aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCharlie Li <vishwin@FreeBSD.org>2021-06-07 00:32:16 +0000
committerXin LI <delphij@FreeBSD.org>2021-06-07 06:26:04 +0000
commit77073df27bfadfbc3ca2e5d9cee7f3ca293fca37 (patch)
treeffa40d3a6d9c39413992d5b3f1083a84d3718324
parenta0104a9c0057e734cda27d612a15d60ad9fdc0ea (diff)
downloadports-77073df27bfadfbc3ca2e5d9cee7f3ca293fca37.tar.gz
ports-77073df27bfadfbc3ca2e5d9cee7f3ca293fca37.zip
net/openldap24-server: fix build with LibreSSL
Modify the OpenSSL 1.1.1 preprocessor guards to also account for LibreSSL missing certain functions, particularly SSL_CTX_set_ciphersuites(3) and SSL_set_ciphersuites(3). While here, un-IGNORE for ${SSL_DEFAULT:Mlibressl*}. PORTREVISION intentionally not bumped as this is a build fix. PR: 256433
-rw-r--r--net/openldap24-server/Makefile4
-rw-r--r--net/openldap24-server/files/patch-libraries_libldap_tls__o.c20
2 files changed, 20 insertions, 4 deletions
diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile
index 0efe7962e43a..aa3d8dafa451 100644
--- a/net/openldap24-server/Makefile
+++ b/net/openldap24-server/Makefile
@@ -218,10 +218,6 @@ CONFIGURE_ARGS= --with-threads=posix \
--disable-dependency-tracking \
--enable-dynamic
-.if ${SSL_DEFAULT:Mlibressl*}
-IGNORE+= requires OpenSSL 1.1 TLSv1.3 API in a future release of LibreSSL
-.endif
-
.if ${PORT_OPTIONS:MSASL}
LIB_DEPENDS+= libsasl2.so:security/cyrus-sasl2
CONFIGURE_ARGS+= --with-cyrus-sasl
diff --git a/net/openldap24-server/files/patch-libraries_libldap_tls__o.c b/net/openldap24-server/files/patch-libraries_libldap_tls__o.c
new file mode 100644
index 000000000000..fa2c360671c0
--- /dev/null
+++ b/net/openldap24-server/files/patch-libraries_libldap_tls__o.c
@@ -0,0 +1,20 @@
+--- libraries/libldap/tls_o.c.orig 2021-06-03 18:40:31 UTC
++++ libraries/libldap/tls_o.c
+@@ -273,7 +273,7 @@ tlso_ctx_free ( tls_ctx *ctx )
+ SSL_CTX_free( c );
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000
++#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(OPENSSL_NO_TLS1_3)
+ static char *
+ tlso_stecpy( char *dst, const char *src, const char *end )
+ {
+@@ -382,7 +382,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls
+ SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
+
+ if ( lo->ldo_tls_ciphersuite ) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000
++#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(OPENSSL_NO_TLS1_3)
+ tlso_ctx_cipher13( ctx, lt->lt_ciphersuite );
+ #endif /* OpenSSL 1.1.1 */
+ if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )