Index: head/www/tomcat-native/Makefile =================================================================== --- head/www/tomcat-native/Makefile (revision 436978) +++ head/www/tomcat-native/Makefile (revision 436979) @@ -1,47 +1,43 @@ # Created by: Alex Dupre # $FreeBSD$ PORTNAME= tomcat-native PORTVERSION= 1.2.10 PORTREVISION= 1 CATEGORIES= www java MASTER_SITES= APACHE/tomcat/tomcat-connectors/native/${PORTVERSION}/source DISTNAME= ${PORTNAME}-${PORTVERSION}-src MAINTAINER= ale@FreeBSD.org COMMENT= Tomcat native library LICENSE= APACHE20 LIB_DEPENDS= libapr-1.so:devel/apr1 WRKSRC= ${WRKDIR}/${DISTNAME}/native USES= libtool ssl USE_JAVA= yes USE_LDCONFIG= yes JAVA_VERSION= 1.6+ GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-apr=${LOCALBASE} \ --with-java-home=${JAVA_HOME} \ --with-ssl=${OPENSSLBASE} PLIST_FILES= lib/libtcnative-1.a \ lib/libtcnative-1.so \ lib/libtcnative-1.so.0 \ lib/libtcnative-1.so.0.2.10 post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libtcnative-1.so.0.2.10 .include .if ${SSL_DEFAULT} == base IGNORE_FreeBSD_10= Requires OpenSSL 1.0.2 (set DEFAULT_VERSIONS+=ssl=openssl) .endif -.if ${SSL_DEFAULT:Mlibressl*} -IGNORE= Detected LibreSSL (missing numerous symbols during linking) -.endif - .include Index: head/www/tomcat-native/files/patch-include_ssl__private.h =================================================================== --- head/www/tomcat-native/files/patch-include_ssl__private.h (nonexistent) +++ head/www/tomcat-native/files/patch-include_ssl__private.h (revision 436979) @@ -0,0 +1,32 @@ +--- include/ssl_private.h.orig 2016-04-19 10:08:10 UTC ++++ include/ssl_private.h +@@ -49,6 +49,9 @@ + /* Avoid tripping over an engine build installed globally and detected + * when the user points at an explicit non-engine flavor of OpenSSL + */ ++#ifdef LIBRESSL_VERSION_NUMBER ++#define OPENSSL_NO_ENGINE ++#endif + #ifndef OPENSSL_NO_ENGINE + #include + #endif +@@ -204,7 +207,7 @@ + #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ + + /* OpenSSL 1.0.2 compatibility */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100001L || defined(LIBRESSL_VERSION_NUMBER) + #define OpenSSL_version SSLeay_version + #define OpenSSL_version_num SSLeay + #define OPENSSL_VERSION SSLEAY_VERSION +@@ -231,6 +234,10 @@ + #define TLS_server_method SSLv23_server_method + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + ++#ifdef LIBRESSL_VERSION_NUMBER ++#define SSL_CTX_add0_chain_cert SSL_CTX_add_extra_chain_cert ++#endif ++ + #define MAX_ALPN_NPN_PROTO_SIZE 65535 + #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1 + Property changes on: head/www/tomcat-native/files/patch-include_ssl__private.h ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/tomcat-native/files/patch-src_sslcontext.c =================================================================== --- head/www/tomcat-native/files/patch-src_sslcontext.c (nonexistent) +++ head/www/tomcat-native/files/patch-src_sslcontext.c (revision 436979) @@ -0,0 +1,83 @@ +--- src/sslcontext.c.orig 2016-04-18 09:49:28 UTC ++++ src/sslcontext.c +@@ -139,7 +139,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + tcn_ssl_ctxt_t *c = NULL; + SSL_CTX *ctx = NULL; + jclass clazz; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + jint prot; + #endif + +@@ -224,7 +224,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + SSL_CTX_set_options(c->ctx, SSL_OP_ALL); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* always disable SSLv2, as per RFC 6176 */ + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + if (!(protocol & SSL_PROTOCOL_SSLV3)) +@@ -240,7 +240,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2); + #endif + +-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ ++#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ + /* We first determine the maximum protocol version we should provide */ + if (protocol & SSL_PROTOCOL_TLSV1_2) { + prot = TLS1_2_VERSION; +@@ -269,7 +269,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma + prot = SSL3_VERSION; + } + SSL_CTX_set_min_proto_version(ctx, prot); +-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */ ++#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */ + + /* + * Configure additional context ingredients +@@ -1577,7 +1577,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set + } + + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * Adapted from OpenSSL: +@@ -1677,7 +1677,7 @@ static const char* SSL_CIPHER_authentica + if (cipher == NULL) { + return "UNKNOWN"; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + kx = cipher->algorithm_mkey; + auth = cipher->algorithm_auth; + #else +@@ -1689,7 +1689,7 @@ static const char* SSL_CIPHER_authentica + { + case TCN_SSL_kRSA: + return SSL_TXT_RSA; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + case TCN_SSL_kDHr: + return SSL_TXT_DH "_" SSL_TXT_RSA; + case TCN_SSL_kDHd: +@@ -1707,7 +1707,7 @@ static const char* SSL_CIPHER_authentica + default: + return "UNKNOWN"; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + case TCN_SSL_kKRB5: + return SSL_TXT_KRB5; + case TCN_SSL_kECDHr: +@@ -1733,7 +1733,7 @@ static const char* SSL_CIPHER_authentica + } + + static const char* SSL_authentication_method(const SSL* ssl) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); + #else + /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */ Property changes on: head/www/tomcat-native/files/patch-src_sslcontext.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/tomcat-native/files/patch-src_sslinfo.c =================================================================== --- head/www/tomcat-native/files/patch-src_sslinfo.c (nonexistent) +++ head/www/tomcat-native/files/patch-src_sslinfo.c (revision 436979) @@ -0,0 +1,16 @@ +--- src/sslinfo.c.orig 2016-03-23 18:06:39 UTC ++++ src/sslinfo.c +@@ -25,6 +25,13 @@ + #ifdef HAVE_OPENSSL + #include "ssl_private.h" + ++#ifdef LIBRESSL_VERSION_NUMBER ++int X509_get_signature_nid(const X509 *x) ++{ ++ return OBJ_obj2nid(x->sig_alg->algorithm); ++} ++#endif ++ + static const char *hex_basis = "0123456789ABCDEF"; + + static char *convert_to_hex(const void *buf, size_t len) Property changes on: head/www/tomcat-native/files/patch-src_sslinfo.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/tomcat-native/files/patch-src_sslutils.c =================================================================== --- head/www/tomcat-native/files/patch-src_sslutils.c (nonexistent) +++ head/www/tomcat-native/files/patch-src_sslutils.c (revision 436979) @@ -0,0 +1,11 @@ +--- src/sslutils.c.orig 2016-04-19 09:15:43 UTC ++++ src/sslutils.c +@@ -504,7 +504,7 @@ static int ssl_verify_OCSP(int ok, X509_ + * may yield NULL. Return early, but leave the ctx error as is. */ + return OCSP_STATUS_UNKNOWN; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) { + #else + /* No need to check cert->valid, because ssl_verify_OCSP() only Property changes on: head/www/tomcat-native/files/patch-src_sslutils.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property