Index: www/libnghttp2/Makefile =================================================================== --- www/libnghttp2/Makefile +++ www/libnghttp2/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= nghttp2 -PORTVERSION= 1.18.1 +PORTVERSION= 1.19.0 DISTVERSIONPREFIX= v CATEGORIES= www net PKGNAMEPREFIX= lib Index: www/libnghttp2/distinfo =================================================================== --- www/libnghttp2/distinfo +++ www/libnghttp2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1483726100 -SHA256 (nghttp2-nghttp2-v1.18.1_GH0.tar.gz) = fde384b123a92979dbad1ae16045128984dfa6024e2b6962e70cdfdf40a15efa -SIZE (nghttp2-nghttp2-v1.18.1_GH0.tar.gz) = 1700207 +TIMESTAMP = 1485361627 +SHA256 (nghttp2-nghttp2-v1.19.0_GH0.tar.gz) = 8c5abd6a437e84e9131b575acab2faec7f83e57eff516ee043baad704311ba6d +SIZE (nghttp2-nghttp2-v1.19.0_GH0.tar.gz) = 1707121 Index: www/libnghttp2/pkg-plist =================================================================== --- www/libnghttp2/pkg-plist +++ www/libnghttp2/pkg-plist @@ -3,5 +3,5 @@ lib/libnghttp2.a lib/libnghttp2.so lib/libnghttp2.so.14 -lib/libnghttp2.so.14.12.3 +lib/libnghttp2.so.14.12.4 libdata/pkgconfig/libnghttp2.pc Index: www/nghttp2/Makefile =================================================================== --- www/nghttp2/Makefile +++ www/nghttp2/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= nghttp2 -PORTVERSION= 1.18.1 +PORTVERSION= 1.19.0 DISTVERSIONPREFIX= v CATEGORIES= www net Index: www/nghttp2/distinfo =================================================================== --- www/nghttp2/distinfo +++ www/nghttp2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1483726108 -SHA256 (nghttp2-nghttp2-v1.18.1_GH0.tar.gz) = fde384b123a92979dbad1ae16045128984dfa6024e2b6962e70cdfdf40a15efa -SIZE (nghttp2-nghttp2-v1.18.1_GH0.tar.gz) = 1700207 +TIMESTAMP = 1485361542 +SHA256 (nghttp2-nghttp2-v1.19.0_GH0.tar.gz) = 8c5abd6a437e84e9131b575acab2faec7f83e57eff516ee043baad704311ba6d +SIZE (nghttp2-nghttp2-v1.19.0_GH0.tar.gz) = 1707121 Index: www/nghttp2/files/patch-LibreSSL-PSK =================================================================== --- /dev/null +++ www/nghttp2/files/patch-LibreSSL-PSK @@ -0,0 +1,167 @@ +See https://github.com/nghttp2/nghttp2/pull/789 + +nghttpx: Don't build PSK features with LibreSSL #789 + +LibreSSL removed PSK in 2.0.0 + +--- src/shrpx.cc.orig 2017-01-25 11:30:16 UTC ++++ src/shrpx.cc +@@ -2119,6 +2119,7 @@ SSL/TLS: + argument , or certificate option in configuration + file. For additional certificates, use --subcert + option. This option requires OpenSSL >= 1.0.2. ++#if !LIBRESSL_IN_USE + --psk-secrets= + Read list of PSK identity and secrets from . This + is used for frontend connection. The each line of input +@@ -2146,6 +2147,7 @@ SSL/TLS: + HTTP/2. To use those cipher suites with HTTP/2, + consider to use --client-no-http2-cipher-black-list + option. But be aware its implications. ++#endif // !LIBRESSL_IN_USE + + HTTP/2 and SPDY: + -c, --frontend-http2-max-concurrent-streams= +@@ -3125,8 +3127,10 @@ int main(int argc, char **argv) { + {SHRPX_OPT_DNS_MAX_TRY.c_str(), required_argument, &flag, 145}, + {SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT.c_str(), required_argument, + &flag, 146}, ++#if !LIBRESSL_IN_USE + {SHRPX_OPT_PSK_SECRETS.c_str(), required_argument, &flag, 147}, + {SHRPX_OPT_CLIENT_PSK_SECRETS.c_str(), required_argument, &flag, 148}, ++#endif + {SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST.c_str(), no_argument, + &flag, 149}, + {SHRPX_OPT_CLIENT_CIPHERS.c_str(), required_argument, &flag, 150}, +@@ -3821,6 +3825,7 @@ int main(int argc, char **argv) { + cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT, + StringRef{optarg}); + break; ++#if !LIBRESSL_IN_USE + case 147: + // --psk-secrets + cmdcfgs.emplace_back(SHRPX_OPT_PSK_SECRETS, StringRef{optarg}); +@@ -3829,6 +3834,7 @@ int main(int argc, char **argv) { + // --client-psk-secrets + cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PSK_SECRETS, StringRef{optarg}); + break; ++#endif // !LIBRESSL_IN_USE + case 149: + // --client-no-http2-cipher-black-list + cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST, +--- src/shrpx_config.cc.orig 2017-01-25 11:30:16 UTC ++++ src/shrpx_config.cc +@@ -1199,6 +1199,7 @@ int read_tls_sct_from_dir(std::vectortls.psk_secrets. This function +@@ -1262,7 +1263,9 @@ int parse_psk_secrets(Config *config, co + return 0; + } + } // namespace ++#endif // !LIBRESSL_IN_USE + ++#if !LIBRESSL_IN_USE + namespace { + // Reads PSK secrets from path, and parses each line. The result is + // directly stored into config->tls.client.psk. This function returns +@@ -1322,6 +1325,7 @@ int parse_client_psk_secrets(Config *con + return 0; + } + } // namespace ++#endif // !LIBRESSL_IN_USE + + // generated by gennghttpxfun.py + int option_lookup_token(const char *name, size_t namelen) { +@@ -1490,10 +1494,12 @@ int option_lookup_token(const char *name + if (util::strieq_l("ecdh-curve", name, 10)) { + return SHRPX_OPTID_ECDH_CURVES; + } ++#if !LIBRESSL_IN_USE + if (util::strieq_l("psk-secret", name, 10)) { + return SHRPX_OPTID_PSK_SECRETS; + } + break; ++#endif + case 't': + if (util::strieq_l("write-burs", name, 10)) { + return SHRPX_OPTID_WRITE_BURST; +@@ -1683,11 +1689,13 @@ int option_lookup_token(const char *name + return SHRPX_OPTID_ADD_REQUEST_HEADER; + } + break; ++#if !LIBRESSL_IN_USE + case 's': + if (util::strieq_l("client-psk-secret", name, 17)) { + return SHRPX_OPTID_CLIENT_PSK_SECRETS; + } + break; ++#endif // !LIBRESSL_IN_USE + case 't': + if (util::strieq_l("dns-lookup-timeou", name, 17)) { + return SHRPX_OPTID_DNS_LOOKUP_TIMEOUT; +@@ -3283,10 +3291,12 @@ int parse_config(Config *config, int opt + case SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT: + return parse_duration(&config->conn.upstream.timeout.idle_read, opt, + optarg); ++#if !LIBRESSL_IN_USE + case SHRPX_OPTID_PSK_SECRETS: + return parse_psk_secrets(config, optarg); + case SHRPX_OPTID_CLIENT_PSK_SECRETS: + return parse_client_psk_secrets(config, optarg); ++#endif // !LIBRESSL_IN_USE + case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST: + config->tls.client.no_http2_cipher_black_list = + util::strieq_l("yes", optarg); +--- src/shrpx_ssl.cc.orig 2017-01-25 11:30:16 UTC ++++ src/shrpx_ssl.cc +@@ -525,6 +525,7 @@ int sct_parse_cb(SSL *ssl, unsigned int + } // namespace + #endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L + ++#if !LIBRESSL_IN_USE + namespace { + unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, + unsigned int max_psk_len) { +@@ -548,7 +549,9 @@ unsigned int psk_server_cb(SSL *ssl, con + return static_cast(secret.size()); + } + } // namespace ++#endif // !LIBRESSL_IN_USE + ++#if !LIBRESSL_IN_USE + namespace { + unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out, + unsigned int max_identity_len, unsigned char *psk, +@@ -581,6 +584,7 @@ unsigned int psk_client_cb(SSL *ssl, con + return (unsigned int)secret.size(); + } + } // namespace ++#endif // !LIBRESSL_IN_USE + + struct TLSProtocol { + StringRef name; +@@ -784,7 +788,9 @@ SSL_CTX *create_ssl_context(const char * + } + #endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L + ++#if !LIBRESSL_IN_USE + SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb); ++#endif // !LIBRESSL_IN_USE + + auto tls_ctx_data = new TLSContextData(); + tls_ctx_data->cert_file = cert_file; +@@ -919,7 +925,9 @@ SSL_CTX *create_ssl_client_context( + #endif // HAVE_NEVERBLEED + } + ++#if !LIBRESSL_IN_USE + SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb); ++#endif // !LIBRESSL_IN_USE + + // NPN selection callback. This is required to set SSL_CTX because + // OpenSSL does not offer SSL_set_next_proto_select_cb.