From nobody Mon Apr 29 17:10:28 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VSqb90xjjz5Jj3W;
	Mon, 29 Apr 2024 17:10:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VSqb90Qjlz4Z5y;
	Mon, 29 Apr 2024 17:10:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1714410629;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=FypD16t+3rXpToMxZvfqDr7Ms3lNSjAM6Z2T6V6PfAQ=;
	b=rgF0ceQOYddLKS7dudPKu91512+OgYw+zUjKkRAaWz/ZTa1xQ5wsIBjx16ezBzRJPaF21E
	vWm4irXoxjqKathbMRH3xX2QA0Z3BiXvNL0TlNKlCNZdlwRTNI8gg/FzcBJoGSv3k5XAyL
	g3w1DqnBCL+JTqdUY/aYNtmACzIcczmpDtqPfQKH3zNnQi7V9vGOYUlo3JEKIhrrQm23FZ
	tr90EdWwqujj28gV4orsGW4M09Qd+p2BBpIX7auB7J5HvtWu4WeHzL2Zk091YIruaOXlym
	is4ggkSeIzbFb5y+qUq6uTsIDzqHJSISSZZ40pJMlv6fKlfFUmqFrdz9W57Fjg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714410629; a=rsa-sha256; cv=none;
	b=gq2q4JInxcp4HAeoQcex001BA16Ns7I6i1F+Y8NGPQpfY/wZPaguFBd6SOMGV4srmVOrve
	nHupm5Tk0dDd1nzcIeeZO1TLOPPyPyH8KRQObRyayvYERB5iXzgp0fR/ZjMlwh5uAfhMsq
	CEOO3X+BeS9gytDIzHVA6liimi8H6y2n1HlIp/nVpX1V9KuUjITC5I9Ahd9hnjjt2V2K6A
	Whr/rtBXSTDcG+c7ya5TM3VSkXCgO3AD5IBsj8+/BAmchKVo9SZpgEESEQDrJaEQoupn2C
	E4ZelLPjnNdUam0LE+foh9HW8JQHLEiVt6OICZlBf1yccAMgmVNaH//G519AUg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1714410629;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=FypD16t+3rXpToMxZvfqDr7Ms3lNSjAM6Z2T6V6PfAQ=;
	b=YxCznwQ/qe3X2HD4MvlwrGVhI0VedUyAhY19k4tYaKkrl5tVT8FTzERaecXvDhBf+fzsT8
	YMrkk6cgfaAhbeRJReZv5d6FA0b2Z6sT2J+fxWec5MTyMbiR8uuxkes7b9hCHpTMysRvjM
	P9/Ag0yZumGFCGHfbC8HubYZjamnzpBLEY+oYeU77n6v34NoOj23sbFOBAFt+Xn+M0VXNk
	xP7ResTEFq6ks8M+/SjhG4izO57SvyFmTx2bQSc7jlzi2CqYiKVPAE6+mClEn+pCsoPCJv
	vRub6/Pe/x1YIYfc73QKmu2MS8oK9ixoQwBdSzbZJIZBOSsVjENX8mk/GvTRVQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VSqb871sCz1GMb;
	Mon, 29 Apr 2024 17:10:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43THAS0J044863;
	Mon, 29 Apr 2024 17:10:28 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43THAS65044860;
	Mon, 29 Apr 2024 17:10:28 GMT
	(envelope-from git)
Date: Mon, 29 Apr 2024 17:10:28 GMT
Message-Id: <202404291710.43THAS65044860@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Michael Osipov <michaelo@FreeBSD.org>
Subject: git: 145858d18e57 - main - www/tomcat-native2: new port
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: michaelo
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 145858d18e57843af64146a7f961e116b7266956
Auto-Submitted: auto-generated

