Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Mar 2020 07:47:46 +0000 (UTC)
From:      Jochen Neumeister <joneum@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r528273 - in branches/2020Q1/databases: mysql56-client mysql56-client/files mysql56-server mysql56-server/files
Message-ID:  <202003120747.02C7lkuO005561@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: joneum
Date: Thu Mar 12 07:47:46 2020
New Revision: 528273
URL: https://svnweb.freebsd.org/changeset/ports/528273

Log:
  MFH: r528272
  
  This fix a Problem, when MySQL build with libressl
  
  /var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:230:25: error: use of undeclared identifier 'SSL_OP_NO_TLSv1_3'
                          SSL_OP_NO_TLSv1_3 |
                          ^
  /var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:275:12: warning: implicit declaration of function 'SSL_CTX_set_ciphersuites' is invalid in C99 [-Wimplicit-function-declaration]
    if (0 == SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, ""))
  
  Special thanks for his help to: fluffy
  
  PR:		244320
  Sponsored by:	Netzkommune GmbH
  
  Approved by:	ports-secteam (joneum)

Added:
  branches/2020Q1/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc
     - copied unchanged from r528272, head/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc
  branches/2020Q1/databases/mysql56-client/files/patch-sql-common_client.c
     - copied unchanged from r528272, head/databases/mysql56-client/files/patch-sql-common_client.c
  branches/2020Q1/databases/mysql56-client/files/patch-sql_mysqld.cc
     - copied unchanged from r528272, head/databases/mysql56-client/files/patch-sql_mysqld.cc
  branches/2020Q1/databases/mysql56-client/files/patch-vio_vio.c
     - copied unchanged from r528272, head/databases/mysql56-client/files/patch-vio_vio.c
  branches/2020Q1/databases/mysql56-client/files/patch-vio_viossl.c
     - copied unchanged from r528272, head/databases/mysql56-client/files/patch-vio_viossl.c
  branches/2020Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c
     - copied unchanged from r528272, head/databases/mysql56-client/files/patch-vio_viosslfactories.c
  branches/2020Q1/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc
     - copied unchanged from r528272, head/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc
  branches/2020Q1/databases/mysql56-server/files/patch-sql-common_client.c
     - copied unchanged from r528272, head/databases/mysql56-server/files/patch-sql-common_client.c
  branches/2020Q1/databases/mysql56-server/files/patch-sql_mysqld.cc
     - copied unchanged from r528272, head/databases/mysql56-server/files/patch-sql_mysqld.cc
  branches/2020Q1/databases/mysql56-server/files/patch-vio_vio.c
     - copied unchanged from r528272, head/databases/mysql56-server/files/patch-vio_vio.c
  branches/2020Q1/databases/mysql56-server/files/patch-vio_viossl.c
     - copied unchanged from r528272, head/databases/mysql56-server/files/patch-vio_viossl.c
  branches/2020Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c
     - copied unchanged from r528272, head/databases/mysql56-server/files/patch-vio_viosslfactories.c
Modified:
  branches/2020Q1/databases/mysql56-client/Makefile
  branches/2020Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake
  branches/2020Q1/databases/mysql56-server/Makefile
  branches/2020Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake
Directory Properties:
  branches/2020Q1/   (props changed)

Modified: branches/2020Q1/databases/mysql56-client/Makefile
==============================================================================
--- branches/2020Q1/databases/mysql56-client/Makefile	Thu Mar 12 07:42:38 2020	(r528272)
+++ branches/2020Q1/databases/mysql56-client/Makefile	Thu Mar 12 07:47:46 2020	(r528273)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	mysql
-PORTREVISION=	0
+PORTREVISION=	1
 PKGNAMESUFFIX=	56-client
 
 COMMENT=	Multithreaded SQL database (client)

