community/cargo/openssl-libressl263-compat.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

From 22e79596e7b162bbe65db13fa00a6c23fd7b5555 Mon Sep 17 00:00:00 2001
From: phoebe jenkins <feeeb@protonmail.com>
Date: Mon, 23 Oct 2017 13:56:39 -0400
Subject: [PATCH] Add support for LibreSSL 2.6.3

Patch-Source: https://github.com/sfackler/rust-openssl/pull/759

--- a/openssl/openssl-sys/build.rs
+++ b/openssl/openssl-sys/build.rs
@@ -316,8 +316,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version {
 #include <openssl/opensslv.h>
 #include <openssl/opensslconf.h>
 
-#if LIBRESSL_VERSION_NUMBER >= 0x20603000
+#if LIBRESSL_VERSION_NUMBER >= 0x20604000
 RUST_LIBRESSL_NEW
+#elif LIBRESSL_VERSION_NUMBER >= 0x20603000
+RUST_LIBRESSL_263
 #elif LIBRESSL_VERSION_NUMBER >= 0x20602000
 RUST_LIBRESSL_262
 #elif LIBRESSL_VERSION_NUMBER >= 0x20601000
@@ -475,6 +477,13 @@ See rust-openssl README for more information:
         println!("cargo:libressl_version=262");
         println!("cargo:version=101");
         Version::Libressl
+    } else if expanded.contains("RUST_LIBRESSL_263") {
+        println!("cargo:rustc-cfg=libressl");
+        println!("cargo:rustc-cfg=libressl263");
+        println!("cargo:libressl=true");
+        println!("cargo:libressl_version=263");
+        println!("cargo:version=101");
+        Version::Libressl
     } else if expanded.contains("RUST_OPENSSL_110F") {
         println!("cargo:rustc-cfg=ossl110");
         println!("cargo:rustc-cfg=ossl110f");
--- a/openssl/openssl-sys/src/lib.rs
+++ b/openssl/openssl-sys/src/lib.rs
@@ -1250,14 +1250,14 @@ pub const SSL_VERIFY_NONE: c_int = 0;
 pub const SSL_VERIFY_PEER: c_int = 1;
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 
-#[cfg(not(any(libressl261, libressl262, ossl101)))]
+#[cfg(not(any(libressl261, libressl262, libressl263, ossl101)))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
-#[cfg(any(libressl261, libressl262))]
+#[cfg(any(libressl261, libressl262, libressl263))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
-#[cfg(not(any(libressl261, libressl262)))]
+#[cfg(not(any(libressl261, libressl262, libressl263)))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
-#[cfg(any(libressl261, libressl262))]
+#[cfg(any(libressl261, libressl262, libressl263))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(libressl))]
--- a/openssl/openssl-sys/src/libressl/mod.rs
+++ b/openssl/openssl-sys/src/libressl/mod.rs
@@ -345,9 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
 
-#[cfg(any(libressl261, libressl262))]
+#[cfg(any(libressl261, libressl262, libressl263))]
 pub const SSL_OP_ALL: c_ulong = 0x4;
-#[cfg(not(any(libressl261, libressl262)))]
+#[cfg(not(any(libressl261, libressl262, libressl263)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
@@ -360,9 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
-#[cfg(any(libressl261, libressl262))]
+#[cfg(any(libressl261, libressl262, libressl263))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
-#[cfg(not(any(libressl261, libressl262)))]
+#[cfg(not(any(libressl261, libressl262, libressl263)))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
--- a/openssl/openssl/src/ssl/mod.rs
+++ b/openssl/openssl/src/ssl/mod.rs
@@ -652,7 +652,7 @@ impl SslContextBuilder {
 
     /// Set the protocols to be used during Next Protocol Negotiation (the protocols
     /// supported by the application).
-    #[cfg(not(any(libressl261, libressl262)))]
+    #[cfg(not(any(libressl261, libressl262, libressl263)))]
     pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
         // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
         // APIs -- a list of length-prefixed strings.
@@ -1311,7 +1311,7 @@ impl SslRef {
     ///
     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
     /// to interpret it.
-    #[cfg(not(any(libressl261, libressl262)))]
+    #[cfg(not(any(libressl261, libressl262, libressl263)))]
     pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
         unsafe {
             let mut data: *const c_uchar = ptr::null();
--- a/openssl/openssl/src/ssl/tests/mod.rs
+++ b/openssl/openssl/src/ssl/tests/mod.rs
@@ -503,7 +503,7 @@ fn test_connect_with_unilateral_alpn() {
 /// Tests that connecting with the client using NPN, but the server not does not
 /// break the existing connection behavior.
 #[test]
-#[cfg(not(any(libressl261, libressl262)))]
+#[cfg(not(any(libressl261, libressl262, libressl263)))]
 fn test_connect_with_unilateral_npn() {
     let (_s, stream) = Server::new();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -616,7 +616,7 @@ fn test_connect_with_npn_successful_single_match() {
 /// Tests that when the `SslStream` is created as a server stream, the protocols
 /// are correctly advertised to the client.
 #[test]
-#[cfg(not(any(libressl261, libressl262)))]
+#[cfg(not(any(libressl261, libressl262, libressl263)))]
 fn test_npn_server_advertise_multiple() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -1241,7 +1241,7 @@ fn tmp_dh_callback() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))]
+#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl263))), all(feature = "v102", ossl102)))]
 fn tmp_ecdh_callback() {
     use ec::EcKey;
     use nid;
@@ -1308,7 +1308,7 @@ fn tmp_dh_callback_ssl() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262))), all(feature = "v102", ossl102)))]
+#[cfg(any(all(feature = "v101", ossl101, not(any(libressl261, libressl262, libressl263))), all(feature = "v102", ossl102)))]
 fn tmp_ecdh_callback_ssl() {
     use ec::EcKey;
     use nid;