The branch main has been updated by michaelo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=145858d18e57843af64146a7f961e116b7266956

commit 145858d18e57843af64146a7f961e116b7266956
Author:     Michael Osipov <michaelo@apache.org>
AuthorDate: 2024-04-17 09:45:43 +0000
Commit:     Michael Osipov <michaelo@FreeBSD.org>
CommitDate: 2024-04-29 17:09:47 +0000

    www/tomcat-native2: new port
    
    PR:             276736
    Approved by:    jrm (mentor)
    Tested by:      jonc@chen.org.nz
    Differential Revision:  https://reviews.freebsd.org/D44824
---
 www/Makefile                                       |  1 +
 www/tomcat-native2/Makefile                        | 37 +++++++++++++
 www/tomcat-native2/distinfo                        |  3 ++
 .../files/patch-include_ssl__private.h             | 12 +++++
 www/tomcat-native2/files/patch-src_ssl.c           | 63 ++++++++++++++++++++++
 www/tomcat-native2/files/patch-src_sslutils.c      | 14 +++++
 www/tomcat-native2/pkg-descr                       |  3 ++
 7 files changed, 133 insertions(+)

diff --git a/www/Makefile b/www/Makefile
index fe7e9865e7be..1864982cb05d 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -2384,6 +2384,7 @@
     SUBDIR += tokyopromenade
     SUBDIR += tomcat-devel
     SUBDIR += tomcat-native
+    SUBDIR += tomcat-native2
     SUBDIR += tomcat101
     SUBDIR += tomcat85
     SUBDIR += tomcat9
diff --git a/www/tomcat-native2/Makefile b/www/tomcat-native2/Makefile
new file mode 100644
index 000000000000..4cb291adc34c
--- /dev/null
+++ b/www/tomcat-native2/Makefile
@@ -0,0 +1,37 @@
+PORTNAME=	tomcat-native
+DISTVERSION=	2.0.7
+CATEGORIES=	www java
+MASTER_SITES=	https://archive.apache.org/dist/tomcat/tomcat-connectors/native/${PORTVERSION}/source/
+PKGNAMESUFFIX=	2
+DISTNAME=	${PORTNAME}-${PORTVERSION}-src
+
+MAINTAINER=	michaelo@apache.org
+COMMENT=	Tomcat native library
+WWW=		https://tomcat.apache.org/native-doc/
+
+LICENSE=	APACHE20
+
+LIB_DEPENDS=	libapr-1.so:devel/apr1
+
+USES=		libtool ssl
+USE_JAVA=	yes
+USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-apr=${LOCALBASE} \
+		--with-java-home=${JAVA_HOME} \
+		--with-ssl=${OPENSSLBASE} \
+		--disable-openssl-version-check
+
+WRKSRC=	${WRKDIR}/${DISTNAME}/native
+
+SOVERSION=	${PORTVERSION:E}
+MAJORVERSION=	${PORTVERSION:R:R}
+PLIST_FILES=	lib/libtcnative-${MAJORVERSION}.so \
+		lib/libtcnative-${MAJORVERSION}.so.0 \
+		lib/libtcnative-${MAJORVERSION}.so.0.0.${SOVERSION}
+
+post-install:
+	${RM} ${STAGEDIR}${PREFIX}/lib/libtcnative-${MAJORVERSION}.a
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libtcnative-${MAJORVERSION}.so.0.0.${SOVERSION}
+
+.include <bsd.port.mk>
diff --git a/www/tomcat-native2/distinfo b/www/tomcat-native2/distinfo
new file mode 100644
index 000000000000..6c7db5104702
--- /dev/null
+++ b/www/tomcat-native2/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1713346420
+SHA256 (tomcat-native-2.0.7-src.tar.gz) = 2c5afc7edc383e47660647e9a7071ad81f58e51c7f765c12f7e7afc9203b2d4d
+SIZE (tomcat-native-2.0.7-src.tar.gz) = 538131
diff --git a/www/tomcat-native2/files/patch-include_ssl__private.h b/www/tomcat-native2/files/patch-include_ssl__private.h
new file mode 100644
index 000000000000..80ff3e5c8cd9
--- /dev/null
+++ b/www/tomcat-native2/files/patch-include_ssl__private.h
@@ -0,0 +1,12 @@
+--- include/ssl_private.h.orig	2024-02-04 19:32:52 UTC
++++ include/ssl_private.h
+@@ -46,9 +46,6 @@
+ #include <openssl/x509v3.h>
+ #include <openssl/dh.h>
+ #include <openssl/bn.h>
+-#ifndef LIBRESSL_VERSION_NUMBER
