Stop reaching into libssl internals in order to send TLS alerts.

We're also unlikely to use this server-side code path (as noted by sthen@). ok sthen@ tb@
2018-10-24 17:10:22 +00:00 · 2018-10-24 17:10:22 +00:00 · 42014c814c
commit 42014c814c
parent 6ac36c352a
2 changed files with 19 additions and 2 deletions
--- a/x11/freerdp/Makefile
+++ b/x11/freerdp/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.33 2018/08/14 08:36:49 kn Exp $
+# $OpenBSD: Makefile,v 1.34 2018/10/24 17:10:22 jsing Exp $

 # Also:  __sync_fetch_and_add_4 __sync_add_and_fetch_4 __sync_sub_and_fetch_4
 BROKEN-hppa =		undefined reference to __sync_val_compare_and_swap_4
@ -6,7 +6,7 @@ BROKEN-hppa =		undefined reference to __sync_val_compare_and_swap_4
 COMMENT =		open source client for Windows Terminal Server
 DISTNAME =		freerdp-2.0.0-rc1
 PKGNAME =		freerdp-2.0.0rc1
-REVISION =		0
+REVISION =		1
 CATEGORIES =		x11 net

 SHARED_LIBS +=  freerdp-client2           0.0 # 2.0
--- a/x11/freerdp/patches/patch-libfreerdp_crypto_tls_c
+++ b/x11/freerdp/patches/patch-libfreerdp_crypto_tls_c
@ -0,0 +1,17 @@
+$OpenBSD: patch-libfreerdp_crypto_tls_c,v 1.3 2018/10/24 17:10:22 jsing Exp $
+
+Stop reaching into libssl internals to send TLS alerts.
+
+Index: libfreerdp/crypto/tls.c
+--- libfreerdp/crypto/tls.c.orig
+++ libfreerdp/crypto/tls.c
+@@ -1020,7 +1020,8 @@ BOOL tls_send_alert(rdpTls* tls)
+ 	 * FIXME: The following code does not work on OpenSSL > 1.1.0 because the
+ 	 *        SSL struct is opaqe now
+ 	 */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2080000fL)
+ 
+ 	if (tls->alertDescription != TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY)
+ 	{