Page MenuHomeFreeBSD

devel/qca: Replace OpenSSL 1.1.0 with upstream ones
ClosedPublic

Authored by rakuco on Feb 25 2019, 2:21 PM.

Details

Summary

The patches from bug 228902 and added in r481850 are not entirely compatible with older OpenSSL versions, to the point that the qca-ossl plugin refuses to load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates).

Fix it by replacing our patches with backports from upstream the same way OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE):

  • Revert an upstream commit made only to the 2.1 branch disabling a few ciphers in the unit tests.
  • Backport a change to the master branch that never made it to the 2.1 branch disabling the ciphers mentioned above as well as a few other ones, so that we can backport the actual change adding support for OpenSSL 1.1.0 more clealy.
  • Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts resolved due to the lack of a commit adding suport for AES GCM and AES CCM in the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories, since they had to resolve the same conflict as well.
Test Plan

The port built on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well as 13-CURRENT on amd64. In all architectures, I hacked devel/qca's Makefile to enable unit tests again, and all tests are passing except for some PGP ones that are unrelated. With the patches we have in the tree, a lot of unit tests failed on 11.2 due to the qca-ossl plugin failing to load. I have no idea about LibreSSL though.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

rakuco created this revision.Feb 25 2019, 2:21 PM
rakuco updated this revision to Diff 54352.Feb 25 2019, 2:23 PM

Update my email address in the first patch.

Quick update on LibreSSL: apparently it's already broken

This revision is now accepted and ready to land.Feb 27 2019, 5:34 PM
This revision was automatically updated to reflect the committed changes.