From owner-svn-ports-head@freebsd.org Sun Dec 23 13:36:55 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69B4E1333168; Sun, 23 Dec 2018 13:36:55 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1A14774CCA; Sun, 23 Dec 2018 13:36:55 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0E7D2DCA2; Sun, 23 Dec 2018 13:36:55 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wBNDat4U022874; Sun, 23 Dec 2018 13:36:55 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wBNDasNm022872; Sun, 23 Dec 2018 13:36:54 GMT (envelope-from pi@FreeBSD.org) Message-Id: <201812231336.wBNDasNm022872@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Sun, 23 Dec 2018 13:36:54 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r488220 - in head/databases/mongodb34: . files X-SVN-Group: ports-head X-SVN-Commit-Author: pi X-SVN-Commit-Paths: in head/databases/mongodb34: . files X-SVN-Commit-Revision: 488220 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 1A14774CCA X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.97)[-0.966,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Dec 2018 13:36:55 -0000 Author: pi Date: Sun Dec 23 13:36:54 2018 New Revision: 488220 URL: https://svnweb.freebsd.org/changeset/ports/488220 Log: databases/mongodb34: fix build with OpenSSL 1.1.x - ronald-lists@klop.ws becomes maintainer PR: 230698 Submitted by: tobik Reported by: brnrd Approved by: eric@camachat.org (maintainer) Obtained from: https://aur.archlinux.org/packages/mongodb-3.4 Added: head/databases/mongodb34/files/patch-asio-openssl-1.1.0 (contents, props changed) Modified: head/databases/mongodb34/Makefile Modified: head/databases/mongodb34/Makefile ============================================================================== --- head/databases/mongodb34/Makefile Sun Dec 23 13:33:31 2018 (r488219) +++ head/databases/mongodb34/Makefile Sun Dec 23 13:36:54 2018 (r488220) @@ -3,7 +3,7 @@ PORTNAME= mongodb DISTVERSIONPREFIX= r DISTVERSION= 3.4.16 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= databases net MASTER_SITES= https://fastdl.mongodb.org/src/ \ http://fastdl.mongodb.org/src/ \ @@ -18,8 +18,6 @@ COMMENT= Distributed document-oriented "NoSQL" databas LICENSE= AGPLv3 APACHE20 LICENSE_COMB= multi -BROKEN_SSL= openssl111 -BROKEN_SSL_REASON_openssl111= no member named 'SSLv2_method' in the global namespace ONLY_FOR_ARCHS= amd64 aarch64 ONLY_FOR_ARCHS_REASON= "Only supported on amd64 and aarch64 (i386 deprecated in v3)" Added: head/databases/mongodb34/files/patch-asio-openssl-1.1.0 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/databases/mongodb34/files/patch-asio-openssl-1.1.0 Sun Dec 23 13:36:54 2018 (r488220) @@ -0,0 +1,666 @@ +From 628e3ca9fe7a1bed1ce2308e2df4a1a4ecd1dfe7 Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Fri, 20 Mar 2015 08:46:51 +1100 +Subject: [PATCH] ERR_remove_state is deprecated, use ERR_remove_thread_state + instead. + +--- + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +index 2c40d40..da66fc1 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +@@ -63,7 +63,11 @@ public: + ::CRYPTO_set_id_callback(0); + ::CRYPTO_set_locking_callback(0); + ::ERR_free_strings(); ++#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) ++ ::ERR_remove_thread_state(NULL); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L) + ::ERR_remove_state(0); ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) + ::EVP_cleanup(); + ::CRYPTO_cleanup_all_ex_data(); + ::CONF_modules_unload(1); +From aa21de0944b4327f998fe161dde5ddaaf38cec5c Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Sat, 21 Mar 2015 20:52:42 +1100 +Subject: [PATCH] Remove redundant pointer check in SSL engine. + +--- + asio/include/asio/ssl/detail/impl/engine.ipp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp +index 5504411..2e4a39d 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp +@@ -206,7 +206,7 @@ const asio::error_code& engine::map_error_code( + + // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the + // underlying transport is passed through. +- if (ssl_ && ssl_->version == SSL2_VERSION) ++ if (ssl_->version == SSL2_VERSION) + return ec; + + // Otherwise, the peer should have negotiated a proper shutdown. +From 6c70257e20ef159c581298b54838361bb54bfce4 Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Thu, 1 Oct 2015 08:44:30 +1000 +Subject: [PATCH] Use SSL_CTX_clear_chain_certs, if available. + +--- + asio/include/asio/ssl/impl/context.ipp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp +index 08705e7..77da84e 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp +@@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain( + return ec; + } + ++#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) ++ ::SSL_CTX_clear_chain_certs(handle_); ++#else + if (handle_->extra_certs) + { + ::sk_X509_pop_free(handle_->extra_certs, X509_free); + handle_->extra_certs = 0; + } ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) + + while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, + handle_->default_passwd_callback, +From 92bfc623e6a71353dd2c783f4c9fef5591ac550d Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Thu, 19 Nov 2015 10:24:56 +1100 +Subject: [PATCH] Add new error category and constant for + ssl::error::stream_truncated. + +This error replaces uses of SSL_R_SHORT_READ, and indicates that the +SSL stream has been shut down abruptly. (I.e. the underlying socket +has been closed without performing an SSL-layer shutdown.) +--- + asio/include/asio/ssl/detail/impl/engine.ipp | 8 ++----- + asio/include/asio/ssl/error.hpp | 34 ++++++++++++++++++++++++++++ + asio/include/asio/ssl/impl/error.ipp | 33 ++++++++++++++++++++++++++- + 3 files changed, 68 insertions(+), 7 deletions(-) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp +index b59cf18..9abe010 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp +@@ -195,9 +195,7 @@ const asio::error_code& engine::map_error_code( + // If there's data yet to be read, it's an error. + if (BIO_wpending(ext_bio_)) + { +- ec = asio::error_code( +- ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), +- asio::error::get_ssl_category()); ++ ec = asio::ssl::error::stream_truncated; + return ec; + } + +@@ -209,9 +207,7 @@ const asio::error_code& engine::map_error_code( + // Otherwise, the peer should have negotiated a proper shutdown. + if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) + { +- ec = asio::error_code( +- ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), +- asio::error::get_ssl_category()); ++ ec = asio::ssl::error::stream_truncated; + } + + return ec; +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp +index 1385d2a..f044f59 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp +@@ -25,6 +25,7 @@ namespace error { + + enum ssl_errors + { ++ // Error numbers are those produced by openssl. + }; + + extern ASIO_DECL +@@ -34,6 +35,23 @@ static const asio::error_category& ssl_category + = asio::error::get_ssl_category(); + + } // namespace error ++namespace ssl { ++namespace error { ++ ++enum stream_errors ++{ ++ /// The underlying stream closed before the ssl stream gracefully shut down. ++ stream_truncated = 1 ++}; ++ ++extern ASIO_DECL ++const asio::error_category& get_stream_category(); ++ ++static const asio::error_category& stream_category ++ = asio::ssl::error::get_stream_category(); ++ ++} // namespace error ++} // namespace ssl + } // namespace asio + + #if defined(ASIO_HAS_STD_SYSTEM_ERROR) +@@ -44,6 +62,11 @@ template<> struct is_error_code_enum + static const bool value = true; + }; + ++template<> struct is_error_code_enum ++{ ++ static const bool value = true; ++}; ++ + } // namespace std + #endif // defined(ASIO_HAS_STD_SYSTEM_ERROR) + +@@ -57,6 +80,17 @@ inline asio::error_code make_error_code(ssl_errors e) + } + + } // namespace error ++namespace ssl { ++namespace error { ++ ++inline asio::error_code make_error_code(stream_errors e) ++{ ++ return asio::error_code( ++ static_cast(e), get_stream_category()); ++} ++ ++} // namespace error ++} // namespace ssl + } // namespace asio + + #include "asio/detail/pop_options.hpp" +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp +index 9e76039..8c20e81 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp +@@ -23,7 +23,6 @@ + + namespace asio { + namespace error { +- + namespace detail { + + class ssl_category : public asio::error_category +@@ -50,6 +49,38 @@ const asio::error_category& get_ssl_category() + } + + } // namespace error ++namespace ssl { ++namespace error { ++namespace detail { ++ ++class stream_category : public asio::error_category ++{ ++public: ++ const char* name() const ASIO_ERROR_CATEGORY_NOEXCEPT ++ { ++ return "asio.ssl.stream"; ++ } ++ ++ std::string message(int value) const ++ { ++ switch (value) ++ { ++ case stream_truncated: return "stream truncated"; ++ default: return "asio.ssl.stream error"; ++ } ++ } ++}; ++ ++} // namespace detail ++ ++const asio::error_category& get_stream_category() ++{ ++ static detail::stream_category instance; ++ return instance; ++} ++ ++} // namespace error ++} // namespace ssl + } // namespace asio + + #include "asio/detail/pop_options.hpp" +From 5fa80539834c10406611bb02c20cdba2a9171f4a Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Thu, 19 Nov 2015 10:25:42 +1100 +Subject: [PATCH] BoringSSL does not provide CONF_modules_unload. + +--- + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +index da66fc1..2a70bf5 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +@@ -70,7 +70,9 @@ public: + #endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) + ::EVP_cleanup(); + ::CRYPTO_cleanup_all_ex_data(); ++#if !defined(OPENSSL_IS_BORINGSSL) + ::CONF_modules_unload(1); ++#endif // !defined(OPENSSL_IS_BORINGSSL) + #if !defined(OPENSSL_NO_ENGINE) + ::ENGINE_cleanup(); + #endif // !defined(OPENSSL_NO_ENGINE) +From 062b19c97bb85f4625b46f93ee19b234948ff235 Mon Sep 17 00:00:00 2001 +From: Marcel Raad +Date: Fri, 1 Apr 2016 10:46:17 +0200 +Subject: [PATCH] Add compatibility with OpenSSL 1.1 - SSLv2 has been + completely removed from OpenSSL, even without OPENSSL_NO_SSL2 - there is a + new threading API without locking callbacks - struct SSL_CTX has been made + opaque and must be used via accessor functions - some cleanup functions have + been removed + +--- + asio/include/asio/ssl/detail/impl/engine.ipp | 2 + + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 20 ++++-- + asio/include/asio/ssl/impl/context.ipp | 71 +++++++++++++++++----- + 3 files changed, 72 insertions(+), 21 deletions(-) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp +index fa5d4b0..22b7cdd 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp +@@ -201,8 +201,10 @@ const asio::error_code& engine::map_error_code( + + // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the + // underlying transport is passed through. ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if (ssl_->version == SSL2_VERSION) + return ec; ++#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) + + // Otherwise, the peer should have negotiated a proper shutdown. + if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +index 700b678..62a49cd 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +@@ -39,11 +39,13 @@ public: + ::SSL_load_error_strings(); + ::OpenSSL_add_all_algorithms(); + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + mutexes_.resize(::CRYPTO_num_locks()); + for (size_t i = 0; i < mutexes_.size(); ++i) + mutexes_[i].reset(new asio::detail::mutex); + ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); + ::CRYPTO_set_id_callback(&do_init::openssl_id_func); ++#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) + + #if !defined(SSL_OP_NO_COMPRESSION) \ + && (OPENSSL_VERSION_NUMBER >= 0x00908000L) +@@ -60,22 +62,26 @@ public: + #endif // !defined(SSL_OP_NO_COMPRESSION) + // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::CRYPTO_set_id_callback(0); + ::CRYPTO_set_locking_callback(0); + ::ERR_free_strings(); +-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) +- ::ERR_remove_thread_state(NULL); +-#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L) +- ::ERR_remove_state(0); +-#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) + ::EVP_cleanup(); + ::CRYPTO_cleanup_all_ex_data(); ++#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10000000L) ++ ::ERR_remove_state(0); ++#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) ++ ::ERR_remove_thread_state(NULL); ++#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) + #if !defined(OPENSSL_IS_BORINGSSL) + ::CONF_modules_unload(1); + #endif // !defined(OPENSSL_IS_BORINGSSL) +-#if !defined(OPENSSL_NO_ENGINE) ++#if !defined(OPENSSL_NO_ENGINE) \ ++ && (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::ENGINE_cleanup(); + #endif // !defined(OPENSSL_NO_ENGINE) ++ // && (OPENSSL_VERSION_NUMBER < 0x10100000L) + } + + #if !defined(SSL_OP_NO_COMPRESSION) \ +@@ -104,10 +110,12 @@ private: + static void openssl_locking_func(int mode, int n, + const char* /*file*/, int /*line*/) + { ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if (mode & CRYPTO_LOCK) + instance()->mutexes_[n]->lock(); + else + instance()->mutexes_[n]->unlock(); ++#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) + } + + // Mutexes to be used in locking callbacks. +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp +index 02210d9..fde7709 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp +@@ -66,7 +66,8 @@ context::context(context::method m) + + switch (m) + { +-#if defined(OPENSSL_NO_SSL2) ++#if defined(OPENSSL_NO_SSL2) \ ++ || (OPENSSL_VERSION_NUMBER >= 0x10100000L) + case context::sslv2: + case context::sslv2_client: + case context::sslv2_server: +@@ -74,6 +75,7 @@ context::context(context::method m) + asio::error::invalid_argument, "context"); + break; + #else // defined(OPENSSL_NO_SSL2) ++ // || (OPENSSL_VERSION_NUMBER >= 0x10100000L) + case context::sslv2: + handle_ = ::SSL_CTX_new(::SSLv2_method()); + break; +@@ -84,6 +86,7 @@ context::context(context::method m) + handle_ = ::SSL_CTX_new(::SSLv2_server_method()); + break; + #endif // defined(OPENSSL_NO_SSL2) ++ // || (OPENSSL_VERSION_NUMBER >= 0x10100000L) + #if defined(OPENSSL_NO_SSL3) + case context::sslv3: + case context::sslv3_client: +@@ -192,13 +195,22 @@ context::~context() + { + if (handle_) + { +- if (handle_->default_passwd_callback_userdata) ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ void* cb_userdata = handle_->default_passwd_callback_userdata; ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ if (cb_userdata) + { + detail::password_callback_base* callback = + static_cast( +- handle_->default_passwd_callback_userdata); ++ cb_userdata); + delete callback; ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + handle_->default_passwd_callback_userdata = 0; ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + } + + if (SSL_CTX_get_app_data(handle_)) +@@ -528,10 +540,17 @@ ASIO_SYNC_OP_VOID context::use_certificate_chain( + bio_cleanup bio = { make_buffer_bio(chain) }; + if (bio.p) + { ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); ++ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ pem_password_cb* callback = handle_->default_passwd_callback; ++ void* cb_userdata = handle_->default_passwd_callback_userdata; ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + x509_cleanup cert = { + ::PEM_read_bio_X509_AUX(bio.p, 0, +- handle_->default_passwd_callback, +- handle_->default_passwd_callback_userdata) }; ++ callback, ++ cb_userdata) }; + if (!cert.p) + { + ec = asio::error_code(ERR_R_PEM_LIB, +@@ -559,8 +578,8 @@ ASIO_SYNC_OP_VOID context::use_certificate_chain( + #endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) + + while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, +- handle_->default_passwd_callback, +- handle_->default_passwd_callback_userdata)) ++ callback, ++ cb_userdata)) + { + if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert)) + { +@@ -625,6 +644,14 @@ ASIO_SYNC_OP_VOID context::use_private_key( + { + ::ERR_clear_error(); + ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); ++ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ pem_password_cb* callback = handle_->default_passwd_callback; ++ void* cb_userdata = handle_->default_passwd_callback_userdata; ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ + bio_cleanup bio = { make_buffer_bio(private_key) }; + if (bio.p) + { +@@ -636,8 +663,8 @@ ASIO_SYNC_OP_VOID context::use_private_key( + break; + case context_base::pem: + evp_private_key.p = ::PEM_read_bio_PrivateKey( +- bio.p, 0, handle_->default_passwd_callback, +- handle_->default_passwd_callback_userdata); ++ bio.p, 0, callback, ++ cb_userdata); + break; + default: + { +@@ -684,6 +711,14 @@ ASIO_SYNC_OP_VOID context::use_rsa_private_key( + { + ::ERR_clear_error(); + ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); ++ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ pem_password_cb* callback = handle_->default_passwd_callback; ++ void* cb_userdata = handle_->default_passwd_callback_userdata; ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ + bio_cleanup bio = { make_buffer_bio(private_key) }; + if (bio.p) + { +@@ -695,8 +730,8 @@ ASIO_SYNC_OP_VOID context::use_rsa_private_key( + break; + case context_base::pem: + rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey( +- bio.p, 0, handle_->default_passwd_callback, +- handle_->default_passwd_callback_userdata); ++ bio.p, 0, callback, ++ cb_userdata); + break; + default: + { +@@ -915,11 +950,17 @@ int context::verify_callback_function(int preverified, X509_STORE_CTX* ctx) + ASIO_SYNC_OP_VOID context::do_set_password_callback( + detail::password_callback_base* callback, asio::error_code& ec) + { +- if (handle_->default_passwd_callback_userdata) +- delete static_cast( +- handle_->default_passwd_callback_userdata); +- ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); ++ ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback); ++#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ void* old_callback = handle_->default_passwd_callback_userdata; + handle_->default_passwd_callback_userdata = callback; ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ ++ if (old_callback) ++ delete static_cast( ++ old_callback); + + SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function); + +From 69e44a4cc6eb5ba21ede409779a7b777c0eb3869 Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Sun, 28 Aug 2016 10:02:08 +1000 +Subject: [PATCH] Fix errors when OPENSSL_NO_DEPRECATED is defined. + +--- + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 23 +++++++++++----------- + asio/include/asio/ssl/detail/openssl_types.hpp | 2 ++ + 2 files changed, 13 insertions(+), 12 deletions(-) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +index 