Date: Tue, 7 Mar 2017 02:45:47 +0000 (UTC) From: Matthew Rezny <rezny@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r435579 - in head/net/qt5-network: . files Message-ID: <201703070245.v272jlj0001823@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rezny Date: Tue Mar 7 02:45:47 2017 New Revision: 435579 URL: https://svnweb.freebsd.org/changeset/ports/435579 Log: Fix to build with libressl as well as libressl-devel and simplify patch PR: 217220 Reported by: w.schwarzenfeld@utanet.at Approved by: swills (mentor) Differential Revision: https://reviews.freebsd.org/D9914 Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp (contents, props changed) Modified: head/net/qt5-network/Makefile head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Modified: head/net/qt5-network/Makefile ============================================================================== --- head/net/qt5-network/Makefile Tue Mar 7 02:31:49 2017 (r435578) +++ head/net/qt5-network/Makefile Tue Mar 7 02:45:47 2017 (r435579) @@ -2,6 +2,7 @@ PORTNAME= network DISTVERSION= ${QT5_VERSION} +PORTREVISION= 1 CATEGORIES= net ipv6 PKGNAMEPREFIX= qt5- Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp Tue Mar 7 02:31:49 2017 (r435578) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp Tue Mar 7 02:45:47 2017 (r435579) @@ -1,14 +1,10 @@ * Instead of using the SSL_CTRL_SET_CURVES macros which only exists in OpenSSL, -* call the SSL_CTX_set1_curves functions as suggested by BoringSSL porting docs -* and which is the function in OpenSSL that is called through the replaced macro. -* LibreSSL has a SSL_CTX_set1_groups functions and provides a compat macro. -* Unfortunately, since Qt resolves the symbols at runtime, we cannot call through -* that macro and must instead explicitly call SSL_CTX_set1_groups if the library -* doesn't export a function called SSL_CTX_set1_curves, as in the case of LibreSSL. +* call the SSL_CTX_set1_groups function, which exists in LibreSSL as well as in +* OpenSSL and is what would be called through the macro * --- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC +++ src/network/ssl/qsslcontext_openssl.cpp -@@ -350,14 +350,24 @@ init_context: +@@ -350,12 +350,9 @@ init_context: #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) // Set the curves to be used if (q_SSLeay() >= 0x10002000L) { @@ -18,26 +14,9 @@ - SSL_CTRL_SET_CURVES, - qcurves.size(), - const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { -- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -- sslContext->errorCode = QSslError::UnspecifiedError; -+ switch (q_SSL_CTX_set1_curves(sslContext->ctx, -+ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), -+ qcurves.size())) { -+ case 1: -+ default: -+ break; -+ case 0: -+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ break; -+ case -1: -+ if (q_SSL_CTX_set1_groups(sslContext->ctx, -+ reinterpret_cast<const int *>(qcurves.data()), -+ qcurves.size()) < 1) { -+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ } -+ break; ++ if (!q_SSL_CTX_set1_groups(sslContext->ctx, ++ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())), ++ qcurves.size())) { + sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); + sslContext->errorCode = QSslError::UnspecifiedError; } - } else - #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp Tue Mar 7 02:45:47 2017 (r435579) @@ -0,0 +1,20 @@ +* check macro is defined instead of version, LibreSSL < 2.5 doesn't have SSL_CTRL_GET_SERVER_TMP_KEY +* +--- src/network/ssl/qsslsocket_openssl.cpp.orig 2016-12-01 08:17:04 UTC ++++ src/network/ssl/qsslsocket_openssl.cpp +@@ -1587,13 +1587,13 @@ void QSslSocketBackendPrivate::continueH + } + #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... + +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if defined(SSL_CTRL_GET_SERVER_TMP_KEY) + if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { + EVP_PKEY *key; + if (q_SSL_get_server_tmp_key(ssl, &key)) + configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); + } +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... ++#endif // defined(SSL_CTRL_GET_SERVER_TMP_KEY) + + connectionEncrypted = true; + emit q->encrypted(); Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Tue Mar 7 02:31:49 2017 (r435578) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Tue Mar 7 02:45:47 2017 (r435579) @@ -1,20 +1,19 @@ -* Boilerplate for SSL_CTX_set1_curves/groups() used in qsslcontext_openssl.cpp +* Boilerplate for SSL_CTX_set1_groups() used in qsslcontext_openssl.cpp * * Prepend the path of the SSL libraries used for building so the same libraries are * found and loaded at runtime. Normal search finds base SSL libraries before ports. * ---- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2016-09-16 05:49:42 UTC +--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2016-12-01 08:17:04 UTC +++ src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -424,6 +424,8 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ec +@@ -430,6 +430,7 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ec DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return) #if OPENSSL_VERSION_NUMBER >= 0x10002000L DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return) -+DEFINEFUNC3(int, SSL_CTX_set1_curves, SSL_CTX *a, a, int *b, b, int c, c, return -1, return) -+DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, const int *b, b, size_t c, c, return -1, return) ++DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, int *b, b, int c, c, return -1, return) #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_NO_EC -@@ -652,8 +654,8 @@ static QPair<QLibrary*, QLibrary*> loadO +@@ -658,8 +659,8 @@ static QPair<QLibrary*, QLibrary*> loadO #endif #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER> @@ -25,7 +24,7 @@ if (libcrypto->load() && libssl->load()) { // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found return pair; -@@ -670,8 +672,8 @@ static QPair<QLibrary*, QLibrary*> loadO +@@ -676,8 +677,8 @@ static QPair<QLibrary*, QLibrary*> loadO // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third // attempt, _after_ <bundle>/Contents/Frameworks has been searched. // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. @@ -36,14 +35,13 @@ if (libcrypto->load() && libssl->load()) { // libssl.so.0 and libcrypto.so.0 found return pair; -@@ -976,8 +978,11 @@ bool q_resolveOpenSslSymbols() +@@ -982,8 +983,10 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(EC_KEY_free) RESOLVEFUNC(EC_get_builtin_curves) #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (q_SSLeay() >= 0x10002000L) + if (q_SSLeay() >= 0x10002000L) { RESOLVEFUNC(EC_curve_nist2nid) -+ RESOLVEFUNC(SSL_CTX_set1_curves) + RESOLVEFUNC(SSL_CTX_set1_groups) + } #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L Modified: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h ============================================================================== --- head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Tue Mar 7 02:31:49 2017 (r435578) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Tue Mar 7 02:45:47 2017 (r435579) @@ -1,13 +1,21 @@ -* Boilerplate for SSL_CTX_set1_curves/groups() used in qsslcontext_openssl.cpp +* Boilerplate for SSL_CTX_set1_groups() used in qsslcontext_openssl.cpp * ---- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2016-09-16 05:49:42 UTC +* check macro is defined instead of version, LibreSSL < 2.5 doesn't have SSL_CTRL_GET_SERVER_TMP_KEY +* +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2016-12-01 08:17:04 UTC +++ src/network/ssl/qsslsocket_openssl_symbols_p.h -@@ -481,6 +481,8 @@ void q_EC_KEY_free(EC_KEY *ecdh); +@@ -487,11 +487,12 @@ void q_EC_KEY_free(EC_KEY *ecdh); size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); #if OPENSSL_VERSION_NUMBER >= 0x10002000L int q_EC_curve_nist2nid(const char *name); -+int q_SSL_CTX_set1_curves(SSL_CTX *a, int *b, int c); -+int q_SSL_CTX_set1_groups(SSL_CTX *a, const int *b, size_t c); ++int q_SSL_CTX_set1_groups(SSL_CTX *a, int *b, int c); #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_NO_EC +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if defined(SSL_CTRL_GET_SERVER_TMP_KEY) + #define q_SSL_get_server_tmp_key(ssl, key) q_SSL_ctrl((ssl), SSL_CTRL_GET_SERVER_TMP_KEY, 0, (char *)key) +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ++#endif // defined(SSL_CTRL_GET_SERVER_TMP_KEY) + // PKCS#12 support + int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703070245.v272jlj0001823>