From owner-svn-ports-all@freebsd.org  Sat Jul 13 08:31:15 2019
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94AE515E380A;
 Sat, 13 Jul 2019 08:31:15 +0000 (UTC)
 (envelope-from mandree@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3AA89746AD;
 Sat, 13 Jul 2019 08:31:15 +0000 (UTC)
 (envelope-from mandree@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1442E23579;
 Sat, 13 Jul 2019 08:31:15 +0000 (UTC)
 (envelope-from mandree@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6D8VEfP098918;
 Sat, 13 Jul 2019 08:31:14 GMT (envelope-from mandree@FreeBSD.org)
Received: (from mandree@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6D8VEiq098917;
 Sat, 13 Jul 2019 08:31:14 GMT (envelope-from mandree@FreeBSD.org)
Message-Id: <201907130831.x6D8VEiq098917@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mandree set sender to
 mandree@FreeBSD.org using -f
From: Matthias Andree <mandree@FreeBSD.org>
Date: Sat, 13 Jul 2019 08:31:14 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r506516 - head/security/openvpn
X-SVN-Group: ports-head
X-SVN-Commit-Author: mandree
X-SVN-Commit-Paths: head/security/openvpn
X-SVN-Commit-Revision: 506516
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 3AA89746AD
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.90 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.90)[-0.899,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jul 2019 08:31:15 -0000

Author: mandree
Date: Sat Jul 13 08:31:14 2019
New Revision: 506516
URL: https://svnweb.freebsd.org/changeset/ports/506516

Log:
  OpenVPN won't compile with LibreSSL, mark IGNORE.
  
  Upstream maintainers are massively pushing back against patches
  offered so far with valid and concrete technical reasons and unsuitability
  of the LibreSSL version API that will create a maintenance nightmare.
  (And LibreSSL abusing the OpenSSL API.)
  
  PR:		238382
  Submitted by:	pizzamig

Modified:
  head/security/openvpn/Makefile

Modified: head/security/openvpn/Makefile
==============================================================================
--- head/security/openvpn/Makefile	Sat Jul 13 08:30:05 2019	(r506515)
+++ head/security/openvpn/Makefile	Sat Jul 13 08:31:14 2019	(r506516)
@@ -41,7 +41,7 @@ OPTIONS_SINGLE=		SSL
 OPTIONS_SINGLE_SSL=	OPENSSL MBEDTLS
 PKCS11_DESC=		Use security/pkcs11-helper
 EASYRSA_DESC=		Install security/easy-rsa RSA helper package
-MBEDTLS_DESC=		SSL/TLS via mbedTLS
+MBEDTLS_DESC=		SSL/TLS via mbedTLS (lacks TLS v1.3)
 TUNNELBLICK_DESC=	Tunnelblick XOR scramble patch (READ HELP!)
 X509ALTUSERNAME_DESC=	Enable --x509-username-field (OpenSSL only)
 SMALL_DESC=		Build a smaller executable with fewer features
@@ -62,6 +62,7 @@ X509ALTUSERNAME_PREVENTS_MSG=	OpenVPN ${DISTVERSION} c
 
 OPENSSL_USES=		ssl
 OPENSSL_CONFIGURE_ON=	--with-crypto-library=openssl
+IGNORE_SSL=		libressl libressl-devel
 
 LZ4_CONFIGURE_OFF=	--disable-lz4
 
@@ -113,17 +114,6 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
 .else
 # OpenSSL
 _tlslibs=libssl libcrypto
-.endif
-
-.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
-pre-everything::
-	@${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
-	@${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
-	@${ECHO_CMD} "You may wish to change your default SSL library"
-	@${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
-.  if !(defined(PACKAGE_BUILDING) || defined(BATCH))
-	@sleep 10
-.  endif
 .endif
 
 # sanity check that we don't inherit incompatible SSL libs through,