @@ +--- examples/libevent-client.c.orig 2018-02-02 12:19:16 UTC ++++ examples/libevent-client.c +@@ -335,7 +335,9 @@ static SSL_CTX *create_ssl_ctx(void) { + SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | + SSL_OP_NO_COMPRESSION | + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); ++#endif + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); +@@ -504,7 +506,9 @@ static void eventcb(struct bufferevent * + + ssl = bufferevent_openssl_get_ssl(session_data->bev); + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (alpn == NULL) { + SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); Added: head/www/nghttp2/files/patch-examples-libevent-server.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-examples-libevent-server.c Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,22 @@ +--- examples/libevent-server.c.orig 2018-02-02 12:19:16 UTC ++++ examples/libevent-server.c +@@ -172,7 +172,9 @@ static SSL_CTX *create_ssl_ctx(const cha + NGHTTP2_PROTO_VERSION_ID_LEN); + next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); ++#endif + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); +@@ -690,7 +692,9 @@ static void eventcb(struct bufferevent * + + ssl = bufferevent_openssl_get_ssl(session_data->bev); + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (alpn == NULL) { + SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); Added: head/www/nghttp2/files/patch-src-HttpServer.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-HttpServer.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,22 @@ +--- src/HttpServer.cc.orig 2018-02-17 11:15:19 UTC ++++ src/HttpServer.cc +@@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() { + const unsigned char *next_proto = nullptr; + unsigned int next_proto_len; + // Check the negotiated protocol in NPN or ALPN ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); ++#endif + for (int i = 0; i < 2; ++i) { + if (next_proto) { + auto proto = StringRef{next_proto, next_proto_len}; +@@ -2205,7 +2207,9 @@ int HttpServer::run() { + + next_proto = util::get_default_alpn(); + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + // ALPN selection callback + SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); Added: head/www/nghttp2/files/patch-src-asio_common.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-asio_common.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,12 @@ +--- src/asio_common.cc.orig 2018-02-02 12:19:16 UTC ++++ src/asio_common.cc +@@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socke + const unsigned char *next_proto = nullptr; + unsigned int next_proto_len = 0; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (next_proto == nullptr) { + SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); Added: head/www/nghttp2/files/patch-src-h2load.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-h2load.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,23 @@ +--- src/h2load.cc.orig 2018-02-02 12:19:16 UTC ++++ src/h2load.cc +@@ -857,7 +857,9 @@ int Client::connection_made() { + const unsigned char *next_proto = nullptr; + unsigned int next_proto_len; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (next_proto == nullptr) { + SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); +@@ -2399,8 +2401,10 @@ int main(int argc, char **argv) { + exit(EXIT_FAILURE); + } + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, + nullptr); ++#endif + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + std::vector<unsigned char> proto_list; Added: head/www/nghttp2/files/patch-src-nghttp.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-nghttp.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,11 @@ +--- src/nghttp.cc.orig 2018-03-25 12:28:55 UTC ++++ src/nghttp.cc +@@ -680,7 +680,7 @@ int HttpClient::initiate_connection() { + const auto &host_string = + config.host_override.empty() ? host : config.host_override; + +-#if (!defined(LIBRESSL_VERSION_NUMBER) && \ ++#if (!(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) && \ + OPENSSL_VERSION_NUMBER >= 0x10002000L) || \ + defined(OPENSSL_IS_BORINGSSL) + auto param = SSL_get0_param(ssl); Added: head/www/nghttp2/files/patch-src-shrpx_client_handler.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-shrpx_client_handler.