security/py-cryptography: Fix build with libressl 2.9.1

Backport upstream pull request #4855 by Charlie Li <ml+freebsd vishwin info> PR: 237487 Submitted by: Maciej Pasternacki <maciej pasternacki. net> (v1) Submitted by: gahr (v2) Reported by: Simeon Simeonov <sgs pichove org> Obtained from: https://github.com/pyca/cryptography/pull/4855 Tested by: gahr (all USES=ssl versions), many
svn path=/head/; revision=500082
2024-10-18 19:49:40 +00:00 · 2019-04-26 05:13:26 +00:00 · 2019-04-26 05:13:26 +00:00 · 794d50f688 · 2021-03-31 03:12:20 +00:00
commit 794d50f688
parent 6edaa49bfc
1 changed files with 49 additions and 0 deletions
--- a/security/py-cryptography/files/patch-PR4855
+++ b/security/py-cryptography/files/patch-PR4855
@ -0,0 +1,49 @@
+# security/py-cryptography fails to build with libressl-2.9.1
+# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237487
+# Use generic DTLS functions added in LibreSSL 2.9.1
+# https://github.com/pyca/cryptography/pull/4855
+
+index 4124dcb879..ac32fdffde 100644
+--- src/_cffi_src/openssl/cryptography.py.orig
+++ src/_cffi_src/openssl/cryptography.py
+@@ -38,9 +38,12 @@
+     (LIBRESSL_VERSION_NUMBER >= 0x2070000f)
+ #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \
+     (LIBRESSL_VERSION_NUMBER >= 0x2080000f)
+#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER \
+    (LIBRESSL_VERSION_NUMBER >= 0x2090100f)
+ #else
+ #define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0)
+ #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0)
+#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER (0)
+ #endif
+ 
+ #define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
+diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
+index 92fd1e3ec8..da21f3ce90 100644
+--- src/_cffi_src/openssl/ssl.py.orig
+++ src/_cffi_src/openssl/ssl.py
+@@ -719,17 +719,20 @@
+ static const long TLS_ST_OK = 0;
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+/* LibreSSL 2.9.1 added only the DTLS_*_method functions */
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER
+ static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0;
+ const SSL_METHOD *(*DTLS_method)(void) = NULL;
+ const SSL_METHOD *(*DTLS_server_method)(void) = NULL;
+ const SSL_METHOD *(*DTLS_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1;
+#endif
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+ static const long SSL_OP_NO_DTLSv1 = 0;
+ static const long SSL_OP_NO_DTLSv1_2 = 0;
+ long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
+-#else
+-static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1;
+ #endif
+ 
+ static const long Cryptography_HAS_DTLS = 1;