Modified: branches/2020Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake
==============================================================================
--- branches/2020Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake	Thu Mar 12 07:42:38 2020	(r528272)
+++ branches/2020Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake	Thu Mar 12 07:47:46 2020	(r528273)
@@ -1,11 +1,25 @@
---- cmake/ssl.cmake.orig	2016-11-28 13:36:22 UTC
+--- cmake/ssl.cmake.orig	2019-11-26 16:53:45 UTC
 +++ cmake/ssl.cmake
-@@ -176,7 +176,7 @@ MACRO (MYSQL_CHECK_SSL)
+@@ -189,13 +189,20 @@ MACRO (MYSQL_CHECK_SSL)
+         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
+         )
+     ENDIF()
+-    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
++    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
++    IF(HAVE_TLS1_3_VERSION)
+        ADD_DEFINITIONS(-DHAVE_TLSv13)
+     ENDIF()
      IF(OPENSSL_INCLUDE_DIR AND
         OPENSSL_LIBRARY   AND
         CRYPTO_LIBRARY      AND
 -       OPENSSL_MAJOR_VERSION STREQUAL "1"
 +       OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
++      )
++      SET(OPENSSL_FOUND TRUE)
++    ELSEIF(OPENSSL_INCLUDE_DIR AND
++       OPENSSL_LIBRARY   AND
++       CRYPTO_LIBRARY      AND
++       OPENSSL_MAJOR_VERSION STREQUAL "2"
        )
        SET(OPENSSL_FOUND TRUE)
      ELSE()

Copied: branches/2020Q1/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc (from r528272, head/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc)
@@ -0,0 +1,74 @@
+--- mysys_ssl/my_aes_openssl.cc.orig	2019-11-26 16:53:45 UTC
++++ mysys_ssl/my_aes_openssl.cc
+@@ -120,7 +120,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+                    const unsigned char *key, uint32 key_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX stack_ctx;
+   EVP_CIPHER_CTX *ctx= &stack_ctx;
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+@@ -135,7 +135,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+   if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_init(ctx);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ 
+@@ -148,7 +148,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+   if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);
+@@ -158,7 +158,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);
+@@ -172,7 +172,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+                    const unsigned char *key, uint32 key_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX stack_ctx;
+   EVP_CIPHER_CTX *ctx= &stack_ctx;
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+@@ -188,7 +188,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+   if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_init(ctx);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ 
+@@ -201,7 +201,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+   if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);
+@@ -211,7 +211,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);

Copied: branches/2020Q1/databases/mysql56-client/files/patch-sql-common_client.c (from r528272, head/databases/mysql56-client/files/patch-sql-common_client.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-client/files/patch-sql-common_client.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-client/files/patch-sql-common_client.c)
@@ -0,0 +1,15 @@
+--- sql-common/client.c.orig	2019-11-26 16:53:45 UTC
++++ sql-common/client.c
+@@ -1980,7 +1980,11 @@ static int ssl_verify_server_cert(Vio *vio, const char
+     goto error;
+   }
+ 
+-  cn= (char *) ASN1_STRING_data(cn_asn1);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  cn= (const char *) ASN1_STRING_data(cn_asn1);
++#else
++  cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
++#endif
+ 
+   // There should not be any NULL embedded in the CN
+   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))