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,12 @@ +--- src/shrpx_client_handler.cc.orig 2018-02-02 12:19:16 UTC ++++ src/shrpx_client_handler.cc +@@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto() + // First set callback for catch all cases + on_read_ = &ClientHandler::upstream_read; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (next_proto == nullptr) { + SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); Added: head/www/nghttp2/files/patch-src-shrpx_config.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-shrpx_config.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,109 @@ +--- src/shrpx_config.cc.orig 2018-02-27 12:18:50 UTC ++++ src/shrpx_config.cc +@@ -1222,7 +1222,7 @@ int parse_subcert_params(SubcertParams & + auto param = StringRef{first, end}; + + if (util::istarts_with_l(param, "sct-dir=")) { +-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + auto sct_dir = + StringRef{std::begin(param) + str_size("sct-dir="), std::end(param)}; + if (sct_dir.empty()) { +@@ -1230,9 +1230,9 @@ int parse_subcert_params(SubcertParams & + return -1; + } + out.sct_dir = sct_dir; +-#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) ++#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) + LOG(WARN) << "subcert: sct-dir requires OpenSSL >= 1.0.2"; +-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) ++#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) + } else if (!param.empty()) { + LOG(ERROR) << "subcert: " << param << ": unknown keyword"; + return -1; +@@ -1364,7 +1364,7 @@ int read_tls_sct_from_dir(std::vector<ui + } + } // namespace + +-#if !LIBRESSL_IN_USE ++#if !LIBRESSL_1_0_API + namespace { + // Reads PSK secrets from path, and parses each line. The result is + // directly stored into config->tls.psk_secrets. This function +@@ -1428,9 +1428,9 @@ int parse_psk_secrets(Config *config, co + return 0; + } + } // namespace +-#endif // !LIBRESSL_IN_USE ++#endif // !LIBRESSL_1_0_API + +-#if !LIBRESSL_IN_USE ++#if !LIBRESSL_1_0_API + namespace { + // Reads PSK secrets from path, and parses each line. The result is + // directly stored into config->tls.client.psk. This function returns +@@ -1490,7 +1490,7 @@ int parse_client_psk_secrets(Config *con + return 0; + } + } // namespace +-#endif // !LIBRESSL_IN_USE ++#endif // !LIBRESSL_1_0_API + + // generated by gennghttpxfun.py + int option_lookup_token(const char *name, size_t namelen) { +@@ -3454,19 +3454,19 @@ int parse_config(Config *config, int opt + return parse_uint_with_unit( + &config->http2.downstream.decoder_dynamic_table_size, opt, optarg); + case SHRPX_OPTID_ECDH_CURVES: +-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + config->tls.ecdh_curves = make_string_ref(config->balloc, optarg); +-#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) ++#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) + LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2"; +-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) ++#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) + return 0; + case SHRPX_OPTID_TLS_SCT_DIR: +-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + return read_tls_sct_from_dir(config->tls.sct_data, opt, optarg); +-#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) ++#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) + LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2"; + return 0; +-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) ++#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) + case SHRPX_OPTID_DNS_CACHE_TIMEOUT: + return parse_duration(&config->dns.timeout.cache, opt, optarg); + case SHRPX_OPTID_DNS_LOOKUP_TIMEOUT: +@@ -3489,23 +3489,23 @@ int parse_config(Config *config, int opt + return parse_duration(&config->conn.upstream.timeout.idle_read, opt, + optarg); + case SHRPX_OPTID_PSK_SECRETS: +-#if !LIBRESSL_IN_USE ++#if !LIBRESSL_1_0_API + return parse_psk_secrets(config, optarg); +-#else // LIBRESSL_IN_USE ++#else // LIBRESSL_1_0_API + LOG(WARN) + << opt + << ": ignored because underlying TLS library does not support PSK"; + return 0; +-#endif // LIBRESSL_IN_USE ++#endif // LIBRESSL_1_0_API + case SHRPX_OPTID_CLIENT_PSK_SECRETS: +-#if !LIBRESSL_IN_USE ++#if !LIBRESSL_1_0_API + return parse_client_psk_secrets(config, optarg); +-#else // LIBRESSL_IN_USE ++#else // LIBRESSL_1_0_API + LOG(WARN) + << opt + << ": ignored because underlying TLS library does not support PSK"; + return 0; +-#endif // LIBRESSL_IN_USE ++#endif // LIBRESSL_1_0_API + case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST: + config->tls.client.no_http2_cipher_black_list = + util::strieq_l("yes", optarg); Added: head/www/nghttp2/files/patch-src-shrpx_connection.