mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-19 19:59:43 +00:00
restore ssl functionality with openssl
The "libressl compatibility" unfortunately added a dependency on the SSL_CTX_set1_groups() function, which is neither available in base (for released versions of FreeBSD) nor ports openssl (it's only in openssl-devel and libressl). This broke SSL (most importantly HTTPS) functionalty in many Qt5-ports. This adds some #ifdefs around the SSL_CTX_set1_groups() calling sites and restores the old code in cases where libressl has not been detected. PR: 218421 Reported by: yuri Approved by: maintainer-timeout
This commit is contained in:
parent
837c4f4c34
commit
4730705c94
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=466188
@ -2,7 +2,7 @@
|
||||
|
||||
PORTNAME= network
|
||||
DISTVERSION= ${QT5_VERSION}
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 3
|
||||
CATEGORIES= net ipv6
|
||||
PKGNAMEPREFIX= qt5-
|
||||
|
||||
|
@ -2,21 +2,24 @@
|
||||
* call the SSL_CTX_set1_groups function, which exists in LibreSSL as well as in
|
||||
* OpenSSL and is what would be called through the macro
|
||||
*
|
||||
--- src/network/ssl/qsslcontext_openssl.cpp.orig 2016-12-01 08:17:04 UTC
|
||||
--- src/network/ssl/qsslcontext_openssl.cpp.orig 2018-01-16 06:53:43 UTC
|
||||
+++ src/network/ssl/qsslcontext_openssl.cpp
|
||||
@@ -350,12 +350,9 @@ init_context:
|
||||
@@ -354,12 +354,18 @@ init_context:
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
|
||||
// Set the curves to be used
|
||||
if (q_SSLeay() >= 0x10002000L) {
|
||||
- // SSL_CTX_ctrl wants a non-const pointer as last argument,
|
||||
- // but let's avoid a copy into a temporary array
|
||||
- if (!q_SSL_CTX_ctrl(sslContext->ctx,
|
||||
- SSL_CTRL_SET_CURVES,
|
||||
- qcurves.size(),
|
||||
- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) {
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ if (!q_SSL_CTX_set1_groups(sslContext->ctx,
|
||||
+ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())),
|
||||
+ qcurves.size())) {
|
||||
+#else // defined(LIBRESSL_VERSION_NUMBER)
|
||||
// SSL_CTX_ctrl wants a non-const pointer as last argument,
|
||||
// but let's avoid a copy into a temporary array
|
||||
if (!q_SSL_CTX_ctrl(sslContext->ctx,
|
||||
SSL_CTRL_SET_CURVES,
|
||||
qcurves.size(),
|
||||
const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) {
|
||||
+#endif // defined(LIBRESSL_VERSION_NUMBER)
|
||||
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
|
||||
sslContext->errorCode = QSslError::UnspecifiedError;
|
||||
}
|
||||
|
@ -3,9 +3,9 @@
|
||||
* Prepend the path of the SSL libraries used for building so the same libraries are
|
||||
* found and loaded at runtime. Normal search finds base SSL libraries before ports.
|
||||
*
|
||||
--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2017-11-16 05:15:28 UTC
|
||||
--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2018-01-16 06:53:43 UTC
|
||||
+++ src/network/ssl/qsslsocket_openssl_symbols.cpp
|
||||
@@ -151,7 +151,7 @@ DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int
|
||||
@@ -151,7 +151,7 @@ DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int
|
||||
DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
|
||||
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
|
||||
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
|
||||
@ -14,15 +14,17 @@
|
||||
DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
|
||||
#endif
|
||||
DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return)
|
||||
@@ -453,6 +453,7 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, retu
|
||||
@@ -453,6 +453,9 @@ DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, retu
|
||||
DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return)
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
+DEFINEFUNC3(int, SSL_CTX_set1_groups, SSL_CTX *a, a, int *b, b, int c, c, return -1, return)
|
||||
+#endif // defined(LIBRESSL_VERSION_NUMBER)
|
||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
#endif // OPENSSL_NO_EC
|
||||
|
||||
@@ -658,8 +659,8 @@ static QPair<QLibrary*, QLibrary*> loadO
|
||||
@@ -680,8 +683,8 @@ static QPair<QLibrary*, QLibrary*> loadO
|
||||
#endif
|
||||
#if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
|
||||
// first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
|
||||
@ -33,7 +35,7 @@
|
||||
if (libcrypto->load() && libssl->load()) {
|
||||
// libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
|
||||
return pair;
|
||||
@@ -676,8 +677,8 @@ static QPair<QLibrary*, QLibrary*> loadO
|
||||
@@ -698,8 +701,8 @@ static QPair<QLibrary*, QLibrary*> loadO
|
||||
// OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
|
||||
// attempt, _after_ <bundle>/Contents/Frameworks has been searched.