Copied: branches/2020Q1/databases/mysql56-client/files/patch-sql_mysqld.cc (from r528272, head/databases/mysql56-client/files/patch-sql_mysqld.cc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-client/files/patch-sql_mysqld.cc	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-client/files/patch-sql_mysqld.cc)
@@ -0,0 +1,65 @@
+--- sql/mysqld.cc.orig	2019-11-26 16:53:45 UTC
++++ sql/mysqld.cc
+@@ -1258,7 +1258,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ss
+      *opt_ssl_crlpath= NULL;
+ 
+ #ifdef HAVE_OPENSSL
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #include <openssl/crypto.h>
+ typedef struct CRYPTO_dynlock_value
+ {
+@@ -2029,7 +2029,7 @@ static void clean_up_mutexes()
+   mysql_mutex_destroy(&LOCK_connection_count);
+ #ifdef HAVE_OPENSSL
+   mysql_mutex_destroy(&LOCK_des_key_file);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   for (int i= 0; i < CRYPTO_num_locks(); ++i)
+     mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
+   OPENSSL_free(openssl_stdlocks);
+@@ -2768,7 +2768,7 @@ bool one_thread_per_connection_end(THD *thd, bool bloc
+ 
+   // Clean up errors now, before possibly waiting for a new connection.
+ #ifndef EMBEDDED_LIBRARY
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ #endif
+@@ -4252,7 +4252,7 @@ static int init_thread_environment()
+ #ifdef HAVE_OPENSSL
+   mysql_mutex_init(key_LOCK_des_key_file,
+                    &LOCK_des_key_file, MY_MUTEX_INIT_FAST);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
+                                                      sizeof(openssl_lock_t));
+   for (int i= 0; i < CRYPTO_num_locks(); ++i)
+@@ -4301,7 +4301,7 @@ static int init_thread_environment()
+   OpenSSL 1.1 supports native platform threads,
+   so we don't need the following callback functions.
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ static unsigned long openssl_id_function()
+ {
+@@ -4375,7 +4375,7 @@ static void openssl_lock(int mode, openssl_lock_t *loc
+ static int init_ssl()
+ {
+ #ifdef HAVE_OPENSSL
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   CRYPTO_malloc_init();
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   OPENSSL_malloc_init();
+@@ -4392,7 +4392,7 @@ static int init_ssl()
+ 					  opt_ssl_cipher, &error,
+                                           opt_ssl_crl, opt_ssl_crlpath);
+     DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+     if (!ssl_acceptor_fd)

Copied: branches/2020Q1/databases/mysql56-client/files/patch-vio_vio.c (from r528272, head/databases/mysql56-client/files/patch-vio_vio.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-client/files/patch-vio_vio.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-client/files/patch-vio_vio.c)
@@ -0,0 +1,11 @@
+--- vio/vio.c.orig	2019-11-26 16:53:45 UTC
++++ vio/vio.c
+@@ -394,7 +394,7 @@ void vio_end(void)
+ {
+ #if defined(HAVE_OPENSSL)
+   // This one is needed on the client side
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   ERR_free_strings();

Copied: branches/2020Q1/databases/mysql56-client/files/patch-vio_viossl.c (from r528272, head/databases/mysql56-client/files/patch-vio_viossl.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-client/files/patch-vio_viossl.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-client/files/patch-vio_viossl.c)
@@ -0,0 +1,11 @@
+--- vio/viossl.c.orig	2019-11-26 16:53:45 UTC
++++ vio/viossl.c
+@@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+       for (j = 0; j < n; j++)
+       {
+         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+         DBUG_PRINT("info", ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));

Copied: branches/2020Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c (from r528272, head/databases/mysql56-client/files/patch-vio_viosslfactories.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-client/files/patch-vio_viosslfactories.c)
@@ -0,0 +1,20 @@
+--- vio/viosslfactories.c.orig	2019-11-26 16:53:45 UTC
++++ vio/viosslfactories.c
+@@ -91,7 +91,7 @@ static DH *get_dh2048(void)
+       DH_free(dh);
+       return NULL;
+     }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     dh->p= p;
+     dh->g= g;
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+@@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+     DBUG_RETURN(0);
+ 
+   if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+                                          SSLv23_client_method() :
+                                          SSLv23_server_method()
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */

Modified: branches/2020Q1/databases/mysql56-server/Makefile
==============================================================================
--- branches/2020Q1/databases/mysql56-server/Makefile	Thu Mar 12 07:42:38 2020	(r528272)
+++ branches/2020Q1/databases/mysql56-server/Makefile	Thu Mar 12 07:47:46 2020	(r528273)
@@ -3,7 +3,7 @@
 
 PORTNAME?=	mysql
 PORTVERSION=	5.6.47
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	databases
 MASTER_SITES=	MYSQL/MySQL-5.6
 PKGNAMESUFFIX?=	56-server