62a49cd..4cc9859 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +@@ -44,8 +44,10 @@ public: + for (size_t i = 0; i < mutexes_.size(); ++i) + mutexes_[i].reset(new asio::detail::mutex); + ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); +- ::CRYPTO_set_id_callback(&do_init::openssl_id_func); + #endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10000000L) ++ ::CRYPTO_set_id_callback(&do_init::openssl_id_func); ++#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) + + #if !defined(SSL_OP_NO_COMPRESSION) \ + && (OPENSSL_VERSION_NUMBER >= 0x00908000L) +@@ -62,8 +64,10 @@ public: + #endif // !defined(SSL_OP_NO_COMPRESSION) + // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10000000L) + ::CRYPTO_set_id_callback(0); ++#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::CRYPTO_set_locking_callback(0); + ::ERR_free_strings(); + ::EVP_cleanup(); +@@ -94,38 +98,33 @@ public: + // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) + + private: ++#if (OPENSSL_VERSION_NUMBER < 0x10000000L) + static unsigned long openssl_id_func() + { + #if defined(ASIO_WINDOWS) || defined(__CYGWIN__) + return ::GetCurrentThreadId(); + #else // defined(ASIO_WINDOWS) || defined(__CYGWIN__) +- void* id = instance()->thread_id_; +- if (id == 0) +- instance()->thread_id_ = id = &id; // Ugh. ++ void* id = &errno; + ASIO_ASSERT(sizeof(unsigned long) >= sizeof(void*)); + return reinterpret_cast(id); + #endif // defined(ASIO_WINDOWS) || defined(__CYGWIN__) + } ++#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + static void openssl_locking_func(int mode, int n, + const char* /*file*/, int /*line*/) + { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if (mode & CRYPTO_LOCK) + instance()->mutexes_[n]->lock(); + else + instance()->mutexes_[n]->unlock(); +-#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) + } + + // Mutexes to be used in locking callbacks. + std::vector > mutexes_; +- +-#if !defined(ASIO_WINDOWS) && !defined(__CYGWIN__) +- // The thread identifiers to be used by openssl. +- asio::detail::tss_ptr thread_id_; +-#endif // !defined(ASIO_WINDOWS) && !defined(__CYGWIN__) ++#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) + + #if !defined(SSL_OP_NO_COMPRESSION) \ + && (OPENSSL_VERSION_NUMBER >= 0x00908000L) +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp +index d9cfc71..eda740d 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp +@@ -21,7 +21,9 @@ + #if !defined(OPENSSL_NO_ENGINE) + # include + #endif // !defined(OPENSSL_NO_ENGINE) ++#include + #include ++#include + #include + #include "asio/detail/socket_types.hpp" + +From 2cde22623ca0fd9571d8d57c5a8965082d815e1c Mon Sep 17 00:00:00 2001 +From: Christopher Kohlhoff +Date: Tue, 13 Sep 2016 21:59:03 +1000 +Subject: [PATCH] Call SSL_COMP_free_compression_methods() on ssl cleanup. + +This call is needed for OpenSSL >=1.0.2 and <1.1.0. +--- + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +index 4cc9859..392eff9 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +@@ -78,6 +78,11 @@ public: + #elif (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::ERR_remove_thread_state(NULL); + #endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) \ ++ && (OPENSSL_VERSION_NUMBER < 0x10100000L) ++ ::SSL_COMP_free_compression_methods(); ++#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) ++ // && (OPENSSL_VERSION_NUMBER < 0x10100000L) + #if !defined(OPENSSL_IS_BORINGSSL) + ::CONF_modules_unload(1); + #endif // !defined(OPENSSL_IS_BORINGSSL) +From dc2b5b9ac09326ba1e38a28b48170063ca2b1332 Mon Sep 17 00:00:00 2001 +From: Marcel Raad +Date: Mon, 31 Oct 2016 10:32:19 +0100 +Subject: [PATCH] Fix compilation with OpenSSL 1.1 API + +With OPENSSL_API_COMPAT=0x10100000L, SSL_library_init, SSL_load_error_strings, and OpenSSL_add_all_algorithms are removed. +With OPENSSL_API_COMPAT=0x10000000L, these are function-style macros mapping to OPENSSL_init_ssl, which is called automatically anyway. + +References: +https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html +https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html +--- + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +index 392eff9..5de0caa 100644 +--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp ++++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp +@@ -35,11 +35,11 @@ class openssl_init_base::do_init + public: + do_init() + { ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::SSL_library_init(); + ::SSL_load_error_strings(); + ::OpenSSL_add_all_algorithms(); + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + mutexes_.resize(::CRYPTO_num_locks()); + for (size_t i = 0; i < mutexes_.size(); ++i) + mutexes_[i].reset(new asio::detail::mutex);