|
||||
// iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
|
||||
@ -44,7 +46,7 @@
|
||||
if (libcrypto->load() && libssl->load()) {
|
||||
// libssl.so.0 and libcrypto.so.0 found
|
||||
return pair;
|
||||
@@ -790,7 +791,7 @@ bool q_resolveOpenSslSymbols()
|
||||
@@ -790,7 +793,7 @@ bool q_resolveOpenSslSymbols()
|
||||
RESOLVEFUNC(EC_GROUP_get_degree)
|
||||
#endif
|
||||
RESOLVEFUNC(BN_num_bits)
|
||||
@ -53,19 +55,21 @@
|
||||
RESOLVEFUNC(BN_is_word)
|
||||
#endif
|
||||
RESOLVEFUNC(BN_mod_word)
|
||||
@@ -1020,8 +1021,10 @@ bool q_resolveOpenSslSymbols()
|
||||
@@ -1020,8 +1023,12 @@ bool q_resolveOpenSslSymbols()
|
||||
RESOLVEFUNC(EC_KEY_free)
|
||||
RESOLVEFUNC(EC_get_builtin_curves)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
- if (q_SSLeay() >= 0x10002000L)
|
||||
+ if (q_SSLeay() >= 0x10002000L) {
|
||||
RESOLVEFUNC(EC_curve_nist2nid)
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ RESOLVEFUNC(SSL_CTX_set1_groups)
|
||||
+#endif // defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ }
|
||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
#endif // OPENSSL_NO_EC
|
||||
RESOLVEFUNC(PKCS12_parse)
|
||||
@@ -1030,10 +1033,9 @@ bool q_resolveOpenSslSymbols()
|
||||
@@ -1030,10 +1037,9 @@ bool q_resolveOpenSslSymbols()
|
||||
|
||||
delete libs.first;
|
||||
delete libs.second;
|
||||
|
@ -2,7 +2,7 @@
|
||||
*
|
||||
* check macro is defined instead of version, LibreSSL < 2.5 doesn't have SSL_CTRL_GET_SERVER_TMP_KEY
|
||||
*
|
||||
--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2017-11-16 05:15:28 UTC
|
||||
--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2018-01-16 06:53:43 UTC
|
||||
+++ src/network/ssl/qsslsocket_openssl_symbols_p.h
|
||||
@@ -228,7 +228,7 @@ int q_BIO_read(BIO *a, void *b, int c);
|
||||
Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem();
|
||||
@ -13,11 +13,13 @@
|
||||
int q_BN_is_word(BIGNUM *a, BN_ULONG w);
|
||||
#else
|
||||
// BN_is_word is implemented purely as a
|
||||
@@ -511,11 +511,12 @@ void q_EC_KEY_free(EC_KEY *ecdh);
|
||||
@@ -511,11 +511,14 @@ void q_EC_KEY_free(EC_KEY *ecdh);
|
||||
size_t q_EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
int q_EC_curve_nist2nid(const char *name);
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
+int q_SSL_CTX_set1_groups(SSL_CTX *a, int *b, int c);
|
||||
+#endif // defined(LIBRESSL_VERSION_NUMBER)
|
||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
#endif // OPENSSL_NO_EC
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
|
Loading…
Reference in New Issue
Block a user