$OpenBSD: patch-src_posttls-finger_posttls-finger_c,v 1.2 2017/03/04 22:09:43 sthen Exp $ --- a/src/posttls-finger/posttls-finger.c.orig Fri Feb 3 17:43:04 2017 +++ b/src/posttls-finger/posttls-finger.c Mon Feb 20 12:42:58 2017 @@ -1513,7 +1513,8 @@ static int finger(STATE *state) return (0); } -#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(USE_TLS) && \ + ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) /* ssl_cleanup - free memory allocated in the OpenSSL library */ @@ -1966,7 +1967,8 @@ int main(int argc, char *argv[]) cleanup(&state); /* OpenSSL 1.1.0 and later (de)initialization is implicit */ -#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(USE_TLS) && \ + ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) ssl_cleanup(); #endif $OpenBSD: patch-src_tls_tls_client_c,v 1.2 2017/03/04 22:09:43 sthen Exp $ --- a/src/tls/tls_client.c.orig Sun Jan 1 17:22:13 2017 +++ b/src/tls/tls_client.c Mon Feb 20 12:42:58 2017 @@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_ */ tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must @@ -433,7 +433,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_ /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * According to the OpenSSL documentation, temporary RSA key is needed $OpenBSD: patch-src_tls_tls_dane_c,v 1.2 2017/03/04 22:09:43 sthen Exp $ --- a/src/tls/tls_dane.c.orig Sun Jan 1 17:22:13 2017 +++ b/src/tls/tls_dane.c Mon Feb 20 12:42:58 2017 @@ -2125,7 +2125,7 @@ static SSL_CTX *ctx_init(const char *CAfile) tls_param_init(); tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings(); SSL_library_init(); #endif $OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $ Fix building with LibreSSL --- a/src/tls/tls_dh.c.orig Mon Dec 26 18:47:24 2016 +++ b/src/tls/tls_dh.c Sat Feb 4 01:45:39 2017 @@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx) * This is a NOP in OpenSSL 1.1.0 and later, where curves are always * auto-negotiated. */ -#if OPENSSL_VERSION_NUMBER < 0x10100000UL +#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER) if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) { msg_warn("failed to enable automatic ECDHE curve selection"); tls_print_errors(); $OpenBSD: patch-src_tls_tls_h,v 1.2 2017/03/04 22:09:43 sthen Exp $ Fix building with LibreSSL --- a/src/tls/tls.h.orig Sun Jan 1 17:22:13 2017 +++ b/src/tls/tls.h Fri Jan 6 23:17:26 2017 @@ -89,7 +89,7 @@ extern const char *str_tls_level(int); #endif /* Backwards compatibility with OpenSSL < 1.1.0 */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define OpenSSL_version_num SSLeay #define OpenSSL_version SSLeay_version #define OPENSSL_VERSION SSLEAY_VERSION @@ -104,6 +104,9 @@ extern const char *str_tls_level(int); #define ASN1_STRING_get0_data ASN1_STRING_data #define X509_getm_notBefore X509_get_notBefore #define X509_getm_notAfter X509_get_notAfter +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define TLS_method SSLv23_method #define TLS_client_method SSLv23_client_method #define TLS_server_method SSLv23_server_method $OpenBSD: patch-src_tls_tls_rsa_c,v 1.1 2016/09/03 15:39:58 sthen Exp $ --- a/src/tls/tls_rsa.c.orig Thu Sep 1 21:57:15 2016 +++ b/src/tls/tls_rsa.c Thu Sep 1 21:58:11 2016 @@ -57,7 +57,7 @@ /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */ @@ -109,7 +109,7 @@ int main(int unused_argc, char *const argv[]) /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) RSA *rsa; msg_vstream_init(argv[0], VSTREAM_ERR); $OpenBSD: patch-src_tls_tls_server_c,v 1.2 2017/03/04 22:09:43 sthen Exp $ --- a/src/tls/tls_server.c.orig Sun Jan 1 17:22:13 2017 +++ b/src/tls/tls_server.c Mon Feb 20 12:42:58 2017 @@ -174,7 +174,7 @@ static const char server_session_id_context[] = "Postf #endif /* OPENSSL_VERSION_NUMBER */ /* OpenSSL 1.1.0 bitrot */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) typedef const unsigned char *session_id_t; #else @@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_ */ tls_check_version(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * Initialize the OpenSSL library by the book! To start with, we must @@ -580,7 +580,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_ /* * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* * According to OpenSSL documentation, a temporary RSA key is needed when For LibreSSL 2.4: --- a/src/tls/tls_dh.c.orig +++ b/src/tls/tls_dh.c @@ -244,7 +244,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx) { -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) +#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER) SSL_CTX *tmpctx; int *nids; int space = 5;