tools/cmake/patches/140-curl-fix-libressl.patch

   1 From 7c90c93c0b061da81f69fabdd57125b2783c15fb Mon Sep 17 00:00:00 2001
   2 From: Bernard Spil <brnrd@FreeBSD.org>
   3 Date: Mon, 2 Apr 2018 19:04:06 +0200
   4 Subject: [PATCH] openssl: fix build with LibreSSL 2.7
   5
   6  - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
   7
   8 Fixes #2319
   9 Closes #2447
  10 Closes #2448
  11
  12 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
  13 ---
  14  lib/vtls/openssl.c | 15 +++++++++------
  15  1 file changed, 9 insertions(+), 6 deletions(-)
  16
  17 --- a/Utilities/cmcurl/lib/vtls/openssl.c
  18 +++ b/Utilities/cmcurl/lib/vtls/openssl.c
  19 @@ -104,7 +104,8 @@
  20  #endif
  21
  22  #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
  23 -  !defined(LIBRESSL_VERSION_NUMBER)
  24 +    !(defined(LIBRESSL_VERSION_NUMBER) && \
  25 +      LIBRESSL_VERSION_NUMBER < 0x20700000L)
  26  #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
  27  #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
  28  #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
  29 @@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num
  30  #endif
  31
  32  #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
  33 -  !defined(LIBRESSL_VERSION_NUMBER)
  34 +    !(defined(LIBRESSL_VERSION_NUMBER) && \
  35 +      LIBRESSL_VERSION_NUMBER < 0x20700000L)
  36  #define HAVE_X509_GET0_SIGNATURE 1
  37  #endif
  38
  39 @@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num
  40   * Whether SSL_CTX_set_keylog_callback is available.
  41   * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
  42   * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
  43 - * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
  44 + * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
  45   *           lies and pretends to be OpenSSL 2.0.0).
  46   */
  47  #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
  48 @@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl,
  49    if(!session || !keylog_file_fp)
  50      return;
  51
  52 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
  53 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
  54 +    !(defined(LIBRESSL_VERSION_NUMBER) && \
  55 +      LIBRESSL_VERSION_NUMBER < 0x20700000L)
  56    /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
  57     * we have a valid SSL context if we have a non-NULL session. */
  58    SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
  59 @@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struc
  60    case CURL_SSLVERSION_TLSv1_2:
  61    case CURL_SSLVERSION_TLSv1_3:
  62      /* it will be handled later with the context options */
  63 -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
  64 -    !defined(LIBRESSL_VERSION_NUMBER)
  65 +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
  66      req_method = TLS_client_method();
  67  #else
  68      req_method = SSLv23_client_method();