/branches/gl-inet/tools/cmake/patches/140-curl-fix-libressl.patch |
@@ -0,0 +1,68 @@ |
From 7c90c93c0b061da81f69fabdd57125b2783c15fb Mon Sep 17 00:00:00 2001 |
From: Bernard Spil <brnrd@FreeBSD.org> |
Date: Mon, 2 Apr 2018 19:04:06 +0200 |
Subject: [PATCH] openssl: fix build with LibreSSL 2.7 |
|
- LibreSSL 2.7 implements (most of) OpenSSL 1.1 API |
|
Fixes #2319 |
Closes #2447 |
Closes #2448 |
|
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> |
--- |
lib/vtls/openssl.c | 15 +++++++++------ |
1 file changed, 9 insertions(+), 6 deletions(-) |
|
--- a/Utilities/cmcurl/lib/vtls/openssl.c |
+++ b/Utilities/cmcurl/lib/vtls/openssl.c |
@@ -104,7 +104,8 @@ |
#endif |
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \ |
- !defined(LIBRESSL_VERSION_NUMBER) |
+ !(defined(LIBRESSL_VERSION_NUMBER) && \ |
+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER |
#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */ |
#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ |
@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num |
#endif |
|
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \ |
- !defined(LIBRESSL_VERSION_NUMBER) |
+ !(defined(LIBRESSL_VERSION_NUMBER) && \ |
+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
#define HAVE_X509_GET0_SIGNATURE 1 |
#endif |
|
@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num |
* Whether SSL_CTX_set_keylog_callback is available. |
* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287 |
* BoringSSL: supported since d28f59c27bac (committed 2015-11-19) |
- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it |
+ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it |
* lies and pretends to be OpenSSL 2.0.0). |
*/ |
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ |
@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl, |
if(!session || !keylog_file_fp) |
return; |
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ |
+ !(defined(LIBRESSL_VERSION_NUMBER) && \ |
+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
/* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that |
* we have a valid SSL context if we have a non-NULL session. */ |
SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); |
@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struc |
case CURL_SSLVERSION_TLSv1_2: |
case CURL_SSLVERSION_TLSv1_3: |
/* it will be handled later with the context options */ |
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ |
- !defined(LIBRESSL_VERSION_NUMBER) |
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
req_method = TLS_client_method(); |
#else |
req_method = SSLv23_client_method(); |