restore ssl functionality with openssl

The "libressl compatibility" unfortunately added a dependency on the SSL_CTX_set1_groups() function, which is neither available in base (for released versions of FreeBSD) nor ports openssl (it's only in openssl-devel and libressl). This broke SSL (most importantly HTTPS) functionalty in many Qt5-ports. This adds some #ifdefs around the SSL_CTX_set1_groups() calling sites and restores the old code in cases where libressl has not been detected. PR: 218421 Reported by: yuri Approved by: maintainer-timeout
svn path=/head/; revision=466188
2024-10-19 19:59:43 +00:00 · 2018-04-01 22:38:06 +00:00 · 2018-04-01 22:38:06 +00:00 · 4730705c94 · 2021-03-31 03:12:20 +00:00
commit 4730705c94
parent 837c4f4c34
4 changed files with 28 additions and 19 deletions
--- a/net/qt5-network/Makefile
+++ b/net/qt5-network/Makefile
@ -2,7 +2,7 @@

 PORTNAME=	network
 DISTVERSION=	${QT5_VERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	net ipv6
 PKGNAMEPREFIX=	qt5-

--- a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp
@ -2,21 +2,24 @@
 * call the SSL_CTX_set1_groups function, which exists in LibreSSL as well as in 
 * OpenSSL and is what would be called through the macro 
 *
--- src/network/ssl/qsslcontext_openssl.cpp.orig	2016-12-01 08:17:04 UTC
+--- src/network/ssl/qsslcontext_openssl.cpp.orig	2018-01-16 06:53:43 UTC
 +++ src/network/ssl/qsslcontext_openssl.cpp
-@@ -350,12 +350,9 @@ init_context:
+@@ -354,12 +354,18 @@ init_context:
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
         // Set the curves to be used
         if (q_SSLeay() >= 0x10002000L) {
-            // SSL_CTX_ctrl wants a non-const pointer as last argument,
-            // but let's avoid a copy into a temporary array
-            if (!q_SSL_CTX_ctrl(sslContext->ctx,
-                                SSL_CTRL_SET_CURVES,
-                                qcurves.size(),
-                                const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) {
+#if defined(LIBRESSL_VERSION_NUMBER)
 +            if (!q_SSL_CTX_set1_groups(sslContext->ctx,
 +                                       const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())),
 +                                       qcurves.size())) {
+#else // defined(LIBRESSL_VERSION_NUMBER)
+             // SSL_CTX_ctrl wants a non-const pointer as last argument,
+             // but let's avoid a copy into a temporary array
+             if (!q_SSL_CTX_ctrl(sslContext->ctx,
+                                 SSL_CTRL_SET_CURVES,
+                                 qcurves.size(),
+                                 const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) {
+#endif // defined(LIBRESSL_VERSION_NUMBER)
                 sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
                 sslContext->errorCode = QSslError::UnspecifiedError;
             }
--- a/net/qt5-network/files/patch-src_network_ssl_qsslsocketopensslsymbols.cpp
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocketopensslsymbols.cpp
@ -3,9 +3,9 @@
 * Prepend the path of the SSL libraries used for building so the same libraries are
 * found and loaded at runtime. Normal search finds base SSL libraries before ports.
 *
--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2017-11-16 05:15:28 UTC
+--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2018-01-16 06:53:43 UTC
 +++ src/network/ssl/qsslsocket_openssl_symbols.cpp
-@@ -151,7 +151,7 @@ DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int 
+@@ -151,7 +151,7 @@ DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int
 DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
 DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
 DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
@ -14,15 +14,17 @@
 DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
 #endif
 DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return)
-@@ -453,6 +453,7 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, retu
+@@ -453,6 +453,9 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, retu
 DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return)
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return)
+#if defined(LIBRESSL_VERSION_NUMBER)
 +DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, int *b, b, int c, c, return -1, return)
+#endif // defined(LIBRESSL_VERSION_NUMBER)
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 #endif // OPENSSL_NO_EC
 
-@@ -658,8 +659,8 @@ static QPair<QLibrary*, QLibrary*> loadO
+@@ -680,8 +683,8 @@ static QPair<QLibrary*, QLibrary*> loadO
 #endif
 #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
     // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
@ -33,7 +35,7 @@
     if (libcrypto->load() && libssl->load()) {
         // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
         return pair;
-@@ -676,8 +677,8 @@ static QPair<QLibrary*, QLibrary*> loadO
+@@ -698,8 +701,8 @@ static QPair<QLibrary*, QLibrary*> loadO
     //  OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
     //    attempt, _after_ <bundle>/Contents/Frameworks has been searched.
     //  iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
@ -44,7 +46,7 @@
     if (libcrypto->load() && libssl->load()) {
         // libssl.so.0 and libcrypto.so.0 found
         return pair;
-@@ -790,7 +791,7 @@ bool q_resolveOpenSslSymbols()
+@@ -790,7 +793,7 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(EC_GROUP_get_degree)
 #endif
     RESOLVEFUNC(BN_num_bits)
@ -53,19 +55,21 @@
     RESOLVEFUNC(BN_is_word)
 #endif
     RESOLVEFUNC(BN_mod_word)
-@@ -1020,8 +1021,10 @@ bool q_resolveOpenSslSymbols()
+@@ -1020,8 +1023,12 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(EC_KEY_free)
     RESOLVEFUNC(EC_get_builtin_curves)
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 -    if (q_SSLeay() >= 0x10002000L)
 +    if (q_SSLeay() >= 0x10002000L) {
         RESOLVEFUNC(EC_curve_nist2nid)
+#if defined(LIBRESSL_VERSION_NUMBER)
 +        RESOLVEFUNC(SSL_CTX_set1_groups)
+#endif // defined(LIBRESSL_VERSION_NUMBER)
 +	}
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 #endif // OPENSSL_NO_EC
     RESOLVEFUNC(PKCS12_parse)
-@@ -1030,10 +1033,9 @@ bool q_resolveOpenSslSymbols()
+@@ -1030,10 +1037,9 @@ bool q_resolveOpenSslSymbols()
 
     delete libs.first;
     delete libs.second;
--- a/net/qt5-network/files/patch-src_network_ssl_qsslsocketopensslsymbols__p.h
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocketopensslsymbols__p.h
@ -2,7 +2,7 @@
 *
 * check macro is defined instead of version, LibreSSL < 2.5 doesn't have SSL_CTRL_GET_SERVER_TMP_KEY
 *
--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2017-11-16 05:15:28 UTC
+--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2018-01-16 06:53:43 UTC
 +++ src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -228,7 +228,7 @@ int q_BIO_read(BIO *a, void *b, int c);
 Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem();
@ -13,11 +13,13 @@
 int q_BN_is_word(BIGNUM *a, BN_ULONG w);
 #else
 // BN_is_word is implemented purely as a
-@@ -511,11 +511,12 @@ void q_EC_KEY_free(EC_KEY *ecdh);
+@@ -511,11 +511,14 @@ void q_EC_KEY_free(EC_KEY *ecdh);
 size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 int q_EC_curve_nist2nid(const char *name);
+#if defined(LIBRESSL_VERSION_NUMBER)
 +int q_SSL_CTX_set1_groups(SSL_CTX *a, int *b, int c);
+#endif // defined(LIBRESSL_VERSION_NUMBER)
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
 #endif // OPENSSL_NO_EC
 -#if OPENSSL_VERSION_NUMBER >= 0x10002000L