Stop trying to support ephemeral RSA.

Ephemeral RSA was only used with really ancient export ciphersuites, which LibreSSL has not supported for a very long time - all of the remaining API are no-ops. It is actually quite horrific that some software still goes out of its way to try to enable support for ephemeral RSA... ok sthen@
2018-02-14 15:43:30 +00:00 · 2018-02-14 15:43:30 +00:00 · 588984a482
commit 588984a482
parent 27a0280380
4 changed files with 4 additions and 43 deletions
--- a/mail/postfix/stable/Makefile
+++ b/mail/postfix/stable/Makefile
@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.198 2018/01/11 19:27:03 rpe Exp $
+# $OpenBSD: Makefile,v 1.199 2018/02/14 15:43:30 jsing Exp $

 VERSION=	3.2.4
-REVISION=	0
+REVISION=	1

 MASTER_SITES=	${MASTER_SITE_POSTFIX:=official/}

--- a/mail/postfix/stable/patches/patch-src_tls_tls_client_c
+++ b/mail/postfix/stable/patches/patch-src_tls_tls_client_c
@ -1,4 +1,4 @@
-$OpenBSD: patch-src_tls_tls_client_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
+$OpenBSD: patch-src_tls_tls_client_c,v 1.3 2018/02/14 15:43:30 jsing Exp $
 --- src/tls/tls_client.c.orig	Sun Jan  1 17:22:13 2017
 +++ src/tls/tls_client.c	Mon Feb 20 12:42:58 2017
@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_
@ -10,12 +10,3 @@ $OpenBSD: patch-src_tls_tls_client_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
 
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
-@@ -433,7 +433,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_
-     /*
-      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
-     /*
-      * According to the OpenSSL documentation, temporary RSA key is needed
--- a/mail/postfix/stable/patches/patch-src_tls_tls_rsa_c
+++ b/mail/postfix/stable/patches/patch-src_tls_tls_rsa_c
@ -1,21 +0,0 @@
-$OpenBSD: patch-src_tls_tls_rsa_c,v 1.1 2016/09/03 15:39:58 sthen Exp $
--- src/tls/tls_rsa.c.orig	Thu Sep  1 21:57:15 2016
-+++ src/tls/tls_rsa.c	Thu Sep  1 21:58:11 2016
-@@ -57,7 +57,7 @@
-  /*
-   * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-   */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
- /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
- 
-@@ -109,7 +109,7 @@ int     main(int unused_argc, char *const argv[])
-     /*
-      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-     RSA    *rsa;
- 
-     msg_vstream_init(argv[0], VSTREAM_ERR);
--- a/mail/postfix/stable/patches/patch-src_tls_tls_server_c
+++ b/mail/postfix/stable/patches/patch-src_tls_tls_server_c
@ -1,4 +1,4 @@
-$OpenBSD: patch-src_tls_tls_server_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
+$OpenBSD: patch-src_tls_tls_server_c,v 1.3 2018/02/14 15:43:30 jsing Exp $
 --- src/tls/tls_server.c.orig	Sun Jan  1 17:22:13 2017
 +++ src/tls/tls_server.c	Mon Feb 20 12:42:58 2017
@@ -174,7 +174,7 @@ static const char server_session_id_context[] = "Postf
@ -19,12 +19,3 @@ $OpenBSD: patch-src_tls_tls_server_c,v 1.2 2017/03/04 22:09:43 sthen Exp $
 
     /*
      * Initialize the OpenSSL library by the book! To start with, we must
-@@ -580,7 +580,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_
-     /*
-      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
-      */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
-     /*
-      * According to OpenSSL documentation, a temporary RSA key is needed when