diff options
author | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2018-05-09 21:38:45 +0000 |
---|---|---|
committer | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2018-05-09 21:38:45 +0000 |
commit | 20a512e51d86c03ae31d6f7b16d4e777291a5311 (patch) | |
tree | f26bae6c065bb1439c0129251e306efd53143570 /www/nghttp2 | |
parent | 9af704bb84b6c6b29d0fd6c2a84590201a017073 (diff) | |
download | ports-20a512e51d86c03ae31d6f7b16d4e777291a5311.tar.gz ports-20a512e51d86c03ae31d6f7b16d4e777291a5311.zip |
Notes
Diffstat (limited to 'www/nghttp2')
-rw-r--r-- | www/nghttp2/Makefile | 3 | ||||
-rw-r--r-- | www/nghttp2/distinfo | 6 | ||||
-rw-r--r-- | www/nghttp2/files/patch-examples-client.c | 12 | ||||
-rw-r--r-- | www/nghttp2/files/patch-examples-libevent-client.c | 22 | ||||
-rw-r--r-- | www/nghttp2/files/patch-examples-libevent-server.c | 22 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-HttpServer.cc | 22 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-asio_common.cc | 12 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-h2load.cc | 23 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-nghttp.cc | 11 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-shrpx_client_handler.cc | 12 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-shrpx_config.cc | 109 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-shrpx_connection.cc | 12 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-shrpx_http2_session.cc | 12 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-shrpx_live_check.cc | 12 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-shrpx_tls.cc | 144 | ||||
-rw-r--r-- | www/nghttp2/files/patch-src-ssl_compat.h | 32 |
16 files changed, 4 insertions, 462 deletions
diff --git a/www/nghttp2/Makefile b/www/nghttp2/Makefile index 3aba40dc7bae..a41cb40fbb3f 100644 --- a/www/nghttp2/Makefile +++ b/www/nghttp2/Makefile @@ -2,9 +2,8 @@ # $FreeBSD$ PORTNAME= nghttp2 -PORTVERSION= 1.31.1 +PORTVERSION= 1.32.0 DISTVERSIONPREFIX= v -PORTREVISION= 1 CATEGORIES= www net MAINTAINER= sunpoet@FreeBSD.org diff --git a/www/nghttp2/distinfo b/www/nghttp2/distinfo index 5ce1e69e4824..621e21759be3 100644 --- a/www/nghttp2/distinfo +++ b/www/nghttp2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1523619680 -SHA256 (nghttp2-nghttp2-v1.31.1_GH0.tar.gz) = 7790fa5c0a0d27860d55a60fe13877e391a8fd8220085c760c5d842bb5f6cc08 -SIZE (nghttp2-nghttp2-v1.31.1_GH0.tar.gz) = 1744550 +TIMESTAMP = 1525894974 +SHA256 (nghttp2-nghttp2-v1.32.0_GH0.tar.gz) = c5e8ee1f5cd4951f81226ba21c5a08b22568a608810385a04f58191e4a5c4737 +SIZE (nghttp2-nghttp2-v1.32.0_GH0.tar.gz) = 1745249 diff --git a/www/nghttp2/files/patch-examples-client.c b/www/nghttp2/files/patch-examples-client.c deleted file mode 100644 index cd2ad332509a..000000000000 --- a/www/nghttp2/files/patch-examples-client.c +++ /dev/null @@ -1,12 +0,0 @@ ---- examples/client.c.orig 2018-02-02 12:19:16 UTC -+++ examples/client.c -@@ -375,7 +375,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ct - SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); - SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); - /* Set NPN callback */ -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); -+#endif - } - - static void ssl_handshake(SSL *ssl, int fd) { diff --git a/www/nghttp2/files/patch-examples-libevent-client.c b/www/nghttp2/files/patch-examples-libevent-client.c deleted file mode 100644 index 0e3a366b8a5f..000000000000 --- a/www/nghttp2/files/patch-examples-libevent-client.c +++ /dev/null @@ -1,22 +0,0 @@ ---- examples/libevent-client.c.orig 2018-02-02 12:19:16 UTC -+++ examples/libevent-client.c -@@ -335,7 +335,9 @@ static SSL_CTX *create_ssl_ctx(void) { - SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | - SSL_OP_NO_COMPRESSION | - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); -+#endif - - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); -@@ -504,7 +506,9 @@ static void eventcb(struct bufferevent * - - ssl = bufferevent_openssl_get_ssl(session_data->bev); - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (alpn == NULL) { - SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/www/nghttp2/files/patch-examples-libevent-server.c b/www/nghttp2/files/patch-examples-libevent-server.c deleted file mode 100644 index 1dc96a090e83..000000000000 --- a/www/nghttp2/files/patch-examples-libevent-server.c +++ /dev/null @@ -1,22 +0,0 @@ ---- examples/libevent-server.c.orig 2018-02-02 12:19:16 UTC -+++ examples/libevent-server.c -@@ -172,7 +172,9 @@ static SSL_CTX *create_ssl_ctx(const cha - NGHTTP2_PROTO_VERSION_ID_LEN); - next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL); -+#endif - - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL); -@@ -690,7 +692,9 @@ static void eventcb(struct bufferevent * - - ssl = bufferevent_openssl_get_ssl(session_data->bev); - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (alpn == NULL) { - SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); diff --git a/www/nghttp2/files/patch-src-HttpServer.cc b/www/nghttp2/files/patch-src-HttpServer.cc deleted file mode 100644 index 8264c55d2b5e..000000000000 --- a/www/nghttp2/files/patch-src-HttpServer.cc +++ /dev/null @@ -1,22 +0,0 @@ ---- src/HttpServer.cc.orig 2018-02-17 11:15:19 UTC -+++ src/HttpServer.cc -@@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() { - const unsigned char *next_proto = nullptr; - unsigned int next_proto_len; - // Check the negotiated protocol in NPN or ALPN -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len); -+#endif - for (int i = 0; i < 2; ++i) { - if (next_proto) { - auto proto = StringRef{next_proto, next_proto_len}; -@@ -2205,7 +2207,9 @@ int HttpServer::run() { - - next_proto = util::get_default_alpn(); - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - // ALPN selection callback - SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this); diff --git a/www/nghttp2/files/patch-src-asio_common.cc b/www/nghttp2/files/patch-src-asio_common.cc deleted file mode 100644 index 37bf67135a56..000000000000 --- a/www/nghttp2/files/patch-src-asio_common.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- src/asio_common.cc.orig 2018-02-02 12:19:16 UTC -+++ src/asio_common.cc -@@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socke - const unsigned char *next_proto = nullptr; - unsigned int next_proto_len = 0; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (next_proto == nullptr) { - SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); diff --git a/www/nghttp2/files/patch-src-h2load.cc b/www/nghttp2/files/patch-src-h2load.cc deleted file mode 100644 index 7bb8525fa85d..000000000000 --- a/www/nghttp2/files/patch-src-h2load.cc +++ /dev/null @@ -1,23 +0,0 @@ ---- src/h2load.cc.orig 2018-02-02 12:19:16 UTC -+++ src/h2load.cc -@@ -857,7 +857,9 @@ int Client::connection_made() { - const unsigned char *next_proto = nullptr; - unsigned int next_proto_len; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (next_proto == nullptr) { - SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len); -@@ -2399,8 +2401,10 @@ int main(int argc, char **argv) { - exit(EXIT_FAILURE); - } - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb, - nullptr); -+#endif - - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - std::vector<unsigned char> proto_list; diff --git a/www/nghttp2/files/patch-src-nghttp.cc b/www/nghttp2/files/patch-src-nghttp.cc deleted file mode 100644 index 993ed64b2c8e..000000000000 --- a/www/nghttp2/files/patch-src-nghttp.cc +++ /dev/null @@ -1,11 +0,0 @@ ---- src/nghttp.cc.orig 2018-03-25 12:28:55 UTC -+++ src/nghttp.cc -@@ -680,7 +680,7 @@ int HttpClient::initiate_connection() { - const auto &host_string = - config.host_override.empty() ? host : config.host_override; - --#if (!defined(LIBRESSL_VERSION_NUMBER) && \ -+#if (!(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) && \ - OPENSSL_VERSION_NUMBER >= 0x10002000L) || \ - defined(OPENSSL_IS_BORINGSSL) - auto param = SSL_get0_param(ssl); diff --git a/www/nghttp2/files/patch-src-shrpx_client_handler.cc b/www/nghttp2/files/patch-src-shrpx_client_handler.cc deleted file mode 100644 index 86733df58ca6..000000000000 --- a/www/nghttp2/files/patch-src-shrpx_client_handler.