diff options
| author | brnrd <brnrd@FreeBSD.org> | 2017-03-27 02:57:11 +0800 |
|---|---|---|
| committer | brnrd <brnrd@FreeBSD.org> | 2017-03-27 02:57:11 +0800 |
| commit | 3191a2dbdf05ab5bd525ba9b2dea723b93ae5d5d (patch) | |
| tree | c4313c88133040a2393190f49beaf04df89599c6 /www | |
| parent | bae0970fa81453700d58d777b16ddc33d1ebea7f (diff) | |
| download | freebsd-ports-gnome-3191a2dbdf05ab5bd525ba9b2dea723b93ae5d5d.tar.gz freebsd-ports-gnome-3191a2dbdf05ab5bd525ba9b2dea723b93ae5d5d.tar.zst freebsd-ports-gnome-3191a2dbdf05ab5bd525ba9b2dea723b93ae5d5d.zip | |
www/tomcat-native: Fix build with LibreSSL
- Remove IGNORE for LibreSSL
- Add patches for OPENSSL_VERSION_NUMBER checks
- Disable engine support for LibreSSL
- Add compat macro and function
PR: 215196
Diffstat (limited to 'www')
| -rw-r--r-- | www/tomcat-native/Makefile | 4 | ||||
| -rw-r--r-- | www/tomcat-native/files/patch-include_ssl__private.h | 32 | ||||
| -rw-r--r-- | www/tomcat-native/files/patch-src_sslcontext.c | 83 | ||||
| -rw-r--r-- | www/tomcat-native/files/patch-src_sslinfo.c | 16 | ||||
| -rw-r--r-- | www/tomcat-native/files/patch-src_sslutils.c | 11 |
5 files changed, 142 insertions, 4 deletions
diff --git a/www/tomcat-native/Makefile b/www/tomcat-native/Makefile index 713b941c2750..bcc43fb4567e 100644 --- a/www/tomcat-native/Makefile +++ b/www/tomcat-native/Makefile @@ -40,8 +40,4 @@ post-install: IGNORE_FreeBSD_10= Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl) .endif -.if ${SSL_DEFAULT:Mlibressl*} -IGNORE= Detected LibreSSL (missing numerous symbols during linking) -.endif - .include <bsd.port.post.mk> diff --git a/www/tomcat-native/files/patch-include_ssl__private.h b/www/tomcat-native/files/patch-include_ssl__private.h new file mode 100644 index 000000000000..feeb2b55bc01 --- /dev/null +++ b/www/tomcat-native/files/patch-include_ssl__private.h @@ -0,0 +1,32 @@ +--- include/ssl_private.h.orig 2016-04-19 10:08:10 UTC ++++ include/ssl_private.h +@@ -49,6 +49,9 @@ + /* Avoid tripping over an engine build installed globally and detected + * when the user points at an explicit non-engine flavor of OpenSSL + */ ++#ifdef LIBRESSL_VERSION_NUMBER ++#define OPENSSL_NO_ENGINE ++#endif + #ifndef OPENSSL_NO_ENGINE + #include <openssl/engine.h> + #endif +@@ -204,7 +207,7 @@ + #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ + + /* OpenSSL 1.0.2 compatibility */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER) + #define OpenSSL_version SSLeay_version + #define OpenSSL_version_num SSLeay + #define OPENSSL_VERSION SSLEAY_VERSION +@@ -231,6 +234,10 @@ + #define TLS_server_method SSLv23_server_method + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + ++#ifdef LIBRESSL_VERSION_NUMBER ++#define SSL_CTX_add0_chain_cert SSL_CTX_add_extra_chain_cert ++#endif ++ + #define MAX_ALPN_NPN_PROTO_SIZE 65535 + #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1 + diff --git a/www/tomcat-native/files/patch-src_sslcontext.c b/www/tomcat-native/files/patch-src_sslcontext.c new file mode 100644 index 000000000000..8274876f9465 --- /dev/null +++ b/www/tomcat-native/files/patch-src_sslcontext.c @@ -0,0 +1,83 @@ +--- src/sslcontext.c.orig 2016-04-18 09:49:28 UTC ++++ src/sslcontext.c +@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + tcn_ssl_ctxt_t *c = NULL; + SSL_CTX *ctx = NULL; + jclass clazz; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + jint prot; + #endif + +@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + SSL_CTX_set_options(c->ctx, SSL_OP_ALL); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* always disable SSLv2, as per RFC 6176 */ + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + if (!(protocol & SSL_PROTOCOL_SSLV3)) +@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); + #endif + +-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ ++#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ + /* We first determine the maximum protocol version we should provide */ + if (protocol & SSL_PROTOCOL_TLSV1_2) { + prot = TLS1_2_VERSION; +@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + prot = SSL3_VERSION; + } + SSL_CTX_set_min_proto_version(ctx, prot); +-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ ++#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ + + /* + * Configure additional context ingredients +@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set + } + + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * Adapted from OpenSSL: +@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica + if (cipher == NULL) { + return "UNKNOWN"; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + kx = cipher->algorithm_mkey; + auth = cipher->algorithm_auth; + #else +@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica + { + case TCN_SSL_kRSA: + return SSL_TXT_RSA; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + case TCN_SSL_kDHr: + return SSL_TXT_DH "_" SSL_TXT_RSA; + case TCN_SSL_kDHd: +@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica + default: + return "UNKNOWN"; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + case TCN_SSL_kKRB5: + return SSL_TXT_KRB5; + case TCN_SSL_kECDHr: +@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica + } + + static const char* SSL_authentication_method(const SSL* ssl) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); + #else + /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */ diff --git a/www/tomcat-native/files/patch-src_sslinfo.c b/www/tomcat-native/files/patch-src_sslinfo.c new file mode 100644 index 000000000000..17888414907a --- /dev/null +++ b/www/tomcat-native/files/patch-src_sslinfo.c @@ -0,0 +1,16 @@ +--- src/sslinfo.c.orig 2016-03-23 18:06:39 UTC ++++ src/sslinfo.c +@@ -25,6 +25,13 @@ + #ifdef HAVE_OPENSSL + #include "ssl_private.h" + ++#ifdef LIBRESSL_VERSION_NUMBER ++int X509_get_signature_nid(const X509 *x) ++{ ++ return OBJ_obj2nid(x->sig_alg->algorithm); ++} ++#endif ++ + static const char *hex_basis = "0123456789ABCDEF"; + + static char *convert_to_hex(const void *buf, size_t len) diff --git a/www/tomcat-native/files/patch-src_sslutils.c b/www/tomcat-native/files/patch-src_sslutils.c new file mode 100644 index 000000000000..e175d330bc88 --- /dev/null +++ b/www/tomcat-native/files/patch-src_sslutils.c @@ -0,0 +1,11 @@ +--- src/sslutils.c.orig 2016-04-19 09:15:43 UTC ++++ src/sslutils.c +@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_ + * may yield NULL. Return early, but leave the ctx error as is. */ + return OCSP_STATUS_UNKNOWN; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) { + #else + /* No need to check cert->valid, because ssl_verify_OCSP() only |