Date: Thu, 15 Feb 2018 12:47:58 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r461915 - in head/lang/python27: . files Message-ID: <201802151247.w1FClwoD003931@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Thu Feb 15 12:47:58 2018 New Revision: 461915 URL: https://svnweb.freebsd.org/changeset/ports/461915 Log: Fix build with OpenSSL 1.1.0 (security/openssl-devel) - Remove BROKEN_SSL=openssl-devel Reference: https://bugs.python.org/issue30622 https://github.com/python/cpython/commit/b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 PR: 222795 Submitted by: brnrd MFH: 2018Q1 Added: head/lang/python27/files/patch-issue30622 (contents, props changed) Modified: head/lang/python27/Makefile Modified: head/lang/python27/Makefile ============================================================================== --- head/lang/python27/Makefile Thu Feb 15 12:47:53 2018 (r461914) +++ head/lang/python27/Makefile Thu Feb 15 12:47:58 2018 (r461915) @@ -14,8 +14,6 @@ COMMENT= Interpreted object-oriented programming langu LICENSE= PSFL -BROKEN_SSL= openssl-devel - USES= cpe ncurses pathfix pkgconfig readline:port shebangfix ssl tar:xz PATHFIX_MAKEFILEIN= Makefile.pre.in USE_LDCONFIG= yes Added: head/lang/python27/files/patch-issue30622 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lang/python27/files/patch-issue30622 Thu Feb 15 12:47:58 2018 (r461915) @@ -0,0 +1,128 @@ +From b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 Mon Sep 17 00:00:00 2001 +From: Melvyn Sopacua <melvyn-sopacua@users.noreply.github.com> +Date: Mon, 4 Sep 2017 23:35:15 +0200 +Subject: [PATCH] bpo-30622: Change NPN detection: (#2079) + +* Change NPN detection: + +Version breakdown, support disabled (pre-patch/post-patch): +- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False +- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> +False/False +- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and +OPENSSL_NO_NEXTPROTONEG will be defined -> True/False + +Version breakdown support enabled (pre-patch/post-patch): +- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False +- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and +OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True +- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and +OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True + +* Refine NPN guard: + +- If NPN is disabled, but ALPN is available we need our callback +- Make clinic's ssl behave the same way + +This created a working ssl module for me, with NPN disabled and ALPN +enabled for OpenSSL 1.1.0f. + +Concerns to address: +The initial commit for NPN support into OpenSSL [1], had the +OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG +guard. The question is if that ever made it into a release. +This would need an ugly hack, something like: + + #if defined(OPENSSL_NO_NEXTPROTONEG) && \ + !defined(OPENSSL_NPN_NEGOTIATED) + # define OPENSSL_NPN_UNSUPPORTED 0 + # define OPENSSL_NPN_NEGOTIATED 1 + # define OPENSSL_NPN_NO_OVERLAP 2 + #endif + +[1] https://github.com/openssl/openssl/commit/68b33cc5c7 + +--- Modules/_ssl.c.orig 2017-09-16 17:38:35 UTC ++++ Modules/_ssl.c +@@ -280,7 +280,7 @@ static unsigned int _ssl_locks_count = 0 + typedef struct { + PyObject_HEAD + SSL_CTX *ctx; +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + unsigned char *npn_protocols; + int npn_protocols_len; + #endif +@@ -1502,7 +1502,7 @@ static PyObject *PySSL_version(PySSLSock + return PyUnicode_FromString(version); + } + +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) { + const unsigned char *out; + unsigned int outlen; +@@ -2030,7 +2030,7 @@ static PyMethodDef PySSLMethods[] = { + PySSL_peercert_doc}, + {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS}, + {"version", (PyCFunction)PySSL_version, METH_NOARGS}, +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS}, + #endif + #ifdef HAVE_ALPN +@@ -2140,7 +2140,7 @@ context_new(PyTypeObject *type, PyObject + return NULL; + } + self->ctx = ctx; +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + self->npn_protocols = NULL; + #endif + #ifdef HAVE_ALPN +@@ -2216,7 +2216,7 @@ context_dealloc(PySSLContext *self) + { + context_clear(self); + SSL_CTX_free(self->ctx); +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + PyMem_FREE(self->npn_protocols); + #endif + #ifdef HAVE_ALPN +@@ -2246,7 +2246,7 @@ set_ciphers(PySSLContext *self, PyObject + Py_RETURN_NONE; + } + +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN) + static int + do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen, + const unsigned char *server_protocols, unsigned int server_protocols_len, +@@ -2270,7 +2270,9 @@ do_protocol_selection(int alpn, unsigned + + return SSL_TLSEXT_ERR_OK; + } ++#endif + ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */ + static int + _advertiseNPN_cb(SSL *s, +@@ -2305,7 +2307,7 @@ _selectNPN_cb(SSL *s, + static PyObject * + _set_npn_protocols(PySSLContext *self, PyObject *args) + { +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + Py_buffer protos; + + if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos)) +@@ -4303,7 +4305,7 @@ init_ssl(void) + Py_INCREF(r); + PyModule_AddObject(m, "HAS_ECDH", r); + +-#ifdef OPENSSL_NPN_NEGOTIATED ++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + r = Py_True; + #else + r = Py_False;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802151247.w1FClwoD003931>