aboutsummaryrefslogtreecommitdiffstats
path: root/community/stunnel/stunnel-libressl.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/stunnel/stunnel-libressl.patch')
-rw-r--r--community/stunnel/stunnel-libressl.patch252
1 files changed, 252 insertions, 0 deletions
diff --git a/community/stunnel/stunnel-libressl.patch b/community/stunnel/stunnel-libressl.patch
new file mode 100644
index 0000000000..9b39720c9f
--- /dev/null
+++ b/community/stunnel/stunnel-libressl.patch
@@ -0,0 +1,252 @@
+diff --git a/src/common.h b/src/common.h
+index f7d38b0..6b81341 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -448,7 +448,7 @@ extern char *sys_errlist[];
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+@@ -474,7 +474,7 @@ extern char *sys_errlist[];
+ #include <openssl/des.h>
+ #ifndef OPENSSL_NO_DH
+ #include <openssl/dh.h>
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ #endif /* OpenSSL older than 1.1.0 */
+ #endif /* !defined(OPENSSL_NO_DH) */
+diff --git a/src/ctx.c b/src/ctx.c
+index 5b282e9..7984f32 100644
+--- a/src/ctx.c
++++ b/src/ctx.c
+@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+ /**************************************** initialize OpenSSL CONF */
+
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CONF_CTX *cctx;
+ NAME_LIST *curr;
+ char *cmd, *param;
+diff --git a/src/options.c b/src/options.c
+index 22e00dd..5674284 100644
+--- a/src/options.c
++++ b/src/options.c
+@@ -1291,7 +1291,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
+ break;
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ /* checkEmail */
+ switch(cmd) {
+@@ -1428,7 +1428,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
+ break;
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ /* config */
+ switch(cmd) {
+@@ -2617,7 +2617,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
+ /* sslVersion */
+ switch(cmd) {
+ case CMD_BEGIN:
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ section->client_method=(SSL_METHOD *)TLS_client_method();
+ section->server_method=(SSL_METHOD *)TLS_server_method();
+ #else
+@@ -2629,7 +2629,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
+ if(strcasecmp(opt, "sslVersion"))
+ break;
+ if(!strcasecmp(arg, "all")) {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ section->client_method=(SSL_METHOD *)TLS_client_method();
+ section->server_method=(SSL_METHOD *)TLS_server_method();
+ #else
+diff --git a/src/prototypes.h b/src/prototypes.h
+index 182c764..d57aff2 100644
+--- a/src/prototypes.h
++++ b/src/prototypes.h
+@@ -206,7 +206,7 @@ typedef struct service_options_struct {
+ char *ocsp_url;
+ unsigned long ocsp_flags;
+ #endif /* !defined(OPENSSL_NO_OCSP) */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NAME_LIST *check_host, *check_email, *check_ip; /* cert subject checks */
+ NAME_LIST *config; /* OpenSSL CONF options */
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+@@ -650,13 +650,13 @@ typedef enum {
+ #endif /* OPENSSL_NO_DH */
+ STUNNEL_LOCKS /* number of locks */
+ } LOCK_TYPE;
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L
++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ typedef int STUNNEL_RWLOCK;
+ #else
+ typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
+ #endif
+ extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
+-#if OPENSSL_VERSION_NUMBER>=0x10100004L
++#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
+ #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
+ #else
+diff --git a/src/ssl.c b/src/ssl.c
+index d5b27bd..8dae820 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -78,7 +78,7 @@ int ssl_init(void) { /* init SSL before parsing configuration file */
+ }
+
+ #ifndef OPENSSL_NO_DH
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
+ * to be linked against the older versions */
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+diff --git a/src/sthreads.c b/src/sthreads.c
+index 4e4e0e9..f61f230 100644
+--- a/src/sthreads.c
++++ b/src/sthreads.c
+@@ -45,7 +45,7 @@
+
+ STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
+ #endif
+
+@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, CLI *arg, void *(*cli)(void *)) {
+
+ #ifdef USE_PTHREAD
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ struct CRYPTO_dynlock_value {
+ pthread_rwlock_t rwlock;
+@@ -263,7 +263,8 @@ unsigned long stunnel_thread_id(void) {
+ #endif
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER>=0x10000000L && \
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
+ CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
+ }
+@@ -272,7 +273,7 @@ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
+ int sthreads_init(void) {
+ int i;
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* initialize the OpenSSL dynamic locking */
+ CRYPTO_set_dynlock_create_callback(dyn_create_function);
+ CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
+@@ -345,7 +346,7 @@ int create_client(SOCKET ls, SOCKET s, CLI *arg, void *(*cli)(void *)) {
+ * but it is unsupported on Windows XP (and earlier versions of Windows):
+ * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ struct CRYPTO_dynlock_value {
+ CRITICAL_SECTION mutex;
+@@ -398,7 +399,7 @@ unsigned long stunnel_thread_id(void) {
+ int sthreads_init(void) {
+ int i;
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* initialize the OpenSSL dynamic locking */
+ CRYPTO_set_dynlock_create_callback(dyn_create_function);
+ CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
+diff --git a/src/verify.c b/src/verify.c
+index 9fc0ff9..5c7ff26 100644
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -51,7 +51,7 @@ NOEXPORT int add_dir_lookup(X509_STORE *, char *);
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+@@ -120,7 +120,7 @@ NOEXPORT int crl_init(SERVICE_OPTIONS *section) {
+ return 1; /* FAILED */
+ }
+ if(section->crl_dir) {
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* do not cache CRLs (only required with OpenSSL version < 1.0.0) */
+ store->cache=0;
+ #endif
+@@ -178,7 +178,7 @@ NOEXPORT void auth_warnings(SERVICE_OPTIONS *section) {
+ if(section->option.verify_peer) /* verify_peer does not depend on PKI */
+ return;
+ if(section->option.verify_chain) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if(section->check_email || section->check_host || section->check_ip)
+ return;
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STORE_CTX *callback_ctx,
+ }
+
+ if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if(!cert_check_subject(c, callback_ctx))
+ return 0; /* reject */
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STORE_CTX *callback_ctx,
+ return 1; /* accept */
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+ X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+ NAME_LIST *ptr;
+@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ STACK_OF(X509) *sk;
+ int i;
+ #endif
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ X509_OBJECT obj;
+ int success;
+ #endif
+@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ subject=X509_get_subject_name(cert);
+
+ #if OPENSSL_VERSION_NUMBER>=0x10000000L
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+ /* modern API allows retrieving multiple matching certificates */
+@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ }
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* pre-1.0.0 API only returns a single matching certificate */
+ /* we also invoke it for other OpenSSL versions before 1.1.0 */
+ memset((char *)&obj, 0, sizeof obj);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 14:02:28 +0000