Page MenuHomeFreeBSD

Fix build of qt5-network with libressl (non -devel)
ClosedPublic

Authored by rezny on Mar 7 2017, 1:30 AM.

Details

Summary

The last revision of the SSL patches were tested with openssl and libressl-devel (2.5.1), but not with libressl (2.4.5) as that was assumed ok; the patches prior that revision were ok. However, the update of Qt from 5.6 to 5.7 occurred at the same time and a change in 5.7 causes a build failure with libressl (non -devel). SSL_CTRL_GET_SERVER_TMP_KEY is not defined in LibreSSL < 2.5, so better to guard it's use by checking it is defined rather than checking the reported version. Also, the previous patch for curve control is greatly simplified. I had been led astray previously by the recommendation in the BoringSSL porting guide; set1_curves was implemented first in OpenSSL, but is not the only option, set1_groups was also added to OpenSSL and is now the recommended function to use according to the OpenSSL 1.1 manpages. So, there is no need to worry about which version, just call SSL_CTX_set1_groups with either SSL library.

Test Plan

Poudriere 11 amd64 with openssl, libressl, libressl-devel OK (test with openssl-devel fails on python27 dependency)

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 7936
Build 8073: arc lint + arc unit

Event Timeline

rezny updated this revision to Diff 26049.Mar 7 2017, 1:30 AM
rezny retitled this revision from to Fix build of qt5-network with libressl (non -devel).
rezny updated this object.
rezny edited the test plan for this revision. (Show Details)
rezny added reviewers: kde, swills, feld.
swills accepted this revision.Mar 7 2017, 2:05 AM
swills edited edge metadata.

Approved

This revision is now accepted and ready to land.Mar 7 2017, 2:05 AM
This revision was automatically updated to reflect the committed changes.