From owner-svn-ports-all@freebsd.org  Thu Feb 15 12:48:21 2018
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9FC3F1B93D;
 Thu, 15 Feb 2018 12:48:21 +0000 (UTC)
 (envelope-from sunpoet@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 62B4B77139;
 Thu, 15 Feb 2018 12:48:21 +0000 (UTC)
 (envelope-from sunpoet@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E1CA11EEBC;
 Thu, 15 Feb 2018 12:48:20 +0000 (UTC)
 (envelope-from sunpoet@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1FCmKxg004503;
 Thu, 15 Feb 2018 12:48:20 GMT (envelope-from sunpoet@FreeBSD.org)
Received: (from sunpoet@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1FCmK6h004502;
 Thu, 15 Feb 2018 12:48:20 GMT (envelope-from sunpoet@FreeBSD.org)
Message-Id: <201802151248.w1FCmK6h004502@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sunpoet set sender to
 sunpoet@FreeBSD.org using -f
From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
Date: Thu, 15 Feb 2018 12:48:20 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r461919 - head/lang/python34/files
X-SVN-Group: ports-head
X-SVN-Commit-Author: sunpoet
X-SVN-Commit-Paths: head/lang/python34/files
X-SVN-Commit-Revision: 461919
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2018 12:48:22 -0000

Author: sunpoet
Date: Thu Feb 15 12:48:20 2018
New Revision: 461919
URL: https://svnweb.freebsd.org/changeset/ports/461919

Log:
  Fix build with OpenSSL 1.1.0 (security/openssl-devel)
  
  Reference:	https://bugs.python.org/issue30622
  		https://github.com/python/cpython/commit/b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8
  PR:		225882
  Submitted by:	brnrd
  MFH:		2018Q1

Added:
  head/lang/python34/files/patch-issue30622   (contents, props changed)

Added: head/lang/python34/files/patch-issue30622
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lang/python34/files/patch-issue30622	Thu Feb 15 12:48:20 2018	(r461919)
@@ -0,0 +1,118 @@
+From b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 Mon Sep 17 00:00:00 2001
+From: Melvyn Sopacua <melvyn-sopacua@users.noreply.github.com>
+Date: Mon, 4 Sep 2017 23:35:15 +0200
+Subject: [PATCH] bpo-30622: Change NPN detection: (#2079)
+
+* Change NPN detection:
+
+Version breakdown, support disabled (pre-patch/post-patch):
+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined ->
+False/False
+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
+OPENSSL_NO_NEXTPROTONEG will be defined -> True/False
+
+Version breakdown support enabled (pre-patch/post-patch):
+- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
+- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and
+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
+- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
+OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
+
+* Refine NPN guard:
+
+- If NPN is disabled, but ALPN is available we need our callback
+- Make clinic's ssl behave the same way
+
+This created a working ssl module for me, with NPN disabled and ALPN
+enabled for OpenSSL 1.1.0f.
+
+Concerns to address:
+The initial commit for NPN support into OpenSSL [1], had the
+OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG
+guard. The question is if that ever made it into a release.
+This would need an ugly hack, something like:
+
+	#if defined(OPENSSL_NO_NEXTPROTONEG) && \
+		!defined(OPENSSL_NPN_NEGOTIATED)
+	#	define OPENSSL_NPN_UNSUPPORTED 0
+	#	define OPENSSL_NPN_NEGOTIATED 1
+	#	define OPENSSL_NPN_NO_OVERLAP 2
+	#endif
+
+[1] https://github.com/openssl/openssl/commit/68b33cc5c7
+
+--- Modules/_ssl.c.orig	2018-02-04 23:40:38 UTC
++++ Modules/_ssl.c
+@@ -207,7 +207,7 @@ static unsigned int _ssl_locks_count = 0
+ typedef struct {
+     PyObject_HEAD
+     SSL_CTX *ctx;
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     char *npn_protocols;
+     int npn_protocols_len;
+ #endif
+@@ -1403,7 +1403,7 @@ static PyObject *PySSL_cipher (PySSLSock
+     return NULL;
+ }
+ 
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) {
+     const unsigned char *out;
+     unsigned int outlen;
+@@ -1920,7 +1920,7 @@ static PyMethodDef PySSLMethods[] = {
+     {"peer_certificate", (PyCFunction)PySSL_peercert, METH_VARARGS,
+      PySSL_peercert_doc},
+     {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS},
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
+ #endif
+     {"compression", (PyCFunction)PySSL_compression, METH_NOARGS},
+@@ -2027,7 +2027,7 @@ context_new(PyTypeObject *type, PyObject
+         return NULL;
+     }
+     self->ctx = ctx;
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     self->npn_protocols = NULL;
+ #endif
+ #ifndef OPENSSL_NO_TLSEXT
+@@ -2099,7 +2099,7 @@ context_dealloc(PySSLContext *self)
+ {
+     context_clear(self);
+     SSL_CTX_free(self->ctx);
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     PyMem_Free(self->npn_protocols);
+ #endif
+     Py_TYPE(self)->tp_free(self);
+@@ -2126,7 +2126,7 @@ set_ciphers(PySSLContext *self, PyObject
+     Py_RETURN_NONE;
+ }
+ 
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
+ static int
+ _advertiseNPN_cb(SSL *s,
+@@ -2175,7 +2175,7 @@ _selectNPN_cb(SSL *s,
+ static PyObject *
+ _set_npn_protocols(PySSLContext *self, PyObject *args)
+ {
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     Py_buffer protos;
+ 
+     if (!PyArg_ParseTuple(args, "y*:set_npn_protocols", &protos))
+@@ -4130,7 +4130,7 @@ PyInit__ssl(void)
+     Py_INCREF(r);
+     PyModule_AddObject(m, "HAS_ECDH", r);
+ 
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     r = Py_True;
+ #else
+     r = Py_False;