git: 77073df27bfa - main - net/openldap24-server: fix build with LibreSSL

Xin LI delphij at FreeBSD.org
Mon Jun 7 06:26:45 UTC 2021 

The branch main has been updated by delphij:

URL: https://cgit.FreeBSD.org/ports/commit/?id=77073df27bfadfbc3ca2e5d9cee7f3ca293fca37

commit 77073df27bfadfbc3ca2e5d9cee7f3ca293fca37
Author:     Charlie Li <vishwin at FreeBSD.org>
AuthorDate: 2021-06-07 00:32:16 +0000
Commit:     Xin LI <delphij at FreeBSD.org>
CommitDate: 2021-06-07 06:26:04 +0000

    net/openldap24-server: fix build with LibreSSL
    
    Modify the OpenSSL 1.1.1 preprocessor guards to also account for
    LibreSSL missing certain functions, particularly
    SSL_CTX_set_ciphersuites(3) and SSL_set_ciphersuites(3). While here,
    un-IGNORE for ${SSL_DEFAULT:Mlibressl*}.
    
    PORTREVISION intentionally not bumped as this is a build fix.
    
    PR: 256433
---
 net/openldap24-server/Makefile                       |  4 ----
 .../files/patch-libraries_libldap_tls__o.c           | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile
index 0efe7962e43a..aa3d8dafa451 100644
--- a/net/openldap24-server/Makefile
+++ b/net/openldap24-server/Makefile
@@ -218,10 +218,6 @@ CONFIGURE_ARGS=		--with-threads=posix \
 			--disable-dependency-tracking \
 			--enable-dynamic
 
-.if ${SSL_DEFAULT:Mlibressl*}
-IGNORE+=		requires OpenSSL 1.1 TLSv1.3 API in a future release of LibreSSL
-.endif
-
 .if ${PORT_OPTIONS:MSASL}
 LIB_DEPENDS+=		libsasl2.so:security/cyrus-sasl2
 CONFIGURE_ARGS+=	--with-cyrus-sasl
diff --git a/net/openldap24-server/files/patch-libraries_libldap_tls__o.c b/net/openldap24-server/files/patch-libraries_libldap_tls__o.c
new file mode 100644
index 000000000000..fa2c360671c0
--- /dev/null
+++ b/net/openldap24-server/files/patch-libraries_libldap_tls__o.c
@@ -0,0 +1,20 @@
+--- libraries/libldap/tls_o.c.orig	2021-06-03 18:40:31 UTC
++++ libraries/libldap/tls_o.c
+@@ -273,7 +273,7 @@ tlso_ctx_free ( tls_ctx *ctx )
+ 	SSL_CTX_free( c );
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000
++#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(OPENSSL_NO_TLS1_3)
+ static char *
+ tlso_stecpy( char *dst, const char *src, const char *end )
+ {
+@@ -382,7 +382,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls 
+ 		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
+ 
+ 	if ( lo->ldo_tls_ciphersuite ) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000
++#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(OPENSSL_NO_TLS1_3)
+ 		tlso_ctx_cipher13( ctx, lt->lt_ciphersuite );
+ #endif /* OpenSSL 1.1.1 */
+ 		if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )

More information about the dev-commits-ports-all mailing list