Index: net/freeradius3/Makefile =================================================================== --- net/freeradius3/Makefile +++ net/freeradius3/Makefile @@ -1,5 +1,3 @@ -# Created by: Ryan Steinmetz - PORTNAME= freeradius DISTVERSION= 3.2.1 CATEGORIES= net @@ -17,10 +15,6 @@ LICENSE= GPLv2 -BROKEN_SSL= libressl libressl-devel -BROKEN_SSL_REASON_libressl= LibreSSL is no longer supported -BROKEN_SSL_REASON_libressl-devel= ${BROKEN_SSL_REASON_libressl} - LIB_DEPENDS= libgdbm.so:databases/gdbm \ libtalloc.so:devel/talloc Index: net/freeradius3/files/patch-src__main__version.c =================================================================== --- net/freeradius3/files/patch-src__main__version.c +++ net/freeradius3/files/patch-src__main__version.c @@ -1,6 +1,6 @@ ---- src/main/version.c.orig 2014-12-17 21:49:16 UTC +--- src/main/version.c.orig 2022-10-03 21:51:59 UTC +++ src/main/version.c -@@ -61,8 +61,7 @@ int ssl_check_consistency(void) +@@ -82,8 +82,7 @@ int ssl_check_consistency(void) ERROR("libssl version mismatch. built: %lx linked: %lx", (unsigned long) ssl_built, (unsigned long) ssl_linked); Index: net/freeradius3/files/patch-src_main_cb.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_main_cb.c @@ -0,0 +1,20 @@ +--- src/main/cb.c.orig 2022-10-03 21:51:59 UTC ++++ src/main/cb.c +@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret) + /* + * After a ClientHello, list all the proposed ciphers from the client + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) { + int i; + int num_ciphers; +@@ -201,7 +201,7 @@ void cbtls_msg(int write_p, int msg_version, int conte + state->info.alert_level = 0x00; + state->info.alert_description = 0x00; + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) { + /* let tls_ack_handler set application_data */ + state->info.content_type = SSL3_RT_HANDSHAKE; Index: net/freeradius3/files/patch-src_main_threads.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_main_threads.c @@ -0,0 +1,11 @@ +--- src/main/threads.c.orig 2022-10-18 11:09:43 UTC ++++ src/main/threads.c +@@ -860,7 +860,7 @@ static void *request_handler_thread(void *arg) + */ + #if OPENSSL_VERSION_NUMBER < 0x10000000L + ERR_remove_state(0); +-#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#elif OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_thread_state(NULL); + #endif + #endif Index: net/freeradius3/files/patch-src_main_tls.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_main_tls.c @@ -0,0 +1,125 @@ +--- src/main/tls.c.orig 2022-10-03 21:51:59 UTC ++++ src/main/tls.c +@@ -688,7 +688,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls + /* + * Swap empty store with the old one. + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx); + /* Bump refcnt so the store is kept allocated till next store replacement */ + X509_STORE_up_ref(conf->old_x509_store); +@@ -2034,7 +2034,7 @@ done: + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy) + #else + static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy) +@@ -2418,7 +2418,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION * + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy) + #else + static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy) +@@ -2954,7 +2954,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + char cn_str[1024]; + char buf[64]; + X509 *client_cert; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + const STACK_OF(X509_EXTENSION) *ext_list; + #else + STACK_OF(X509_EXTENSION) *ext_list; +@@ -3182,7 +3182,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + } + + if (lookup == 0) { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ext_list = X509_get0_extensions(client_cert); + #else + X509_CINF *client_inf; +@@ -3235,7 +3235,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + value[0] = '0'; + value[1] = 'x'; + const unsigned char *srcp; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + const ASN1_STRING *srcasn1p; + srcasn1p = X509_EXTENSION_get_data(ext); + srcp = ASN1_STRING_get0_data(srcasn1p); +@@ -3559,7 +3559,7 @@ static int set_ecdh_curve(SSL_CTX *ctx, char const *ec + + if (!ecdh_curve) return 0; + +-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL ++#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER) + /* + * A colon-separated list of curves. + */ +@@ -3716,7 +3716,7 @@ void tls_global_cleanup(void) + { + #if OPENSSL_VERSION_NUMBER < 0x10000000L + ERR_remove_state(0); +-#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#elif OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_thread_state(NULL); + #endif + #ifndef OPENSSL_NO_ENGINE +@@ -4253,7 +4253,7 @@ post_ca: + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + if (conf->sigalgs_list) { + char *list; + +@@ -4273,7 +4273,7 @@ post_ca: + * send it flowers and cake. + */ + if (min_version <= TLS1_1_VERSION) { +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + int seclevel = SSL_CTX_get_security_level(ctx); + int required;; + +@@ -4490,7 +4490,6 @@ post_ca: + SSL_CTX_set_verify_depth(ctx, conf->verify_depth); + } + +-#ifndef LIBRESSL_VERSION_NUMBER + /* Load randomness */ + if (conf->random_file) { + if (!(RAND_load_file(conf->random_file, 1024*10))) { +@@ -4498,7 +4497,6 @@ post_ca: + return NULL; + } + } +-#endif + + /* + * Setup session caching +@@ -4535,14 +4533,14 @@ post_ca: + */ + SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size); + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L + SSL_CTX_set_num_tickets(ctx, 1); + #endif + + } else { + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L + /* + * This controls the number of stateful or stateless tickets + * generated with TLS 1.3. In OpenSSL 1.1.1 it's also Index: net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_eap__fast.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_eap__fast.c @@ -0,0 +1,11 @@ +--- src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c.orig 2022-10-18 11:10:14 UTC ++++ src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c +@@ -44,7 +44,7 @@ static int openssl_get_keyblock_size(REQUEST *request, + { + const EVP_CIPHER *c; + const EVP_MD *h; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int md_size; + + if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL || Index: net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_rlm__eap__fast.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_rlm__eap__fast.c @@ -0,0 +1,29 @@ +--- src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig 2022-10-03 21:51:59 UTC ++++ src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c +@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls + } + + // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb() +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static int _session_secret(SSL *s, void *secret, int *secret_len, + UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers, + UNUSED SSL_CIPHER **cipher, void *arg) +@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int * + + RDEBUG("processing PAC-Opaque"); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len); + #else + uint8_t client_random[SSL3_RANDOM_SIZE]; +@@ -591,7 +591,7 @@ static int mod_session_init(void *type_arg, eap_handle + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + { + int i; + for (i = 0; ; i++) { Index: net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c @@ -0,0 +1,11 @@ +--- src/modules/rlm_pap/rlm_pap.c.orig 2022-10-20 09:27:04 UTC ++++ src/modules/rlm_pap/rlm_pap.c +@@ -927,7 +927,7 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pb + digest_len = SHA512_DIGEST_LENGTH; + break; + +-# if OPENSSL_VERSION_NUMBER >= 0x10101000L ++# if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + case PW_SSHA3_224_PASSWORD: + evp_md = EVP_sha3_224(); + digest_len = SHA224_DIGEST_LENGTH;