+-#include <openssl/provider.h>
+-#endif
+ /* Avoid tripping over an engine build installed globally and detected
+  * when the user points at an explicit non-engine flavor of OpenSSL
+  */
diff --git a/www/tomcat-native2/files/patch-src_ssl.c b/www/tomcat-native2/files/patch-src_ssl.c
new file mode 100644
index 000000000000..b3b37819b955
--- /dev/null
+++ b/www/tomcat-native2/files/patch-src_ssl.c
@@ -0,0 +1,63 @@
+--- src/ssl.c.orig	2024-02-04 19:32:52 UTC
++++ src/ssl.c
+@@ -395,30 +395,14 @@ TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, js
+ 
+ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS)
+ {
+-#if defined(LIBRESSL_VERSION_NUMBER)
+     UNREFERENCED(o);
+-    /* LibreSSL doesn't support FIPS */
+-    return 0;
++#ifdef OPENSSL_FIPS
++    return FIPS_mode();
+ #else
+-    EVP_MD              *md;
+-    const OSSL_PROVIDER *provider;
+-    const char          *name;
+-    UNREFERENCED(o);
++    /* FIPS is unavailable */
++    tcn_ThrowException(e, "FIPS was not available to tcnative at build time. You will need to re-build tcnative against an OpenSSL with FIPS.");
+ 
+-    // Maps the OpenSSL 3. x onwards behaviour to theOpenSSL 1.x API
+-
+-    // Checks that FIPS is the default provider
+-    md = EVP_MD_fetch(NULL, "SHA-512", NULL);
+-    provider = EVP_MD_get0_provider(md);
+-    name = OSSL_PROVIDER_get0_name(provider);
+-    // Clean up
+-    EVP_MD_free(md);
+-
+-    if (strcmp("fips", name)) {
+-        return 0;
+-    } else {
+-        return 1;
+-    }
++    return 0;
+ #endif
+ }
+ 
+@@ -427,8 +411,22 @@ TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS
+     int r = 0;
+     UNREFERENCED(o);
+ 
+-    /* This method should never be called when using Tomcat Native 2.x onwards */
+-    tcn_ThrowException(e, "fipsModeSet is not supported in Tomcat Native 2.x onwards.");
++#ifdef OPENSSL_FIPS
++    if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
++      /* arrange to get a human-readable error message */
++      unsigned long err = SSL_ERR_get();
++      char msg[256];
++
++      /* ERR_load_crypto_strings() already called in initialize() */
++
++      ERR_error_string_n(err, msg, 256);
++
++      tcn_ThrowException(e, msg);
++    }
++#else
++    /* FIPS is unavailable */
++    tcn_ThrowException(e, "FIPS was not available to tcnative at build time. You will need to re-build tcnative against an OpenSSL with FIPS.");
++#endif
+ 
+     return r;
+ }
diff --git a/www/tomcat-native2/files/patch-src_sslutils.c b/www/tomcat-native2/files/patch-src_sslutils.c
new file mode 100644
index 000000000000..39d22ddc7850
--- /dev/null
+++ b/www/tomcat-native2/files/patch-src_sslutils.c
@@ -0,0 +1,14 @@
+--- src/sslutils.c.orig	2024-02-04 19:32:52 UTC
++++ src/sslutils.c
+@@ -946,11 +946,7 @@ static OCSP_RESPONSE *get_ocsp_response(apr_pool_t *p,
+     int ok = 0;
+     apr_socket_t *apr_sock = NULL;
+     apr_pool_t *mp;
+-#ifdef LIBRESSL_VERSION_NUMBER
+     if (OCSP_parse_url(url, &hostname, &c_port, &path, &use_ssl) == 0)
+-#else
+-    if (OSSL_HTTP_parse_url(url, &use_ssl, NULL, &hostname, &c_port, NULL, &path, NULL, NULL) == 0)
+-#endif
+         goto end;
+ 
+     if (sscanf(c_port, "%d", &port) != 1)
diff --git a/www/tomcat-native2/pkg-descr b/www/tomcat-native2/pkg-descr
new file mode 100644
index 000000000000..35d1f60cfb90
--- /dev/null
+++ b/www/tomcat-native2/pkg-descr
@@ -0,0 +1,3 @@
+The Apache Tomcat Native Library is an optional component for use with Apache
+Tomcat that allows Tomcat to use OpenSSL as a replacement for JSSE to support
+TLS connections.