www/squid-devel: Update to 4.0.18

- Update to version 4.0.18
 - Fix build with LibreSSL

PR:		217045
Approved by:	timp87@gmail.com (maintainer)

www/squid-devel/Makefile

@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	squid
-PORTVERSION=	4.0.17
+PORTVERSION=	4.0.18
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v4/ \
 		http://www2.us.squid-cache.org/Versions/v4/ \

www/squid-devel/distinfo

@@ -1,3 +1,3 @@
 TIMESTAMP = 1467941699
-SHA256 (squid4.0/squid-4.0.17.tar.xz) = 8b1f3487495d1b02892bd63d6bdd97862be62a9cebc27245426de4543876239c
-SIZE (squid4.0/squid-4.0.17.tar.xz) = 2410244
+SHA256 (squid4.0/squid-4.0.18.tar.xz) = 6e5d2dd9477085b023c4c8ebfc2124ed2bc9795fdc74d190c9273c70ba6f2560
+SIZE (squid4.0/squid-4.0.18.tar.xz) = 2411340

www/squid-devel/files/patch-src_ssl_bio.cc

@@ -0,0 +1,38 @@
+--- src/ssl/bio.cc.orig	2017-02-05 21:15:41 UTC
++++ src/ssl/bio.cc
+@@ -43,7 +43,7 @@ static int squid_bio_destroy(BIO *data);
+ /* SSL callbacks */
+ static void squid_ssl_info(const SSL *ssl, int where, int ret);
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+ /// Initialization structure for the BIO table with
+ /// Squid-specific methods and BIO method wrappers.
+ static BIO_METHOD SquidMethods = {
+@@ -65,7 +65,7 @@ static BIO_METHOD *SquidMethods = NULL;
+ BIO *
+ Ssl::Bio::Create(const int fd, Ssl::Bio::Type type)
+ {
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+     BIO_METHOD *useMethod = &SquidMethods;
+ #else
+     if (!SquidMethods) {
+@@ -562,7 +562,7 @@ Ssl::ServerBio::resumingSession()
+ static int
+ squid_bio_create(BIO *bi)
+ {
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+     bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD)
+     bi->num = 0;
+     bi->flags = 0;
+@@ -706,7 +706,7 @@ applyTlsDetailsToSSL(SSL *ssl, Security:
+             cbytes[0] = (cipherId >> 8) & 0xFF;
+             cbytes[1] = cipherId & 0xFF;
+             cbytes[2] = 0;
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+             const SSL_METHOD *method = SSLv23_method();
+             const SSL_CIPHER *c = method->get_cipher_by_char(cbytes);
+ #else

www/squid-devel/files/patch-src_ssl_bio.h

@@ -0,0 +1,11 @@
+--- src/ssl/bio.h.orig	2017-02-05 21:15:41 UTC
++++ src/ssl/bio.h
+@@ -205,7 +205,7 @@ private:
+ void
+ applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+ // OpenSSL v1.0 bio compatibility functions
+ inline void *BIO_get_data(BIO *table) { return table->ptr; }
+ inline void BIO_set_data(BIO *table, void *data) { table->ptr = data; }

www/squid-devel/files/patch-src_ssl_gadgets.cc

@@ -0,0 +1,11 @@
+--- src/ssl/gadgets.cc.orig	2017-02-05 21:15:41 UTC
++++ src/ssl/gadgets.cc
+@@ -387,7 +387,7 @@ mimicExtensions(Security::CertPointer & 
+         DecipherOnly
+     };
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+     const int mimicAlgo = OBJ_obj2nid(mimicCert.get()->cert_info->key->algor->algorithm);
+     const bool rsaPkey = (mimicAlgo == NID_rsaEncryption);
+ #else

www/squid-devel/files/patch-src_ssl_support.cc

@@ -0,0 +1,56 @@
+--- src/ssl/support.cc.orig	2017-02-12 21:14:36 UTC
++++ src/ssl/support.cc
+@@ -235,7 +235,7 @@ bool Ssl::checkX509ServerValidity(X509 *
+     return matchX509CommonNames(cert, (void *)server, check_domain);
+ }
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+ static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+ {
+     return ctx->cert;
+@@ -379,7 +379,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * c
+ }
+ 
+ // "dup" function for SSL_get_ex_new_index("cert_err_check")
+-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER))
+ static int
+ ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,
+                     int, long, void *)
+@@ -1116,7 +1116,7 @@ hasAuthorityInfoAccessCaIssuers(X509 *ce
+             if (ad->location->type == GEN_URI) {
+                 xstrncpy(uri,
+                          reinterpret_cast<const char *>(
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+                              ASN1_STRING_data(ad->location->d.uniformResourceIdentifier)
+ #else
+                              ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier)
+@@ -1291,7 +1291,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c
+     // OpenSSL already maintains ctx->untrusted but we cannot modify
+     // internal OpenSSL list directly. We have to give OpenSSL our own
+     // list, but it must include certificates on the OpenSSL ctx->untrusted
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+     STACK_OF(X509) *oldUntrusted = ctx->untrusted;
+ #else
+     STACK_OF(X509) *oldUntrusted = X509_STORE_CTX_get0_untrusted(ctx);
+@@ -1310,7 +1310,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c
+ 
+     X509_STORE_CTX_set_chain(ctx, sk); // No locking/unlocking, just sets ctx->untrusted
+     int ret = X509_verify_cert(ctx);
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+     X509_STORE_CTX_set_chain(ctx, oldUntrusted); // Set back the old untrusted list
+ #else
+     X509_STORE_CTX_set0_untrusted(ctx, oldUntrusted);
+@@ -1535,7 +1535,7 @@ remove_session_cb(SSL_CTX *, SSL_SESSION
+ }
+ 
+ static SSL_SESSION *
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
+ get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
+ #else
+ get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy)