From owner-svn-ports-all@freebsd.org  Sun Mar 26 18:57:13 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91F8BD1F813;
 Sun, 26 Mar 2017 18:57:13 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FA8418BA;
 Sun, 26 Mar 2017 18:57:13 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2QIvCZw026648;
 Sun, 26 Mar 2017 18:57:12 GMT (envelope-from brnrd@FreeBSD.org)
Received: (from brnrd@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2QIvBot026643;
 Sun, 26 Mar 2017 18:57:11 GMT (envelope-from brnrd@FreeBSD.org)
Message-Id: <201703261857.v2QIvBot026643@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: brnrd set sender to
 brnrd@FreeBSD.org using -f
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Sun, 26 Mar 2017 18:57:11 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r436979 - in head/www/tomcat-native: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 18:57:13 -0000

Author: brnrd
Date: Sun Mar 26 18:57:11 2017
New Revision: 436979
URL: https://svnweb.freebsd.org/changeset/ports/436979

Log:
  www/tomcat-native: Fix build with LibreSSL
  
    - Remove IGNORE for LibreSSL
    - Add patches for OPENSSL_VERSION_NUMBER checks
    - Disable engine support for LibreSSL
    - Add compat macro and function
  
  PR:		215196

Added:
  head/www/tomcat-native/files/patch-include_ssl__private.h   (contents, props changed)
  head/www/tomcat-native/files/patch-src_sslcontext.c   (contents, props changed)
  head/www/tomcat-native/files/patch-src_sslinfo.c   (contents, props changed)
  head/www/tomcat-native/files/patch-src_sslutils.c   (contents, props changed)
Modified:
  head/www/tomcat-native/Makefile

Modified: head/www/tomcat-native/Makefile
==============================================================================
--- head/www/tomcat-native/Makefile	Sun Mar 26 18:55:21 2017	(r436978)
+++ head/www/tomcat-native/Makefile	Sun Mar 26 18:57:11 2017	(r436979)
@@ -40,8 +40,4 @@ post-install:
 IGNORE_FreeBSD_10=	Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl)
 .endif
 
-.if ${SSL_DEFAULT:Mlibressl*}
-IGNORE=	Detected LibreSSL (missing numerous symbols during linking)
-.endif
-
 .include <bsd.port.post.mk>

Added: head/www/tomcat-native/files/patch-include_ssl__private.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/tomcat-native/files/patch-include_ssl__private.h	Sun Mar 26 18:57:11 2017	(r436979)
@@ -0,0 +1,32 @@
+--- include/ssl_private.h.orig	2016-04-19 10:08:10 UTC
++++ include/ssl_private.h
+@@ -49,6 +49,9 @@
+ /* Avoid tripping over an engine build installed globally and detected
+  * when the user points at an explicit non-engine flavor of OpenSSL
+  */
++#ifdef LIBRESSL_VERSION_NUMBER
++#define OPENSSL_NO_ENGINE
++#endif
+ #ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+ #endif
+@@ -204,7 +207,7 @@
+ #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
+ 
+ /* OpenSSL 1.0.2 compatibility */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER)
+ #define OpenSSL_version                  SSLeay_version
+ #define OpenSSL_version_num              SSLeay
+ #define OPENSSL_VERSION                  SSLEAY_VERSION
+@@ -231,6 +234,10 @@
+ #define TLS_server_method                SSLv23_server_method
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ 
++#ifdef LIBRESSL_VERSION_NUMBER
++#define SSL_CTX_add0_chain_cert          SSL_CTX_add_extra_chain_cert
++#endif
++
+ #define MAX_ALPN_NPN_PROTO_SIZE 65535
+ #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL            1
+ 

Added: head/www/tomcat-native/files/patch-src_sslcontext.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/tomcat-native/files/patch-src_sslcontext.c	Sun Mar 26 18:57:11 2017	(r436979)
@@ -0,0 +1,83 @@
+--- src/sslcontext.c.orig	2016-04-18 09:49:28 UTC
++++ src/sslcontext.c
+@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
+     tcn_ssl_ctxt_t *c = NULL;
+     SSL_CTX *ctx = NULL;
+     jclass clazz;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     jint prot;
+ #endif
+ 
+@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
+         BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     /* always disable SSLv2, as per RFC 6176 */
+     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+     if (!(protocol & SSL_PROTOCOL_SSLV3))
+@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
+         SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
+ #endif
+ 
+-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
++#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+     /* We first determine the maximum protocol version we should provide */
+     if (protocol & SSL_PROTOCOL_TLSV1_2) {
+         prot = TLS1_2_VERSION;
+@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
+         prot = SSL3_VERSION;
+     }
+     SSL_CTX_set_min_proto_version(ctx, prot);
+-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
++#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+ 
+     /*
+      * Configure additional context ingredients
+@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ /*
+  * Adapted from OpenSSL:
+@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica
+     if (cipher == NULL) {
+         return "UNKNOWN";
+     }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     kx = cipher->algorithm_mkey;
+     auth = cipher->algorithm_auth;
+ #else
+@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica
+         {
+     case TCN_SSL_kRSA:
+         return SSL_TXT_RSA;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     case TCN_SSL_kDHr:
+         return SSL_TXT_DH "_" SSL_TXT_RSA;
+     case TCN_SSL_kDHd:
+@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica
+         default:
+             return "UNKNOWN";
+             }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     case TCN_SSL_kKRB5:
+         return SSL_TXT_KRB5;
+     case TCN_SSL_kECDHr:
+@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica
+ }
+ 
+ static const char* SSL_authentication_method(const SSL* ssl) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+    return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
+ #else
+     /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */

Added: head/www/tomcat-native/files/patch-src_sslinfo.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/tomcat-native/files/patch-src_sslinfo.c	Sun Mar 26 18:57:11 2017	(r436979)
@@ -0,0 +1,16 @@
+--- src/sslinfo.c.orig	2016-03-23 18:06:39 UTC
++++ src/sslinfo.c
+@@ -25,6 +25,13 @@
+ #ifdef HAVE_OPENSSL
+ #include "ssl_private.h"
+ 
++#ifdef LIBRESSL_VERSION_NUMBER
++int X509_get_signature_nid(const X509 *x)
++{
++    return OBJ_obj2nid(x->sig_alg->algorithm);
++}
++#endif
++
+ static const char *hex_basis = "0123456789ABCDEF";
+ 
+ static char *convert_to_hex(const void *buf, size_t len)

Added: head/www/tomcat-native/files/patch-src_sslutils.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/tomcat-native/files/patch-src_sslutils.c	Sun Mar 26 18:57:11 2017	(r436979)
@@ -0,0 +1,11 @@
+--- src/sslutils.c.orig	2016-04-19 09:15:43 UTC
++++ src/sslutils.c
+@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_
+          * may yield NULL. Return early, but leave the ctx error as is. */
+         return OCSP_STATUS_UNKNOWN;
+     }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) {
+ #else
+     /* No need to check cert->valid, because ssl_verify_OCSP() only