path: root/main/postfix/libressl.patch

$OpenBSD: patch-src_posttls-finger_posttls-finger_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
--- a/src/posttls-finger/posttls-finger.c.orig	Fri Feb  3 17:43:04 2017
+++ b/src/posttls-finger/posttls-finger.c	Mon Feb 20 12:42:58 2017
@@ -1513,7 +1513,8 @@ static int finger(STATE *state)
     return (0);
 }
 
-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(USE_TLS) && \
+    ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
 
 /* ssl_cleanup - free memory allocated in the OpenSSL library */
 
@@ -1966,7 +1967,8 @@ int     main(int argc, char *argv[])
     cleanup(&state);
 
     /* OpenSSL 1.1.0 and later (de)initialization is implicit */
-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(USE_TLS) && \
+    ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
     ssl_cleanup();
 #endif
 
$OpenBSD: patch-src_tls_tls_client_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
--- a/src/tls/tls_client.c.orig	Sun Jan  1 17:22:13 2017
+++ b/src/tls/tls_client.c	Mon Feb 20 12:42:58 2017
@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_
      */
     tls_check_version();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
@@ -433,7 +433,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_
     /*
      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * According to the OpenSSL documentation, temporary RSA key is needed
$OpenBSD: patch-src_tls_tls_dane_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
--- a/src/tls/tls_dane.c.orig	Sun Jan  1 17:22:13 2017
+++ b/src/tls/tls_dane.c	Mon Feb 20 12:42:58 2017
@@ -2125,7 +2125,7 @@ static SSL_CTX *ctx_init(const char *CAfile)
     tls_param_init();
     tls_check_version();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     SSL_load_error_strings();
     SSL_library_init();
 #endif
$OpenBSD: patch-src_tls_tls_dh_c,v 1.1 2017/03/04 22:09:43 sthen Exp $

Fix building with LibreSSL

--- a/src/tls/tls_dh.c.orig	Mon Dec 26 18:47:24 2016
+++ b/src/tls/tls_dh.c	Sat Feb  4 01:45:39 2017
@@ -314,7 +314,7 @@ void    tls_auto_eecdh_curves(SSL_CTX *ctx)
      * This is a NOP in OpenSSL 1.1.0 and later, where curves are always
      * auto-negotiated.
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER)
     if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
 	msg_warn("failed to enable automatic ECDHE curve selection");
 	tls_print_errors();
$OpenBSD: patch-src_tls_tls_h,v 1.2 2017/03/04 22:09:43 sthen Exp $

Fix building with LibreSSL

--- a/src/tls/tls.h.orig	Sun Jan  1 17:22:13 2017
+++ b/src/tls/tls.h	Fri Jan  6 23:17:26 2017
@@ -89,7 +89,7 @@ extern const char *str_tls_level(int);
 #endif
 
  /* Backwards compatibility with OpenSSL < 1.1.0 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define OpenSSL_version_num SSLeay
 #define OpenSSL_version SSLeay_version
 #define OPENSSL_VERSION SSLEAY_VERSION
@@ -104,6 +104,9 @@ extern const char *str_tls_level(int);
 #define ASN1_STRING_get0_data ASN1_STRING_data
 #define X509_getm_notBefore X509_get_notBefore
 #define X509_getm_notAfter X509_get_notAfter
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define TLS_method SSLv23_method
 #define TLS_client_method SSLv23_client_method
 #define TLS_server_method SSLv23_server_method
$OpenBSD: patch-src_tls_tls_rsa_c,v 1.1 2016/09/03 15:39:58 sthen Exp $
--- a/src/tls/tls_rsa.c.orig	Thu Sep  1 21:57:15 2016
+++ b/src/tls/tls_rsa.c	Thu Sep  1 21:58:11 2016
@@ -57,7 +57,7 @@
  /*
   * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
   */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
 
@@ -109,7 +109,7 @@ int     main(int unused_argc, char *const argv[])
     /*
      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     RSA    *rsa;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
$OpenBSD: patch-src_tls_tls_server_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
--- a/src/tls/tls_server.c.orig	Sun Jan  1 17:22:13 2017
+++ b/src/tls/tls_server.c	Mon Feb 20 12:42:58 2017
@@ -174,7 +174,7 @@ static const char server_session_id_context[] = "Postf
 #endif					/* OPENSSL_VERSION_NUMBER */
 
  /* OpenSSL 1.1.0 bitrot */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 typedef const unsigned char *session_id_t;
 
 #else
@@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_
      */
     tls_check_version();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
@@ -580,7 +580,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_
     /*
      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
     /*
      * According to OpenSSL documentation, a temporary RSA key is needed when

For LibreSSL 2.4:
--- a/src/tls/tls_dh.c.orig
+++ b/src/tls/tls_dh.c
@@ -244,7 +244,7 @@
 
 void    tls_auto_eecdh_curves(SSL_CTX *ctx)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CTX *tmpctx;
     int    *nids;
     int     space = 5;