svn commit: r436663 - head/security/openvpn/files

Matthias Andree mandree at FreeBSD.org
Tue Mar 21 23:05:01 UTC 2017 

Author: mandree
Date: Tue Mar 21 23:04:59 2017
New Revision: 436663
URL: https://svnweb.freebsd.org/changeset/ports/436663

Log:
  Fix build with LibreSSL 2.5.1.
  
  PR:		217140
  Submitted by:	brnrd@
  Obtained from:	Olivier Wahrenberger, via upstream maintainers review

Added:
  head/security/openvpn/files/patch-src_openvpn_ssl__openssl.c   (contents, props changed)

Added: head/security/openvpn/files/patch-src_openvpn_ssl__openssl.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openvpn/files/patch-src_openvpn_ssl__openssl.c	Tue Mar 21 23:04:59 2017	(r436663)
@@ -0,0 +1,44 @@
+From dcfd3b6173d8cdb4658de23db1dd0bd932b390d2 Mon Sep 17 00:00:00 2001
+From: Olivier Wahrenberger <olivierw.ml at gmail.com>
+Date: Mon, 13 Feb 2017 19:38:26 +0100
+Subject: [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.
+
+Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619
+
+Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2
+
+Signed-off-by: Olivier Wahrenberger <olivierw.ml at gmail.com>
+Acked-by: Steffan Karger <steffan.karger at fox-it.com>
+Message-Id: <20170213183826.73008-1-O2Graphics at users.noreply.github.com>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14045.html
+Signed-off-by: Gert Doering <gert at greenie.muc.de>
+---
+ src/openvpn/ssl_openssl.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
+index 8266595..abf69c9 100644
+--- ./src/openvpn/ssl_openssl.c~
++++ ./src/openvpn/ssl_openssl.c
+@@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
+         const EC_GROUP *ecgrp = NULL;
+         EVP_PKEY *pkey = NULL;
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
++        pkey = SSL_CTX_get0_privatekey(ctx->ctx);
++#else
+         /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
+-        SSL ssl;
+-        ssl.cert = ctx->ctx->cert;
+-        pkey = SSL_get_privatekey(&ssl);
++        SSL *ssl = SSL_new(ctx->ctx);
++        if (!ssl)
++        {
++            crypto_msg(M_FATAL, "SSL_new failed");
++        }
++        pkey = SSL_get_privatekey(ssl);
++        SSL_free(ssl);
++#endif
+ 
+         msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
+

More information about the svn-ports-all mailing list