forked from freebsd/freebsd-ports
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HBSD: security/certificate-transparency: Fix build with LibreSSL
Fixes #11 See also google/certificate-transparency#1364 Signed-off-by: Bernard Spil <[email protected]>
- Loading branch information
Showing
5 changed files
with
94 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 10 additions & 48 deletions
58
security/certificate-transparency/files/patch-cpp-client-ct.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,49 +1,11 @@ | ||
--- cpp/client/ct.cc.orig 2016-10-14 17:11:57 UTC | ||
--- cpp/client/ct.cc.orig 2017-02-11 20:58:57 UTC | ||
+++ cpp/client/ct.cc | ||
@@ -451,8 +451,8 @@ static void MakeCert() { | ||
This comment has been minimized.
Sorry, something went wrong. |
||
// (This means the relevant section should be last in the configuration.) | ||
// 1.2.3.1=DER:[raw encoding of proof] | ||
static void WriteProofToConfig() { | ||
- CHECK(!FLAGS_sct_token.empty()) << google::ProgramUsage(); | ||
- CHECK(!FLAGS_extensions_config_out.empty()) << google::ProgramUsage(); | ||
+ CHECK(!FLAGS_sct_token.empty()) << gflags::ProgramUsage(); | ||
+ CHECK(!FLAGS_extensions_config_out.empty()) << gflags::ProgramUsage(); | ||
|
||
string sct; | ||
|
||
@@ -479,8 +479,8 @@ static const char kPEMLabel[] = "SERVERI | ||
// Wrap the proof in the format expected by the TLS extension, | ||
// so that we can feed it to OpenSSL. | ||
static void ProofToExtensionData() { | ||
- CHECK(!FLAGS_sct_token.empty()) << google::ProgramUsage(); | ||
- CHECK(!FLAGS_tls_extension_data_out.empty()) << google::ProgramUsage(); | ||
+ CHECK(!FLAGS_sct_token.empty()) << gflags::ProgramUsage(); | ||
+ CHECK(!FLAGS_tls_extension_data_out.empty()) << gflags::ProgramUsage(); | ||
string serialized_sct; | ||
PCHECK(util::ReadBinaryFile(FLAGS_sct_token, &serialized_sct)) | ||
@@ -939,13 +939,13 @@ int GetSTH() { | ||
// Exit code upon abnormal exit (CHECK failures): != 0 | ||
// (on UNIX, 134 is expected) | ||
int main(int argc, char** argv) { | ||
- google::SetUsageMessage(argv[0] + string(kUsage)); | ||
+ gflags::SetUsageMessage(argv[0] + string(kUsage)); | ||
util::InitCT(&argc, &argv); | ||
ConfigureSerializerForV1CT(); | ||
const string main_command(argv[0]); | ||
if (argc < 2) { | ||
- std::cout << google::ProgramUsage(); | ||
+ std::cout << gflags::ProgramUsage(); | ||
return 1; | ||
} | ||
@@ -983,7 +983,7 @@ int main(int argc, char** argv) { | ||
} else if (cmd == "sth") { | ||
ret = GetSTH(); | ||
} else { | ||
- std::cout << google::ProgramUsage(); | ||
+ std::cout << gflags::ProgramUsage(); | ||
ret = 1; | ||
} | ||
@@ -530,7 +530,7 @@ static void ProofToExtensionData() { | ||
<< " for writing:" << strerror(errno); | ||
|
||
// Work around broken PEM_write() declaration in older OpenSSL versions. | ||
-#if OPENSSL_VERSION_NUMBER < 0x10002000L | ||
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) | ||
PEM_write(out, const_cast<char*>(kPEMLabel), const_cast<char*>(""), | ||
const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>( | ||
extension_data_out.str().data())), |
11 changes: 11 additions & 0 deletions
11
security/certificate-transparency/files/patch-cpp_client_ssl__client.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- cpp/client/ssl_client.cc.orig 2016-10-14 17:11:57 UTC | ||
+++ cpp/client/ssl_client.cc | ||
@@ -88,7 +88,7 @@ SSLClient::SSLClient(const string& serve | ||
|
||
SSL_CTX_set_cert_verify_callback(ctx_.get(), &VerifyCallback, &verify_args_); | ||
|
||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L | ||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) | ||
SSL_CTX_add_client_custom_ext(ctx_.get(), CT_EXTENSION_TYPE, NULL, NULL, | ||
NULL, ExtensionCallback, &verify_args_); | ||
#else |
20 changes: 20 additions & 0 deletions
20
security/certificate-transparency/files/patch-cpp_log_cert.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- cpp/log/cert.cc.orig 2016-10-14 17:11:57 UTC | ||
+++ cpp/log/cert.cc | ||
@@ -31,7 +31,7 @@ using util::StatusOr; | ||
using util::error::Code; | ||
|
||
|
||
-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(OPENSSL_IS_BORINGSSL) | ||
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER) | ||
// Backport from 1.0.2-beta3. | ||
static int i2d_re_X509_tbs(X509* x, unsigned char** pp) { | ||
x->cert_info->enc.modified = 1; | ||
@@ -39,7 +39,7 @@ static int i2d_re_X509_tbs(X509* x, unsi | ||
} | ||
#endif | ||
|
||
-#if OPENSSL_VERSION_NUMBER < 0x10002000L | ||
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) | ||
static int X509_get_signature_nid(const X509* x) { | ||
return OBJ_obj2nid(x->sig_alg->algorithm); | ||
} |
Donna E Santiago