On 2016-08-31 14:26, Bernard Spil wrote: > Hi, > > We've found issues building OpenConnect 7.07 with LibreSSL which were > introduced by the OpenSSL 1.1.0 changes. This is caused by LibreSSL > setting OPENSSL_VERSION_NUMBER to 0x20000000L. The LibreSSL project > includes a define LIBRESSL_VERSION_NUMBER in openssl/opensslv.h that > can > be used to fix build errors like this. > > I've added the patch to the FreeBSD wiki page on LibreSSL > (https://wiki.freebsd.org/LibreSSL/Ports) > > --- openssl.c.orig 2016-07-09 14:43:41 UTC > +++ openssl.c > @@ -36,11 +36,11 @@ > #include <openssl/ui.h> > #include <openssl/rsa.h> > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined > (LIBRESSL_VERSION_NUMBER) > #define X509_up_ref(x) CRYPTO_add(&(x)->references, 1, > CRYPTO_LOCK_X509) > #endif > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined > (LIBRESSL_VERSION_NUMBER) > #define EVP_MD_CTX_new EVP_MD_CTX_create > #define EVP_MD_CTX_free EVP_MD_CTX_destroy > #define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain) > @@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct ope > return 0; > } > > -#if OPENSSL_VERSION_NUMBER < 0x10002000L > +#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined > (LIBRESSL_VERSION_NUMBER) > static int match_hostname_elem(const char *hostname, int helem_len, > const char *match, int melem_len) > { > --- openssl-esp.c.orig 2016-07-08 15:35:18 UTC > +++ openssl-esp.c > @@ -27,7 +27,7 @@ > #include <openssl/evp.h> > #include <openssl/rand.h> > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) > > #define EVP_CIPHER_CTX_free(c) do { \ > EVP_CIPHER_CTX_cleanup(c); \ > @@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openc > } > EVP_CIPHER_CTX_set_padding(esp->cipher, 0); > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined > (LIBRESSL_VERSION_NUMBER) > esp->hmac = malloc(sizeof(*esp->hmac)); > esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac)); > if (!esp->hmac || &esp->pkt_hmac) { > > Signed-off-by: Bernard Spil <brnrd at FreeBSD.org> > > Hope you'll include this in OpenConnect! > > With kind regards, > > Bernard Spil. > FreeBSD Ports committer Hi, I heard you like git diffs. Please find a git diff against master attached. Cheers, Bernard. -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-openconenct-LibreSSL Type: text/x-diff Size: 2008 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/44c930e0/attachment.bin>