Modified: branches/2020Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake
==============================================================================
--- branches/2020Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake	Thu Mar 12 07:42:38 2020	(r528272)
+++ branches/2020Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake	Thu Mar 12 07:47:46 2020	(r528273)
@@ -1,11 +1,25 @@
---- cmake/ssl.cmake.orig	2016-11-28 13:36:22 UTC
+--- cmake/ssl.cmake.orig	2019-11-26 16:53:45 UTC
 +++ cmake/ssl.cmake
-@@ -176,7 +176,7 @@ MACRO (MYSQL_CHECK_SSL)
+@@ -189,13 +189,20 @@ MACRO (MYSQL_CHECK_SSL)
+         OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
+         )
+     ENDIF()
+-    IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
++    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
++    IF(HAVE_TLS1_3_VERSION)
+        ADD_DEFINITIONS(-DHAVE_TLSv13)
+     ENDIF()
      IF(OPENSSL_INCLUDE_DIR AND
         OPENSSL_LIBRARY   AND
         CRYPTO_LIBRARY      AND
 -       OPENSSL_MAJOR_VERSION STREQUAL "1"
 +       OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
++      )
++      SET(OPENSSL_FOUND TRUE)
++    ELSEIF(OPENSSL_INCLUDE_DIR AND
++       OPENSSL_LIBRARY   AND
++       CRYPTO_LIBRARY      AND
++       OPENSSL_MAJOR_VERSION STREQUAL "2"
        )
        SET(OPENSSL_FOUND TRUE)
      ELSE()

Copied: branches/2020Q1/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc (from r528272, head/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc)
@@ -0,0 +1,74 @@
+--- mysys_ssl/my_aes_openssl.cc.orig	2019-11-26 16:53:45 UTC
++++ mysys_ssl/my_aes_openssl.cc
+@@ -120,7 +120,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+                    const unsigned char *key, uint32 key_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX stack_ctx;
+   EVP_CIPHER_CTX *ctx= &stack_ctx;
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+@@ -135,7 +135,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+   if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_init(ctx);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ 
+@@ -148,7 +148,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+   if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);
+@@ -158,7 +158,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);
+@@ -172,7 +172,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+                    const unsigned char *key, uint32 key_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX stack_ctx;
+   EVP_CIPHER_CTX *ctx= &stack_ctx;
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+@@ -188,7 +188,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+   if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_init(ctx);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ 
+@@ -201,7 +201,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+   if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);
+@@ -211,7 +211,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX_cleanup(ctx);
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   EVP_CIPHER_CTX_free(ctx);

Copied: branches/2020Q1/databases/mysql56-server/files/patch-sql-common_client.c (from r528272, head/databases/mysql56-server/files/patch-sql-common_client.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-server/files/patch-sql-common_client.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-server/files/patch-sql-common_client.c)
@@ -0,0 +1,15 @@
+--- sql-common/client.c.orig	2019-11-26 16:53:45 UTC
++++ sql-common/client.c
+@@ -1980,7 +1980,11 @@ static int ssl_verify_server_cert(Vio *vio, const char
+     goto error;
+   }
+ 
+-  cn= (char *) ASN1_STRING_data(cn_asn1);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  cn= (const char *) ASN1_STRING_data(cn_asn1);
++#else
++  cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
++#endif
+ 
+   // There should not be any NULL embedded in the CN
+   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))

