From 6f05c9c07cffc6ae65d8a1ea55096d3b9968e33b Mon Sep 17 00:00:00 2001
From: Charlie Li <vishwin@FreeBSD.org>
Date: Mon, 19 Apr 2021 19:30:08 -0400
Subject: [PATCH] security/py-cryptography: fix build with LibreSSL 3.3.2+

Merged upstream as https://github.com/pyca/cryptography/pull/5988
and backported to this version.

Approved by: koobs (maintainer), fluffy (mentor)
PR: 255241
---
 .../patch-Fix-build-with-LibreSSL-3.3.2-5988  | 62 +++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988

diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
new file mode 100644
index 000000000000..deb9c6408832
--- /dev/null
+++ b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
@@ -0,0 +1,62 @@
+From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001
+From: Charlie Li <vishwin@users.noreply.github.com>
+Date: Mon, 19 Apr 2021 18:38:38 -0400
+Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988)
+
+* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS*
+
+While here, bump CI
+
+* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS*
+
+DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2
+
+* Switch to LESS_THAN context for LibreSSL 3.3.2
+
+While here, fix indents
+
+* Remove extra C variable declaration
+
+The variable is not actually used from Python
+---
+ .github/workflows/ci.yml              | 2 +-
+ src/_cffi_src/openssl/cryptography.py | 7 +++++++
+ src/_cffi_src/openssl/ssl.py          | 2 ++
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
+index e2b5a132..b9c7a793 100644
+--- src/_cffi_src/openssl/cryptography.py
++++ src/_cffi_src/openssl/cryptography.py
+@@ -32,6 +32,13 @@ INCLUDES = """
+ #include <Winsock2.h>
+ #endif
+ 
++#if CRYPTOGRAPHY_IS_LIBRESSL
++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
++    (LIBRESSL_VERSION_NUMBER < 0x3030200f)
++#else
++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
++#endif
++
+ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
+     (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
+ 
+diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
+index 11a7d63a..081ef041 100644
+--- src/_cffi_src/openssl/ssl.py
++++ src/_cffi_src/openssl/ssl.py
+@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0;
+ #endif
+ 
+ #if CRYPTOGRAPHY_IS_LIBRESSL
++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332
+ static const long SSL_OP_NO_DTLSv1 = 0;
+ static const long SSL_OP_NO_DTLSv1_2 = 0;
++#endif
+ long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
+ #endif
+-- 
+2.31.1
+