1 files changed, 56 insertions, 0 deletions

diff --git a/main/strongswan/libressl-fix.patch b/main/strongswan/libressl-fix.patch
new file mode 100644
index 0000000000..a7074e0d92
--- /dev/null
+++ b/main/strongswan/libressl-fix.patch
@@ -0,0 +1,56 @@
+--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_crl.c
++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_crl.c
+@@ -320,12 +320,7 @@
+ 			return FALSE;
+ 		}
+ 	}
+-	/* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+-	tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
+-#else
+ 	tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
+-#endif
+ 	X509_CRL_get0_signature(this->crl, &sig, NULL);
+ 	valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs,
+ 						openssl_asn1_str2chunk(sig));
+--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+@@ -39,8 +39,8 @@
+ OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
+ OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
+ OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
+-#define BN_secure_new() BN_new()
+ #endif
++#define BN_secure_new() BN_new()
+ 
+ typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
+ 
+--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_util.c
++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_util.c
+@@ -22,11 +22,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/x509.h>
+ 
+-/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #define OBJ_get0_data(o) ((o)->data)
+ #define OBJ_length(o) ((o)->length)
+-#endif
+ 
+ /**
+  * Described in header.
+--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_x509.c
++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_x509.c
+@@ -420,12 +420,7 @@
+ 	{
+ 		return FALSE;
+ 	}
+-	/* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+-	tbs = openssl_i2chunk(re_X509_tbs, this->x509);
+-#else
+ 	tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);
+-#endif
+ 	X509_get0_signature(&sig, NULL, this->x509);
+ 	valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs,
+ 						openssl_asn1_str2chunk(sig));