Copied: branches/2020Q1/databases/mysql56-server/files/patch-sql_mysqld.cc (from r528272, head/databases/mysql56-server/files/patch-sql_mysqld.cc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-server/files/patch-sql_mysqld.cc	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-server/files/patch-sql_mysqld.cc)
@@ -0,0 +1,65 @@
+--- sql/mysqld.cc.orig	2019-11-26 16:53:45 UTC
++++ sql/mysqld.cc
+@@ -1258,7 +1258,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ss
+      *opt_ssl_crlpath= NULL;
+ 
+ #ifdef HAVE_OPENSSL
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #include <openssl/crypto.h>
+ typedef struct CRYPTO_dynlock_value
+ {
+@@ -2029,7 +2029,7 @@ static void clean_up_mutexes()
+   mysql_mutex_destroy(&LOCK_connection_count);
+ #ifdef HAVE_OPENSSL
+   mysql_mutex_destroy(&LOCK_des_key_file);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   for (int i= 0; i < CRYPTO_num_locks(); ++i)
+     mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
+   OPENSSL_free(openssl_stdlocks);
+@@ -2768,7 +2768,7 @@ bool one_thread_per_connection_end(THD *thd, bool bloc
+ 
+   // Clean up errors now, before possibly waiting for a new connection.
+ #ifndef EMBEDDED_LIBRARY
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ #endif
+@@ -4252,7 +4252,7 @@ static int init_thread_environment()
+ #ifdef HAVE_OPENSSL
+   mysql_mutex_init(key_LOCK_des_key_file,
+                    &LOCK_des_key_file, MY_MUTEX_INIT_FAST);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
+                                                      sizeof(openssl_lock_t));
+   for (int i= 0; i < CRYPTO_num_locks(); ++i)
+@@ -4301,7 +4301,7 @@ static int init_thread_environment()
+   OpenSSL 1.1 supports native platform threads,
+   so we don't need the following callback functions.
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ static unsigned long openssl_id_function()
+ {
+@@ -4375,7 +4375,7 @@ static void openssl_lock(int mode, openssl_lock_t *loc
+ static int init_ssl()
+ {
+ #ifdef HAVE_OPENSSL
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   CRYPTO_malloc_init();
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   OPENSSL_malloc_init();
+@@ -4392,7 +4392,7 @@ static int init_ssl()
+ 					  opt_ssl_cipher, &error,
+                                           opt_ssl_crl, opt_ssl_crlpath);
+     DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+     if (!ssl_acceptor_fd)

Copied: branches/2020Q1/databases/mysql56-server/files/patch-vio_vio.c (from r528272, head/databases/mysql56-server/files/patch-vio_vio.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-server/files/patch-vio_vio.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-server/files/patch-vio_vio.c)
@@ -0,0 +1,11 @@
+--- vio/vio.c.orig	2019-11-26 16:53:45 UTC
++++ vio/vio.c
+@@ -394,7 +394,7 @@ void vio_end(void)
+ {
+ #if defined(HAVE_OPENSSL)
+   // This one is needed on the client side
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ERR_remove_thread_state(0);
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   ERR_free_strings();

Copied: branches/2020Q1/databases/mysql56-server/files/patch-vio_viossl.c (from r528272, head/databases/mysql56-server/files/patch-vio_viossl.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-server/files/patch-vio_viossl.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-server/files/patch-vio_viossl.c)
@@ -0,0 +1,11 @@
+--- vio/viossl.c.orig	2019-11-26 16:53:45 UTC
++++ vio/viossl.c
+@@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+       for (j = 0; j < n; j++)
+       {
+         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+         DBUG_PRINT("info", ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));

Copied: branches/2020Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c (from r528272, head/databases/mysql56-server/files/patch-vio_viosslfactories.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2020Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c	Thu Mar 12 07:47:46 2020	(r528273, copy of r528272, head/databases/mysql56-server/files/patch-vio_viosslfactories.c)
@@ -0,0 +1,20 @@
+--- vio/viosslfactories.c.orig	2019-11-26 16:53:45 UTC
++++ vio/viosslfactories.c
+@@ -91,7 +91,7 @@ static DH *get_dh2048(void)
+       DH_free(dh);
+       return NULL;
+     }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     dh->p= p;
+     dh->g= g;
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+@@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
+     DBUG_RETURN(0);
+ 
+   if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+                                          SSLv23_client_method() :
+                                          SSLv23_server_method()
+ #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003120747.02C7lkuO005561>