svn commit: r498730 - in head/security/tlswrap: . files

Fri Apr 12 17:10:33 UTC 2019

Author: feld
Date: Fri Apr 12 17:10:31 2019
New Revision: 498730
URL: https://svnweb.freebsd.org/changeset/ports/498730

Log:
  security/tlswrap: Add patch to fix support for modern OpenSSL
  
  PR:		236137
  MFH:		2019Q2

Modified:
  head/security/tlswrap/Makefile
  head/security/tlswrap/files/patch-tls.c

Modified: head/security/tlswrap/Makefile
==============================================================================

--- head/security/tlswrap/Makefile	Fri Apr 12 17:01:10 2019	(r498729)
+++ head/security/tlswrap/Makefile	Fri Apr 12 17:10:31 2019	(r498730)
@@ -3,7 +3,7 @@
 
 PORTNAME=	tlswrap
 PORTVERSION=	1.0.4
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	http://www.tlswrap.com/
 DISTNAME=	${PORTNAME}-1.04
@@ -19,11 +19,6 @@ CFLAGS+=	-I${OPENSSLINC}
 OPTIONS_DEFINE=	DOCS
 
 .include <bsd.port.pre.mk>
-
-.if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12=	incomplete definition of type 'struct X509_extension_st'
-BROKEN_FreeBSD_13=	incomplete definition of type 'struct X509_extension_st'
-.endif
 
 post-patch:
 	@${REINPLACE_CMD} -E 's,^(CC|CFLAGS|LDFLAGS).*=,\1?=,g' \

Modified: head/security/tlswrap/files/patch-tls.c
==============================================================================
--- head/security/tlswrap/files/patch-tls.c	Fri Apr 12 17:01:10 2019	(r498729)
+++ head/security/tlswrap/files/patch-tls.c	Fri Apr 12 17:10:31 2019	(r498730)
@@ -1,6 +1,6 @@
---- tls.c.orig	2006-11-25 19:52:08.000000000 +0100
-+++ tls.c	2015-04-19 15:53:43.000000000 +0200
-@@ -73,10 +73,12 @@ void tls_init(char *egd_sock) {
+--- tls.c.orig	2006-11-25 18:52:08.000000000 +0000
++++ tls.c	2019-03-22 17:37:16.971621000 +0000
+@@ -73,10 +73,12 @@
  		printf("egd_sock is %s\n", egd_sock);
  #ifdef HAVE_RAND_STATUS
  	if (RAND_status() != 1) {
@@ -13,3 +13,42 @@
  		if (RAND_status() != 1)
  			sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
  	}
+@@ -258,7 +260,7 @@
+ 	X509 				*x509_peer;
+ 	X509_NAME			*x509_subj;
+ 	X509_EXTENSION 		*x509_ext;
+-	X509V3_EXT_METHOD	*x509_meth;
++	const X509V3_EXT_METHOD	*x509_meth;
+ 	int					ok, extcount, i, j;
+ 	char 				*extstr;
+ 	SSL					*ssl;
+@@ -294,15 +296,17 @@
+ 			extstr = (char*)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(x509_ext)));
+ 			if (debug) printf("extstr = %s\n", extstr);
+ 			if (!strcmp(extstr, "subjectAltName")) {
++				ASN1_OCTET_STRING *x509_ext_data;
+ 				subjectaltname = 1;
+ 				if	(!(x509_meth = X509V3_EXT_get(x509_ext)))
+ 					break;
+-				data1 = x509_ext->value->data;
++				x509_ext_data = X509_EXTENSION_get_data(x509_ext);
++				data1 = x509_ext_data->data;
+ #if (OPENSSL_VERSION_NUMBER > 0x00907000L)     
+ 				if (x509_meth->it)
+-					ext_str = ASN1_item_d2i(NULL, &data1, x509_ext->value->length, ASN1_ITEM_ptr(x509_meth->it));
++					ext_str = ASN1_item_d2i(NULL, &data1, x509_ext_data->length, ASN1_ITEM_ptr(x509_meth->it));
+ 				else
+-					ext_str = x509_meth->d2i(NULL, &data1, x509_ext->value->length);
++					ext_str = x509_meth->d2i(NULL, &data1, x509_ext_data->length);
+ #else
+ 				ext_str = x509_meth->d2i(NULL, &data1, x509_ext->value->length);
+ #endif
+@@ -341,7 +345,7 @@
+ tls_auth_cont(struct user_data *ud, int data)
+ {
+ 	int status, sslerr, cert_ok;
+-	SSL_CIPHER *cipher;
++	const SSL_CIPHER *cipher;
+ 	char cipher_info[128];
+ 	SSL *ssl;
+ 
