ports/net/freeradius/patches/patch-src_main_tls_c

Index: src/main/tls.c
--- src/main/tls.c.orig
+++ src/main/tls.c
@@ -699,7 +699,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls
 				/*
 				 * Swap empty store with the old one.
 				 */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 				conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
 				/* Bump refcnt so the store is kept allocated till next store replacement */
 				X509_STORE_up_ref(conf->old_x509_store);
@@ -2050,7 +2050,7 @@ done:
 	return 0;
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
 #else
 static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
@@ -2434,7 +2434,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *
 	return 0;
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy)
 #else
 static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy)
@@ -2970,7 +2970,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	char		cn_str[1024];
 	char		buf[64];
 	X509		*client_cert;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 	const STACK_OF(X509_EXTENSION) *ext_list;
 #else
 	STACK_OF(X509_EXTENSION) *ext_list;
@@ -3205,7 +3205,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	}
 
 	if (lookup == 0) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		ext_list = X509_get0_extensions(client_cert);
 #else
 		X509_CINF	*client_inf;
@@ -3258,7 +3258,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 				value[0] = '0';
 				value[1] = 'x';
 				const unsigned char *srcp;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 				const ASN1_STRING *srcasn1p;
 				srcasn1p = X509_EXTENSION_get_data(ext);
 				srcp = ASN1_STRING_get0_data(srcasn1p);
@@ -4319,7 +4319,7 @@ post_ca:
 		}
 	}
 
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) /* SSL_CTX_set1_sigalgs_list */
 	if (conf->sigalgs_list) {
 		char *list;
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`Index: src/main/tls.c`
			`--- src/main/tls.c.orig`
			`+++ src/main/tls.c`
			`@@ -699,7 +699,7 @@ tls_session_t tls_new_session(TALLOC_CTX ctx, fr_tls`
			`/*`
			`* Swap empty store with the old one.`
			`*/`
			`-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10100000L`
			`conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);`
			`/* Bump refcnt so the store is kept allocated till next store replacement */`
			`X509_STORE_up_ref(conf->old_x509_store);`
			`@@ -2050,7 +2050,7 @@ done:`
			`return 0;`
			`}`

			`-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#if OPENSSL_VERSION_NUMBER < 0x10100000L`
			`static SSL_SESSION cbtls_get_session(SSL ssl, unsigned char data, int len, int copy)`
			`#else`
			`static SSL_SESSION cbtls_get_session(SSL ssl, const unsigned char data, int len, int copy)`
			`@@ -2434,7 +2434,7 @@ static int cbtls_cache_refresh(SSL ssl, SSL_SESSION `
			`return 0;`
			`}`

			`-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#if OPENSSL_VERSION_NUMBER < 0x10100000L`
			`static SSL_SESSION cbtls_cache_load(SSL ssl, unsigned char data, int len, int copy)`
			`#else`
			`static SSL_SESSION cbtls_cache_load(SSL ssl, const unsigned char data, int len, int copy)`
			`@@ -2970,7 +2970,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)`
			`char cn_str[1024];`
			`char buf[64];`
			`X509 *client_cert;`
			`-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10100000L`
			`const STACK_OF(X509_EXTENSION) *ext_list;`
			`#else`
			`STACK_OF(X509_EXTENSION) *ext_list;`
			`@@ -3205,7 +3205,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)`
			`}`

			`if (lookup == 0) {`
			`-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10100000L`
			`ext_list = X509_get0_extensions(client_cert);`
			`#else`
			`X509_CINF *client_inf;`
			`@@ -3258,7 +3258,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)`
			`value[0] = '0';`
			`value[1] = 'x';`
			`const unsigned char *srcp;`
			`-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10100000L`
			`const ASN1_STRING *srcasn1p;`
			`srcasn1p = X509_EXTENSION_get_data(ext);`
			`srcp = ASN1_STRING_get0_data(srcasn1p);`
			`@@ -4319,7 +4319,7 @@ post_ca:`
			`}`
			`}`

			`-#if OPENSSL_VERSION_NUMBER >= 0x10101000L`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) /* SSL_CTX_set1_sigalgs_list */`
			`if (conf->sigalgs_list) {`
			`char *list;`