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-shrpx_connection.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,12 @@ +--- src/shrpx_connection.cc.orig 2018-02-02 12:19:16 UTC ++++ src/shrpx_connection.cc +@@ -523,7 +523,9 @@ int Connection::check_http2_requirement( + const unsigned char *next_proto = nullptr; + unsigned int next_proto_len; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (next_proto == nullptr) { + SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); Added: head/www/nghttp2/files/patch-src-shrpx_http2_session.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-shrpx_http2_session.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,12 @@ +--- src/shrpx_http2_session.cc.orig 2018-02-02 12:19:16 UTC ++++ src/shrpx_http2_session.cc +@@ -1649,7 +1649,9 @@ int Http2Session::connection_made() { + const unsigned char *next_proto = nullptr; + unsigned int next_proto_len = 0; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (!next_proto) { + SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); Added: head/www/nghttp2/files/patch-src-shrpx_live_check.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-shrpx_live_check.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,12 @@ +--- src/shrpx_live_check.cc.orig 2018-02-02 12:19:16 UTC ++++ src/shrpx_live_check.cc +@@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() { + const unsigned char *next_proto = nullptr; + unsigned int next_proto_len = 0; + ++#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); ++#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (next_proto == nullptr) { + SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); Added: head/www/nghttp2/files/patch-src-shrpx_tls.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-shrpx_tls.cc Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,144 @@ +--- src/shrpx_tls.cc.orig 2018-03-25 12:28:55 UTC ++++ src/shrpx_tls.cc +@@ -360,7 +360,7 @@ int tls_session_new_cb(SSL *ssl, SSL_SES + + namespace { + SSL_SESSION *tls_session_get_cb(SSL *ssl, +-#if OPENSSL_1_1_API ++#if OPENSSL_1_1_API && !LIBRESSL_1_1_API + const unsigned char *id, + #else // !OPENSSL_1_1_API + unsigned char *id, +@@ -563,7 +563,7 @@ int alpn_select_proto_cb(SSL *ssl, const + } // namespace + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + +-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + + #ifndef TLSEXT_TYPE_signed_certificate_timestamp + #define TLSEXT_TYPE_signed_certificate_timestamp 18 +@@ -653,9 +653,9 @@ int legacy_sct_parse_cb(SSL *ssl, unsign + } // namespace + + #endif // !OPENSSL_1_1_1_API +-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + +-#if !LIBRESSL_IN_USE ++#ifndef OPENSSL_NO_PSK + namespace { + unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, + unsigned int max_psk_len) { +@@ -679,9 +679,9 @@ unsigned int psk_server_cb(SSL *ssl, con + return static_cast<unsigned int>(secret.size()); + } + } // namespace +-#endif // !LIBRESSL_IN_USE ++#endif // !OPENSSL_NO_PSK + +-#if !LIBRESSL_IN_USE ++#ifndef OPENSSL_NO_PSK + namespace { + unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out, + unsigned int max_identity_len, unsigned char *psk, +@@ -714,7 +714,7 @@ unsigned int psk_client_cb(SSL *ssl, con + return static_cast<unsigned int>(secret.size()); + } + } // namespace +-#endif // !LIBRESSL_IN_USE ++#endif // !OPENSSL_NO_PSK + + struct TLSProtocol { + StringRef name; +@@ -792,7 +792,7 @@ SSL_CTX *create_ssl_context(const char * + } + + #ifndef OPENSSL_NO_EC +-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + if (SSL_CTX_set1_curves_list(ssl_ctx, tlsconf.ecdh_curves.c_str()) != 1) { + LOG(FATAL) << "SSL_CTX_set1_curves_list " << tlsconf.ecdh_curves + << " failed"; +@@ -803,7 +803,7 @@ SSL_CTX *create_ssl_context(const char * + // function was deprecated in OpenSSL 1.1.0 and BoringSSL. + SSL_CTX_set_ecdh_auto(ssl_ctx, 1); + #endif // !defined(OPENSSL_IS_BORINGSSL) && !OPENSSL_1_1_API +-#else // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L ++#else // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L + // Use P-256, which is sufficiently secure at the time of this + // writing. + auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +@@ -814,7 +814,7 @@ SSL_CTX *create_ssl_context(const char * + } + SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); + EC_KEY_free(ecdh); +-#endif // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L ++#endif // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L + #endif // OPENSSL_NO_EC + + if (!tlsconf.dh_param_file.empty()) { +@@ -931,7 +931,7 @@ SSL_CTX *create_ssl_context(const char * + SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + +-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !LIBRESSL_1_0_API && !LIBRESSL_1_1_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + // SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp) + // returns 1, which means OpenSSL internally handles it. But + // OpenSSL handles signed_certificate_timestamp extension specially, +@@ -962,11 +962,11 @@ SSL_CTX *create_ssl_context(const char * + } + #endif // !OPENSSL_1_1_1_API + } +-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L + +-#if !LIBRESSL_IN_USE ++#ifndef OPENSSL_NO_PSK + SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb); +-#endif // !LIBRESSL_IN_USE ++#endif // !OPENSSL_NO_PSK + + auto tls_ctx_data = new TLSContextData(); + tls_ctx_data->cert_file = cert_file; +@@ -1114,9 +1114,9 @@ SSL_CTX *create_ssl_client_context( + #endif // HAVE_NEVERBLEED + } + +-#if !LIBRESSL_IN_USE ++#ifndef OPENSSL_NO_PSK + SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb); +-#endif // !LIBRESSL_IN_USE ++#endif // !OPENSSL_NO_PSK + + // NPN selection callback. This is required to set SSL_CTX because + // OpenSSL does not offer SSL_set_next_proto_select_cb. +@@ -1553,15 +1553,15 @@ int cert_lookup_tree_add_ssl_ctx( + SSL_CTX *ssl_ctx) { + std::array<uint8_t, NI_MAXHOST> buf; + +-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if !defined(LIBRESSL_1_0_API) && OPENSSL_VERSION_NUMBER >= 0x10002000L + auto cert = SSL_CTX_get0_certificate(ssl_ctx); +-#else // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < ++#else // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER < + // 0x10002000L + auto tls_ctx_data = + static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx)); + auto cert = load_certificate(tls_ctx_data->cert_file); + auto cert_deleter = defer(X509_free, cert); +-#endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < ++#endif // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER < + // 0x10002000L + + auto altnames = static_cast<GENERAL_NAMES *>( +@@ -1977,7 +1977,7 @@ StringRef get_x509_issuer_name(BlockAllo + #endif /* !WORDS_BIGENDIAN */ + + StringRef get_x509_serial(BlockAllocator &balloc, X509 *x) { +-#if OPENSSL_1_1_API ++#if OPENSSL_1_1_API && !LIBRESSL_1_1_API + auto sn = X509_get0_serialNumber(x); + uint64_t r; + if (ASN1_INTEGER_get_uint64(&r, sn) != 1) { Added: head/www/nghttp2/files/patch-src-ssl_compat.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nghttp2/files/patch-src-ssl_compat.h Tue Apr 3 09:46:31 2018 (r466298) @@ -0,0 +1,32 @@ +--- src/ssl_compat.h.orig 2018-02-27 12:18:50 UTC ++++ src/ssl_compat.h +@@ -26,16 +26,22 @@ + + #include <openssl/opensslv.h> + +-#if defined(LIBRESSL_VERSION_NUMBER) +-#define LIBRESSL_IN_USE 1 +-#else // !defined(LIBRESSL_VERSION_NUMBER) +-#define LIBRESSL_IN_USE 0 +-#endif // !defined(LIBRESSL_VERSION_NUMBER) ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L ++#define LIBRESSL_1_0_API 1 ++#define LIBRESSL_1_1_API 0 ++#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L ++#define LIBRESSL_1_0_API 0 ++#define LIBRESSL_1_1_API 1 ++#else // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L ++#define LIBRESSL_1_0_API 0 ++#define LIBRESSL_1_1_API 0 ++#endif // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L + + #define OPENSSL_1_1_API \ +- (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x1010000fL) ++ (!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x1010000fL) + + #define OPENSSL_1_1_1_API \ +- (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10101000L) ++ (!LIBRESSL_1_0_API && !LIBRESSL_1_1_API && \ ++ OPENSSL_VERSION_NUMBER >= 0x10101000L) + + #endif // OPENSSL_COMPAT_H
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804030946.w339kWFj079115>