net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 From da51ddee81e10398172f0baf3327b5db82846175 Mon Sep 17 00:00:00 2001
 From: Bernard Spil <brnrd@FreeBSD.org>
 Date: Mon, 2 Apr 2018 19:04:06 +0200
 Subject: [PATCH] openssl: fix build with LibreSSL 2.7

  - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API

 Fixes #2319
 Closes #2447
 Closes #2448

 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
 ---
  lib/vtls/openssl.c | 15 +++++++++------
  1 file changed, 9 insertions(+), 6 deletions(-)

 diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
 index 2a6b3cfac..bbb8ec766 100644
 --- a/lib/vtls/openssl.c
 +++ b/lib/vtls/openssl.c
 @@ -104,7 +104,8 @@
  #endif

  #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
 -  !defined(LIBRESSL_VERSION_NUMBER)
 +    !(defined(LIBRESSL_VERSION_NUMBER) && \
 +      LIBRESSL_VERSION_NUMBER < 0x20700000L)
  #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
  #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
  #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
 @@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num(void)
  #endif

  #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
 -  !defined(LIBRESSL_VERSION_NUMBER)
 +    !(defined(LIBRESSL_VERSION_NUMBER) && \
 +      LIBRESSL_VERSION_NUMBER < 0x20700000L)
  #define HAVE_X509_GET0_SIGNATURE 1
  #endif

 @@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num(void)
   * Whether SSL_CTX_set_keylog_callback is available.
   * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
   * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
 - * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
 + * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
   *           lies and pretends to be OpenSSL 2.0.0).
   */
  #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
 @@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
    if(!session || !keylog_file_fp)
      return;

 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
 +    !(defined(LIBRESSL_VERSION_NUMBER) && \
 +      LIBRESSL_VERSION_NUMBER < 0x20700000L)
    /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
     * we have a valid SSL context if we have a non-NULL session. */
    SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
 @@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
    case CURL_SSLVERSION_TLSv1_2:
    case CURL_SSLVERSION_TLSv1_3:
      /* it will be handled later with the context options */
 -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
 -    !defined(LIBRESSL_VERSION_NUMBER)
 +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
      req_method = TLS_client_method();
  #else
      req_method = SSLv23_client_method();
	From da51ddee81e10398172f0baf3327b5db82846175 Mon Sep 17 00:00:00 2001
	From: Bernard Spil <brnrd@FreeBSD.org>
	Date: Mon, 2 Apr 2018 19:04:06 +0200
	Subject: [PATCH] openssl: fix build with LibreSSL 2.7

	- LibreSSL 2.7 implements (most of) OpenSSL 1.1 API

	Fixes #2319
	Closes #2447
	Closes #2448

	Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
	---
	lib/vtls/openssl.c \| 15 +++++++++------
	1 file changed, 9 insertions(+), 6 deletions(-)

	diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
	index 2a6b3cfac..bbb8ec766 100644
	--- a/lib/vtls/openssl.c
	+++ b/lib/vtls/openssl.c
	@@ -104,7 +104,8 @@
	#endif

	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
	- !defined(LIBRESSL_VERSION_NUMBER)
	+ !(defined(LIBRESSL_VERSION_NUMBER) && \
	+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
	#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
	#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
	#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
	@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num(void)
	#endif

	#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
	- !defined(LIBRESSL_VERSION_NUMBER)
	+ !(defined(LIBRESSL_VERSION_NUMBER) && \
	+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
	#define HAVE_X509_GET0_SIGNATURE 1
	#endif

	@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num(void)
	* Whether SSL_CTX_set_keylog_callback is available.
	* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
	* BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
	- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
	+ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
	* lies and pretends to be OpenSSL 2.0.0).
	*/
	#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
	@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL ssl, ssl_tap_state_t state)
	if(!session \|\| !keylog_file_fp)
	return;

	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
	+ !(defined(LIBRESSL_VERSION_NUMBER) && \
	+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
	/* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
	* we have a valid SSL context if we have a non-NULL session. */
	SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
	@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
	case CURL_SSLVERSION_TLSv1_2:
	case CURL_SSLVERSION_TLSv1_3:
	/* it will be handled later with the context options */
	-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
	- !defined(LIBRESSL_VERSION_NUMBER)
	+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
	req_method = TLS_client_method();
	#else
	req_method = SSLv23_client_method();