www/h2o: switch to using the OpenSSL 1.1 code path in neverbleed and

silence a compiler warning due to a stale LIBRESSL_VERSION_NUMBER ifdef. This fixes the build with the upcoming libcrypto bump. discussed with and lightly tested with dnsdist by otto (maintainer)
2021-12-03 20:57:47 +00:00 · 2021-12-03 20:57:47 +00:00 · 780c9539dd
commit 780c9539dd
parent a9ca447700
3 changed files with 30 additions and 11 deletions
--- a/www/h2o/Makefile
+++ b/www/h2o/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 2020/12/04 11:55:00 tb Exp $
+# $OpenBSD: Makefile,v 1.11 2021/12/03 20:57:47 tb Exp $

 COMMENT =	optimized HTTP server with support for HTTP/1.x and HTTP/2

@ -11,7 +11,7 @@ CATEGORIES =	www
 GH_ACCOUNT =	h2o
 GH_PROJECT =	h2o
 GH_TAGNAME =	v2.2.6
-REVISION =	4
+REVISION =	5

 HOMEPAGE =	https://h2o.examp1e.net/
 MAINTAINER =	Otto Moerbeek <otto@drijf.net>
--- a/www/h2o/patches/patch-deps_neverbleed_neverbleed_c
+++ b/www/h2o/patches/patch-deps_neverbleed_neverbleed_c
@ -1,14 +1,17 @@
-$OpenBSD: patch-deps_neverbleed_neverbleed_c,v 1.1.1.1 2019/05/26 12:38:01 sthen Exp $
+$OpenBSD: patch-deps_neverbleed_neverbleed_c,v 1.2 2021/12/03 20:57:47 tb Exp $
+
+Fix build with opaque RSA{,_METHOD} in LibreSSL 3.5. The relevant OpenSSL API
+has been available since LibreSSL 2.9. ECDSA support is thus also available.

 Index: deps/neverbleed/neverbleed.c
 --- deps/neverbleed/neverbleed.c.orig
 +++ deps/neverbleed/neverbleed.c
-@@ -630,7 +630,7 @@ static int sign_stub(struct expbuf_t *buf)
-     return 0;
- }
+@@ -45,7 +45,7 @@
+ #endif
+ #include "neverbleed.h"
 
-#if !OPENSSL_1_1_API
-+#if !OPENSSL_1_1_API && !defined(__OpenBSD__)
- 
- static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
- {
+-#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if ((!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2090000fL) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+ #define OPENSSL_1_1_API 1
+ #else
+ #define OPENSSL_1_1_API 0
--- a/www/h2o/patches/patch-lib_common_socket_c
+++ b/www/h2o/patches/patch-lib_common_socket_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-lib_common_socket_c,v 1.3 2021/12/03 20:57:47 tb Exp $
+
+Silence compiler warning. The get_session_cb has had const since LibreSSL 2.8.
+
+Index: lib/common/socket.c
+--- lib/common/socket.c.orig
+++ lib/common/socket.c
+@@ -920,7 +920,7 @@ static void create_ossl(h2o_socket_t *sock)
+ }
+ 
+ static SSL_SESSION *on_async_resumption_get(SSL *ssl,
+-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+                                             const
+ #endif
+                                             unsigned char *data,