From owner-svn-ports-all@freebsd.org Sun Mar 26 10:40:50 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5872ED1DADD; Sun, 26 Mar 2017 10:40:50 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2980317B1; Sun, 26 Mar 2017 10:40:50 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2QAenrd019843; Sun, 26 Mar 2017 10:40:49 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2QAem6j019838; Sun, 26 Mar 2017 10:40:48 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201703261040.v2QAem6j019838@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Sun, 26 Mar 2017 10:40:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436952 - head/security/certificate-transparency/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2017 10:40:50 -0000 Author: brnrd Date: Sun Mar 26 10:40:48 2017 New Revision: 436952 URL: https://svnweb.freebsd.org/changeset/ports/436952 Log: security/certificate-transparency: Fix build issues with LibreSSL - Fix OPENSSL_VERSION_NUMBER checks - Fix LibreSSL detection - Modify CMS disabling to BoringSSL and LibreSSL PR: 217013 Obtained from: https://github.com/google/certificate-transparency/pull/1364 Added: head/security/certificate-transparency/files/patch-cpp_client_ssl__client.cc (contents, props changed) head/security/certificate-transparency/files/patch-cpp_log_cert.cc (contents, props changed) Modified: head/security/certificate-transparency/files/patch-Makefile.am head/security/certificate-transparency/files/patch-configure.ac head/security/certificate-transparency/files/patch-cpp-client-ct.cc Modified: head/security/certificate-transparency/files/patch-Makefile.am ============================================================================== --- head/security/certificate-transparency/files/patch-Makefile.am Sun Mar 26 10:37:25 2017 (r436951) +++ head/security/certificate-transparency/files/patch-Makefile.am Sun Mar 26 10:40:48 2017 (r436952) @@ -9,6 +9,15 @@ cpp/monitoring/prometheus/metrics.pb.cc \ cpp/monitoring/prometheus/metrics.pb.h \ proto/ct.pb.cc \ +@@ -112,7 +110,7 @@ TESTS = \ + cpp/util/sync_task_test \ + cpp/util/task_test + +-if !OPENSSL_IS_BORINGSSL ++if !OPENSSL_NO_CMS + TESTS += cpp/log/cms_verifier_test + endif + @@ -131,9 +129,6 @@ endif cpp/gtest-all.cc: $(GTEST_DIR)/src/gtest-all.cc $(AM_V_at)cp $^ $@ @@ -19,6 +28,15 @@ test/testdata/urlfetcher_test_certs/localhost-key.pem: test/create_url_fetcher_test_certs.sh $(AM_V_GEN)test/create_url_fetcher_test_certs.sh +@@ -217,7 +212,7 @@ cpp_libcore_a_SOURCES = \ + proto/ct.pb.cc \ + proto/ct.pb.h + +-if !OPENSSL_IS_BORINGSSL ++if !OPENSSL_NO_CMS + cpp_libcore_a_SOURCES += cpp/log/cms_verifier.cc + endif + @@ -226,8 +221,6 @@ cpp_libtest_a_CPPFLAGS = \ -I$(GTEST_DIR) \ $(AM_CPPFLAGS) @@ -28,3 +46,12 @@ cpp/util/testing.cc cpp_server_ct_mirror_LDADD = \ +@@ -907,7 +900,7 @@ cpp_log_cert_test_SOURCES = \ + cpp/log/cert_test.cc \ + cpp/util/util.cc + +-if !OPENSSL_IS_BORINGSSL ++if !OPENSSL_NO_CMS + cpp_log_cms_verifier_test_LDADD = \ + cpp/libcore.a \ + cpp/libtest.a \ Modified: head/security/certificate-transparency/files/patch-configure.ac ============================================================================== --- head/security/certificate-transparency/files/patch-configure.ac Sun Mar 26 10:37:25 2017 (r436951) +++ head/security/certificate-transparency/files/patch-configure.ac Sun Mar 26 10:40:48 2017 (r436952) @@ -29,3 +29,29 @@ save_LIBS="$LIBS" AS_UNSET([LIBS]) AC_SEARCH_LIBS([snappy_compress], [snappy],,, [$save_LIBS]) +@@ -146,6 +147,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#in + [AC_MSG_RESULT([yes]); openssl_is_boringssl=1], + [AC_MSG_RESULT([no])]) + ++AC_MSG_CHECKING([for LibreSSL]) ++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], ++ [[ ++ #ifndef LIBRESSL_VERSION_NUMBER ++ # error not LibreSSL ++ #endif ++ ]]) ++ ], ++ [AC_MSG_RESULT([yes]); openssl_is_libressl=1], ++ [AC_MSG_RESULT([no])]) ++ + save_LIBS="$LIBS" + AS_UNSET([LIBS]) + AC_SEARCH_LIBS([event_base_dispatch], [event],, [missing_libevent=1], +@@ -212,6 +224,7 @@ AM_CONDITIONAL([HAVE_ANT], [test -n "$AN + AM_CONDITIONAL([HAVE_LDNS], [test -z "$missing_ldns"]) + AM_CONDITIONAL([HAVE_OBJECTHASH], [test -z "$missing_objecthash"]) + AM_CONDITIONAL([OPENSSL_IS_BORINGSSL], [test -n "$openssl_is_boringssl"]) ++AM_CONDITIONAL([OPENSSL_NO_CMS], [test -z "$openssl_is_boringssl" -o -z "$openssl_is_boringssl"]) + AC_DEFINE_UNQUOTED([TEST_SRCDIR], ["$srcdir"], [Top of the source directory, for tests.]) + AC_SUBST([INSTALL_DIR]) + AC_CONFIG_FILES([Makefile]) Modified: head/security/certificate-transparency/files/patch-cpp-client-ct.cc ============================================================================== --- head/security/certificate-transparency/files/patch-cpp-client-ct.cc Sun Mar 26 10:37:25 2017 (r436951) +++ head/security/certificate-transparency/files/patch-cpp-client-ct.cc Sun Mar 26 10:40:48 2017 (r436952) @@ -1,49 +1,11 @@ ---- cpp/client/ct.cc.orig 2016-10-14 17:11:57 UTC +--- cpp/client/ct.cc.orig 2017-02-11 20:58:57 UTC +++ cpp/client/ct.cc -@@ -451,8 +451,8 @@ static void MakeCert() { - // (This means the relevant section should be last in the configuration.) - // 1.2.3.1=DER:[raw encoding of proof] - static void WriteProofToConfig() { -- CHECK(!FLAGS_sct_token.empty()) << google::ProgramUsage(); -- CHECK(!FLAGS_extensions_config_out.empty()) << google::ProgramUsage(); -+ CHECK(!FLAGS_sct_token.empty()) << gflags::ProgramUsage(); -+ CHECK(!FLAGS_extensions_config_out.empty()) << gflags::ProgramUsage(); - - string sct; - -@@ -479,8 +479,8 @@ static const char kPEMLabel[] = "SERVERI - // Wrap the proof in the format expected by the TLS extension, - // so that we can feed it to OpenSSL. - static void ProofToExtensionData() { -- CHECK(!FLAGS_sct_token.empty()) << google::ProgramUsage(); -- CHECK(!FLAGS_tls_extension_data_out.empty()) << google::ProgramUsage(); -+ CHECK(!FLAGS_sct_token.empty()) << gflags::ProgramUsage(); -+ CHECK(!FLAGS_tls_extension_data_out.empty()) << gflags::ProgramUsage(); - - string serialized_sct; - PCHECK(util::ReadBinaryFile(FLAGS_sct_token, &serialized_sct)) -@@ -939,13 +939,13 @@ int GetSTH() { - // Exit code upon abnormal exit (CHECK failures): != 0 - // (on UNIX, 134 is expected) - int main(int argc, char** argv) { -- google::SetUsageMessage(argv[0] + string(kUsage)); -+ gflags::SetUsageMessage(argv[0] + string(kUsage)); - util::InitCT(&argc, &argv); - ConfigureSerializerForV1CT(); - - const string main_command(argv[0]); - if (argc < 2) { -- std::cout << google::ProgramUsage(); -+ std::cout << gflags::ProgramUsage(); - return 1; - } - -@@ -983,7 +983,7 @@ int main(int argc, char** argv) { - } else if (cmd == "sth") { - ret = GetSTH(); - } else { -- std::cout << google::ProgramUsage(); -+ std::cout << gflags::ProgramUsage(); - ret = 1; - } +@@ -530,7 +530,7 @@ static void ProofToExtensionData() { + << " for writing:" << strerror(errno); + // Work around broken PEM_write() declaration in older OpenSSL versions. +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + PEM_write(out, const_cast(kPEMLabel), const_cast(""), + const_cast(reinterpret_cast( + extension_data_out.str().data())), Added: head/security/certificate-transparency/files/patch-cpp_client_ssl__client.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/certificate-transparency/files/patch-cpp_client_ssl__client.cc Sun Mar 26 10:40:48 2017 (r436952) @@ -0,0 +1,11 @@ +--- cpp/client/ssl_client.cc.orig 2016-10-14 17:11:57 UTC ++++ cpp/client/ssl_client.cc +@@ -88,7 +88,7 @@ SSLClient::SSLClient(const string& serve + + SSL_CTX_set_cert_verify_callback(ctx_.get(), &VerifyCallback, &verify_args_); + +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CTX_add_client_custom_ext(ctx_.get(), CT_EXTENSION_TYPE, NULL, NULL, + NULL, ExtensionCallback, &verify_args_); + #else Added: head/security/certificate-transparency/files/patch-cpp_log_cert.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/certificate-transparency/files/patch-cpp_log_cert.cc Sun Mar 26 10:40:48 2017 (r436952) @@ -0,0 +1,20 @@ +--- cpp/log/cert.cc.orig 2016-10-14 17:11:57 UTC ++++ cpp/log/cert.cc +@@ -31,7 +31,7 @@ using util::StatusOr; + using util::error::Code; + + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(OPENSSL_IS_BORINGSSL) ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER) + // Backport from 1.0.2-beta3. + static int i2d_re_X509_tbs(X509* x, unsigned char** pp) { + x->cert_info->enc.modified = 1; +@@ -39,7 +39,7 @@ static int i2d_re_X509_tbs(X509* x, unsi + } + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + static int X509_get_signature_nid(const X509* x) { + return OBJ_obj2nid(x->sig_alg->algorithm); + }