main/postfix/libressl.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

$OpenBSD: patch-src_tls_tls_h,v 1.1 2016/03/05 17:34:24 sthen Exp $

Fix building with LibreSSL

--- a/src/tls/tls.h.orig	Sat Feb  6 15:09:41 2016
+++ b/src/tls/tls.h	Fri Feb 12 20:15:25 2016
@@ -89,7 +89,7 @@ extern const char *str_tls_level(int);
 #endif
 
  /* Backwards compatibility with OpenSSL < 1.1.0 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define OpenSSL_version_num SSLeay
 #define OpenSSL_version SSLeay_version
 #define OPENSSL_VERSION SSLEAY_VERSION
diff -urp src/posttls-finger/posttls-finger.c src/posttls-finger/posttls-finger.c
--- a/src/posttls-finger/posttls-finger.c.orig	2016-08-27 22:27:50.000000000 +0200
+++ b/src/posttls-finger/posttls-finger.c	2016-08-29 15:57:24.941368708 +0200
@@ -1511,7 +1511,7 @@ static int finger(STATE *state)
     return (0);
 }
 
-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(USE_TLS) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
 
 /* ssl_cleanup - free memory allocated in the OpenSSL library */
 
@@ -1958,7 +1958,7 @@ int     main(int argc, char *argv[])
     cleanup(&state);
 
     /* OpenSSL 1.1.0 and later (de)initialization is implicit */
-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     ssl_cleanup();
 #endif
 
diff -urp src/tls/tls_client.c src/tls/tls_client.c
--- a/src/tls/tls_client.c.orig	2016-08-27 22:27:50.000000000 +0200
+++ b/src/tls/tls_client.c	2016-08-29 16:00:17.115355822 +0200
@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TL
      */
     tls_check_version();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
@@ -356,7 +356,7 @@ TLS_APPL_STATE *tls_client_init(const TL
      * TLS_ANY_VERSION macro.
      */
     ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) && defined(TLS_ANY_VERSION)
     client_ctx = SSL_CTX_new(TLS_client_method());
 #else
     client_ctx = SSL_CTX_new(SSLv23_client_method());
@@ -441,7 +441,7 @@ TLS_APPL_STATE *tls_client_init(const TL
     /*
      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * According to the OpenSSL documentation, temporary RSA key is needed
diff -urp src/tls/tls_dane.c src/tls/tls_dane.c
--- a/src/tls/tls_dane.c.orig	2016-08-27 22:27:50.000000000 +0200
+++ b/src/tls/tls_dane.c	2016-08-29 15:58:30.467363804 +0200
@@ -2163,7 +2163,7 @@ static SSL_CTX *ctx_init(const char *CAf
     tls_param_init();
     tls_check_version();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     SSL_load_error_strings();
     SSL_library_init();
 #endif
diff -urp src/tls/tls_rsa.c src/tls/tls_rsa.c
--- a/src/tls/tls_rsa.c.orig	2016-01-03 15:49:51.000000000 +0100
+++ b/src/tls/tls_rsa.c	2016-08-29 15:57:58.067366229 +0200
@@ -57,7 +57,7 @@
  /*
   * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
   */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
 
@@ -109,7 +109,7 @@ int     main(int unused_argc, char *cons
     /*
      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     RSA    *rsa;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
diff -urp src/tls/tls_server.c src/tls/tls_server.c
--- a/src/tls/tls_server.c.orig	2016-08-27 22:27:50.000000000 +0200
+++ b/src/tls/tls_server.c	2016-08-29 15:59:41.807358465 +0200
@@ -174,7 +174,7 @@ static const char server_session_id_cont
 #endif					/* OPENSSL_VERSION_NUMBER */
 
  /* OpenSSL 1.1.0 bitrot */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 typedef const unsigned char *session_id_t;
 
 #else
@@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TL
      */
     tls_check_version();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
@@ -447,7 +447,7 @@ TLS_APPL_STATE *tls_server_init(const TL
      * TLS_ANY_VERSION macro.
      */
     ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) && defined(TLS_ANY_VERSION)
     server_ctx = SSL_CTX_new(TLS_server_method());
 #else
     server_ctx = SSL_CTX_new(SSLv23_server_method());
@@ -588,7 +588,7 @@ TLS_APPL_STATE *tls_server_init(const TL
     /*
      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * According to OpenSSL documentation, a temporary RSA key is needed when