media-libs/opusfile/files/opusfile-0.11-libressl.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

From 27ab318babb96e10a9f007b7c7936fd42425f488 Mon Sep 17 00:00:00 2001
From: Stefan Strogin <stefan.strogin@gmail.com>
Date: Thu, 27 Sep 2018 04:53:29 +0300
Subject: [PATCH] http: fix compilation with LibreSSL

LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but its API is
compatible with OpenSSL 1.0.1.
Therefore redefine OPENSSL_VERSION_NUMBER to 0x1000115fL (1.0.1u) if
LibreSSL is used.

Fixes: #2327

http: use new API with LibreSSL >=2.7.0

LibreSSL is not yet fully API compatible with OpenSSL 1.0.2 and later,
However many APIs from OpenSSL 1.0.2 and 1.1 are already implemented in
LibreSSL 2.7.0 and later. Old approach works in newer LibreSSL version
as well, but it's not nice to force deprecated functions on LibreSSL
users.

Add additional conditionals for new LibreSSL versions to use the
available new APIs.
---
 src/http.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/http.c b/src/http.c
index 8ba9b28..a47648f 100644
--- a/src/http.c
+++ b/src/http.c
@@ -358,6 +358,11 @@ typedef int op_sock;
 # include <sys/timeb.h>
 # include <openssl/x509v3.h>
 
+# if (defined(LIBRESSL_VERSION_NUMBER)&&OPENSSL_VERSION_NUMBER==0x20000000L)
+#  undef OPENSSL_VERSION_NUMBER
+#  define OPENSSL_VERSION_NUMBER 0x1000115fL
+# endif
+
 /*The maximum number of simultaneous connections.
   RFC 2616 says this SHOULD NOT be more than 2, but everyone on the modern web
    ignores that (e.g., IE 8 bumped theirs up from 2 to 6, Firefox uses 15).
@@ -1530,7 +1535,7 @@ static long op_bio_retry_ctrl(BIO *_b,int _cmd,long _num,void *_ptr){
   return ret;
 }
 
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 #  define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))
 #  define BIO_set_init(_b,_init) ((_b)->init=(_init))
 #  define ASN1_STRING_get0_data ASN1_STRING_data
@@ -1538,7 +1543,7 @@ static long op_bio_retry_ctrl(BIO *_b,int _cmd,long _num,void *_ptr){
 
 static int op_bio_retry_new(BIO *_b){
   BIO_set_init(_b,1);
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
   _b->num=0;
 # endif
   BIO_set_data(_b,NULL);
@@ -1549,7 +1554,7 @@ static int op_bio_retry_free(BIO *_b){
   return _b!=NULL;
 }
 
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 /*This is not const because OpenSSL doesn't allow it, even though it won't
    write to it.*/
 static BIO_METHOD op_bio_retry_method={
@@ -1570,7 +1575,7 @@ static BIO_METHOD op_bio_retry_method={
    proxying https URL requests.*/
 static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
  OpusHTTPConn *_conn,op_sock _fd,SSL *_ssl_conn,BIO *_ssl_bio){
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
+# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   BIO_METHOD *bio_retry_method;
 # endif
   BIO  *retry_bio;
@@ -1583,7 +1588,7 @@ static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
   ret=op_http_conn_write_fully(_conn,
    _stream->proxy_connect.buf,_stream->proxy_connect.nbuf);
   if(OP_UNLIKELY(ret<0))return ret;
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
+# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");
   if(bio_retry_method==NULL)return OP_EFAULT;
   BIO_meth_set_write(bio_retry_method,op_bio_retry_write);
@@ -1606,7 +1611,7 @@ static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
   /*This shouldn't succeed, since we can't read yet.*/
   OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);
   SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
+# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   BIO_meth_free(bio_retry_method);
 # endif
   /*Only now do we disable write coalescing, to allow the CONNECT
@@ -1635,7 +1640,7 @@ static struct addrinfo *op_inet_pton(const char *_host){
   return NULL;
 }
 
-# if OPENSSL_VERSION_NUMBER<0x10002000L
+# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 /*Match a host name against a host with a possible wildcard pattern according
    to the rules of RFC 6125 Section 6.4.3.
   Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/
@@ -1893,7 +1898,7 @@ static int op_http_conn_start_tls(OpusHTTPStream *_stream,OpusHTTPConn *_conn,
   SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host);
 # endif
   skip_certificate_check=_stream->skip_certificate_check;
-# if OPENSSL_VERSION_NUMBER>=0x10002000L
+# if (OPENSSL_VERSION_NUMBER>=0x10002000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   /*As of version 1.0.2, OpenSSL can finally do hostname checks automatically.
     Of course, they make it much more complicated than it needs to be.*/
   if(!skip_certificate_check){
@@ -1956,13 +1961,13 @@ static int op_http_conn_start_tls(OpusHTTPStream *_stream,OpusHTTPConn *_conn,
   if(OP_UNLIKELY(ret<=0))return OP_FALSE;
   ssl_session=_stream->ssl_session;
   if(ssl_session==NULL
-# if OPENSSL_VERSION_NUMBER<0x10002000L
+# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
    ||!skip_certificate_check
 # endif
    ){
     ret=op_do_ssl_step(_ssl_conn,_fd,SSL_do_handshake);
     if(OP_UNLIKELY(ret<=0))return OP_FALSE;
-# if OPENSSL_VERSION_NUMBER<0x10002000L
+# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
     /*OpenSSL before version 1.0.2 does not do automatic hostname verification,
        despite the fact that we just passed it the hostname above in the call
        to SSL_set_tlsext_host_name().
@@ -2314,7 +2319,7 @@ static int op_http_stream_open(OpusHTTPStream *_stream,const char *_url,
     /*Initialize the SSL library if necessary.*/
     if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){
       SSL_CTX *ssl_ctx;
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 #  if !defined(OPENSSL_NO_LOCKING)
       /*The documentation says SSL_library_init() is not reentrant.
         We don't want to add our own depenencies on a threading library, and it
-- 
2.19.1