Fix PolarSSL-based builds.

The upstream backported a change from the master branch that fixes the PolarSSL-based builds to go with the PolarSSL 1.3.X built-in defaults. Add a patch picked from the upstream's release/2.3 branch. Remove the BROKEN= line and conditional. No PORTREVISION bump because the patch only affects an option that was formerly marked BROKEN. (TRYBROKEN users need to force a rebuild and reinstallation manually.)
svn path=/head/; revision=415116
2016-05-13 16:07:26 +00:00 · 2016-05-13 16:07:26 +00:00 · df18d093b2 · 2021-03-31 03:12:20 +00:00
commit df18d093b2
parent ec0cd005ec
2 changed files with 38 additions and 7 deletions
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@ -119,10 +119,4 @@ post-install-EXAMPLES-on:
 	(cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
 	${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*

-.include <bsd.port.pre.mk>
-
-.if ${PORT_OPTIONS:MPOLARSSL}
-BROKEN=OpenVPN 2.3.11 with PolarSSL crashes on start unless TLS ciphers specified explicitly
-.endif
-
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
--- a/security/openvpn/files/patch-629baad8
+++ b/security/openvpn/files/patch-629baad8
@ -0,0 +1,37 @@
+commit 629baad8f89af261445a2ace03694601f8e476f9
+Author: Steffan Karger <steffan@karger.me>
+Date:   Fri May 13 08:54:52 2016 +0200
+
+    Fix polarssl / mbedtls builds
+    
+    Commit 8a399cd3 hardened the OpenSSL default cipher list,
+    but also introduced a change in shared code that causes
+    polarssl / mbedtls builds to break when no --tls-cipher is
+    specified.
+    
+    This fix is backported code from the master branch.
+    
+    Signed-off-by: Steffan Karger <steffan@karger.me>
+    Acked-by: Gert Doering <gert@greenie.muc.de>
+    Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
+    URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
+    Signed-off-by: Gert Doering <gert@greenie.muc.de>
+
+diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
+index 1f58369..9263698 100644
+--- ./src/openvpn/ssl_polarssl.c
+++ ./src/openvpn/ssl_polarssl.c
+@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
+ {
+   char *tmp_ciphers, *tmp_ciphers_orig, *token;
+   int i, cipher_count;
+-  int ciphers_len = strlen (ciphers);
+  int ciphers_len;
+
+  if (NULL == ciphers)
+    return; /* Nothing to do */
+
+  ciphers_len = strlen (ciphers);
+ 
+   ASSERT (NULL != ctx);
+   ASSERT (0 != ciphers_len);