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- src/shrpx_client_handler.cc.orig 2018-02-02 12:19:16 UTC -+++ src/shrpx_client_handler.cc -@@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto() - // First set callback for catch all cases - on_read_ = &ClientHandler::upstream_read; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (next_proto == nullptr) { - SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/www/nghttp2/files/patch-src-shrpx_config.cc b/www/nghttp2/files/patch-src-shrpx_config.cc deleted file mode 100644 index bdedb7a5929c..000000000000 --- a/www/nghttp2/files/patch-src-shrpx_config.cc +++ /dev/null @@ -1,109 +0,0 @@ ---- src/shrpx_config.cc.orig 2018-02-27 12:18:50 UTC -+++ src/shrpx_config.cc -@@ -1222,7 +1222,7 @@ int parse_subcert_params(SubcertParams & - auto param = StringRef{first, end}; - - if (util::istarts_with_l(param, "sct-dir=")) { --#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - auto sct_dir = - StringRef{std::begin(param) + str_size("sct-dir="), std::end(param)}; - if (sct_dir.empty()) { -@@ -1230,9 +1230,9 @@ int parse_subcert_params(SubcertParams & - return -1; - } - out.sct_dir = sct_dir; --#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) -+#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) - LOG(WARN) << "subcert: sct-dir requires OpenSSL >= 1.0.2"; --#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) -+#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) - } else if (!param.empty()) { - LOG(ERROR) << "subcert: " << param << ": unknown keyword"; - return -1; -@@ -1364,7 +1364,7 @@ int read_tls_sct_from_dir(std::vector<ui - } - } // namespace - --#if !LIBRESSL_IN_USE -+#if !LIBRESSL_1_0_API - namespace { - // Reads PSK secrets from path, and parses each line. The result is - // directly stored into config->tls.psk_secrets. This function -@@ -1428,9 +1428,9 @@ int parse_psk_secrets(Config *config, co - return 0; - } - } // namespace --#endif // !LIBRESSL_IN_USE -+#endif // !LIBRESSL_1_0_API - --#if !LIBRESSL_IN_USE -+#if !LIBRESSL_1_0_API - namespace { - // Reads PSK secrets from path, and parses each line. The result is - // directly stored into config->tls.client.psk. This function returns -@@ -1490,7 +1490,7 @@ int parse_client_psk_secrets(Config *con - return 0; - } - } // namespace --#endif // !LIBRESSL_IN_USE -+#endif // !LIBRESSL_1_0_API - - // generated by gennghttpxfun.py - int option_lookup_token(const char *name, size_t namelen) { -@@ -3454,19 +3454,19 @@ int parse_config(Config *config, int opt - return parse_uint_with_unit( - &config->http2.downstream.decoder_dynamic_table_size, opt, optarg); - case SHRPX_OPTID_ECDH_CURVES: --#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - config->tls.ecdh_curves = make_string_ref(config->balloc, optarg); --#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) -+#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) - LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2"; --#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) -+#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) - return 0; - case SHRPX_OPTID_TLS_SCT_DIR: --#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - return read_tls_sct_from_dir(config->tls.sct_data, opt, optarg); --#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) -+#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) - LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2"; - return 0; --#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) -+#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L) - case SHRPX_OPTID_DNS_CACHE_TIMEOUT: - return parse_duration(&config->dns.timeout.cache, opt, optarg); - case SHRPX_OPTID_DNS_LOOKUP_TIMEOUT: -@@ -3489,23 +3489,23 @@ int parse_config(Config *config, int opt - return parse_duration(&config->conn.upstream.timeout.idle_read, opt, - optarg); - case SHRPX_OPTID_PSK_SECRETS: --#if !LIBRESSL_IN_USE -+#if !LIBRESSL_1_0_API - return parse_psk_secrets(config, optarg); --#else // LIBRESSL_IN_USE -+#else // LIBRESSL_1_0_API - LOG(WARN) - << opt - << ": ignored because underlying TLS library does not support PSK"; - return 0; --#endif // LIBRESSL_IN_USE -+#endif // LIBRESSL_1_0_API - case SHRPX_OPTID_CLIENT_PSK_SECRETS: --#if !LIBRESSL_IN_USE -+#if !LIBRESSL_1_0_API - return parse_client_psk_secrets(config, optarg); --#else // LIBRESSL_IN_USE -+#else // LIBRESSL_1_0_API - LOG(WARN) - << opt - << ": ignored because underlying TLS library does not support PSK"; - return 0; --#endif // LIBRESSL_IN_USE -+#endif // LIBRESSL_1_0_API - case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST: - config->tls.client.no_http2_cipher_black_list = - util::strieq_l("yes", optarg); diff --git a/www/nghttp2/files/patch-src-shrpx_connection.cc b/www/nghttp2/files/patch-src-shrpx_connection.cc deleted file mode 100644 index 5db3836b3280..000000000000 --- a/www/nghttp2/files/patch-src-shrpx_connection.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- src/shrpx_connection.cc.orig 2018-02-02 12:19:16 UTC -+++ src/shrpx_connection.cc -@@ -523,7 +523,9 @@ int Connection::check_http2_requirement( - const unsigned char *next_proto = nullptr; - unsigned int next_proto_len; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (next_proto == nullptr) { - SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len); diff --git a/www/nghttp2/files/patch-src-shrpx_http2_session.cc b/www/nghttp2/files/patch-src-shrpx_http2_session.cc deleted file mode 100644 index 6cc79073aca1..000000000000 --- a/www/nghttp2/files/patch-src-shrpx_http2_session.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- src/shrpx_http2_session.cc.orig 2018-02-02 12:19:16 UTC -+++ src/shrpx_http2_session.cc -@@ -1649,7 +1649,9 @@ int Http2Session::connection_made() { - const unsigned char *next_proto = nullptr; - unsigned int next_proto_len = 0; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (!next_proto) { - SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/www/nghttp2/files/patch-src-shrpx_live_check.cc b/www/nghttp2/files/patch-src-shrpx_live_check.cc deleted file mode 100644 index 7bc00698cc16..000000000000 --- a/www/nghttp2/files/patch-src-shrpx_live_check.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- src/shrpx_live_check.cc.orig 2018-02-02 12:19:16 UTC -+++ src/shrpx_live_check.cc -@@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() { - const unsigned char *next_proto = nullptr; - unsigned int next_proto_len = 0; - -+#ifndef OPENSSL_NO_NEXTPROTONEG - SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len); -+#endif - #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (next_proto == nullptr) { - SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len); diff --git a/www/nghttp2/files/patch-src-shrpx_tls.cc b/www/nghttp2/files/patch-src-shrpx_tls.cc deleted file mode 100644 index 5f1fcaf4c902..000000000000 --- a/www/nghttp2/files/patch-src-shrpx_tls.cc +++ /dev/null @@ -1,144 +0,0 @@ ---- src/shrpx_tls.cc.orig 2018-03-25 12:28:55 UTC -+++ src/shrpx_tls.cc -@@ -360,7 +360,7 @@ int tls_session_new_cb(SSL *ssl, SSL_SES - - namespace { - SSL_SESSION *tls_session_get_cb(SSL *ssl, --#if OPENSSL_1_1_API -+#if OPENSSL_1_1_API && !LIBRESSL_1_1_API - const unsigned char *id, - #else // !OPENSSL_1_1_API - unsigned char *id, -@@ -563,7 +563,7 @@ int alpn_select_proto_cb(SSL *ssl, const - } // namespace - #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L - --#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - - #ifndef TLSEXT_TYPE_signed_certificate_timestamp - #define TLSEXT_TYPE_signed_certificate_timestamp 18 -@@ -653,9 +653,9 @@ int legacy_sct_parse_cb(SSL *ssl, unsign - } // namespace - - #endif // !OPENSSL_1_1_1_API --#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - --#if !LIBRESSL_IN_USE -+#ifndef OPENSSL_NO_PSK - namespace { - unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, - unsigned int max_psk_len) { -@@ -679,9 +679,9 @@ unsigned int psk_server_cb(SSL *ssl, con - return static_cast<unsigned int>(secret.size()); - } - } // namespace --#endif // !LIBRESSL_IN_USE -+#endif // !OPENSSL_NO_PSK - --#if !LIBRESSL_IN_USE -+#ifndef OPENSSL_NO_PSK - namespace { - unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out, - unsigned int max_identity_len, unsigned char *psk, -@@ -714,7 +714,7 @@ unsigned int psk_client_cb(SSL *ssl, con - return static_cast<unsigned int>(secret.size()); - } - } // namespace --#endif // !LIBRESSL_IN_USE -+#endif // !OPENSSL_NO_PSK - - struct TLSProtocol { - StringRef name; -@@ -792,7 +792,7 @@ SSL_CTX *create_ssl_context(const char * - } - - #ifndef OPENSSL_NO_EC --#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - if (SSL_CTX_set1_curves_list(ssl_ctx, tlsconf.ecdh_curves.c_str()) != 1) { - LOG(FATAL) << "SSL_CTX_set1_curves_list " << tlsconf.ecdh_curves - << " failed"; -@@ -803,7 +803,7 @@ SSL_CTX *create_ssl_context(const char * - // function was deprecated in OpenSSL 1.1.0 and BoringSSL. - SSL_CTX_set_ecdh_auto(ssl_ctx, 1); - #endif // !defined(OPENSSL_IS_BORINGSSL) && !OPENSSL_1_1_API --#else // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L -+#else // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L - // Use P-256, which is sufficiently secure at the time of this - // writing. - auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); -@@ -814,7 +814,7 @@ SSL_CTX *create_ssl_context(const char * - } - SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); - EC_KEY_free(ecdh); --#endif // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L -+#endif // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L - #endif // OPENSSL_NO_EC - - if (!tlsconf.dh_param_file.empty()) { -@@ -931,7 +931,7 @@ SSL_CTX *create_ssl_context(const char * - SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); - #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L - --#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !LIBRESSL_1_0_API && !LIBRESSL_1_1_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - // SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp) - // returns 1, which means OpenSSL internally handles it. But - // OpenSSL handles signed_certificate_timestamp extension specially, -@@ -962,11 +962,11 @@ SSL_CTX *create_ssl_context(const char * - } - #endif // !OPENSSL_1_1_1_API - } --#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L - --#if !LIBRESSL_IN_USE -+#ifndef OPENSSL_NO_PSK - SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb); --#endif // !LIBRESSL_IN_USE -+#endif // !OPENSSL_NO_PSK - - auto tls_ctx_data = new TLSContextData(); - tls_ctx_data->cert_file = cert_file; -@@ -1114,9 +1114,9 @@ SSL_CTX *create_ssl_client_context( - #endif // HAVE_NEVERBLEED - } - --#if !LIBRESSL_IN_USE -+#ifndef OPENSSL_NO_PSK - SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb); --#endif // !LIBRESSL_IN_USE -+#endif // !OPENSSL_NO_PSK - - // NPN selection callback. This is required to set SSL_CTX because - // OpenSSL does not offer SSL_set_next_proto_select_cb. -@@ -1553,15 +1553,15 @@ int cert_lookup_tree_add_ssl_ctx( - SSL_CTX *ssl_ctx) { - std::array<uint8_t, NI_MAXHOST> buf; - --#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if !defined(LIBRESSL_1_0_API) && OPENSSL_VERSION_NUMBER >= 0x10002000L - auto cert = SSL_CTX_get0_certificate(ssl_ctx); --#else // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < -+#else // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER < - // 0x10002000L - auto tls_ctx_data = - static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx)); - auto cert = load_certificate(tls_ctx_data->cert_file); - auto cert_deleter = defer(X509_free, cert); --#endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < -+#endif // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER < - // 0x10002000L - - auto altnames = static_cast<GENERAL_NAMES *>( -@@ -1977,7 +1977,7 @@ StringRef get_x509_issuer_name(BlockAllo - #endif /* !WORDS_BIGENDIAN */ - - StringRef get_x509_serial(BlockAllocator &balloc, X509 *x) { --#if OPENSSL_1_1_API -+#if OPENSSL_1_1_API && !LIBRESSL_1_1_API - auto sn = X509_get0_serialNumber(x); - uint64_t r; - if (ASN1_INTEGER_get_uint64(&r, sn) != 1) { diff --git a/www/nghttp2/files/patch-src-ssl_compat.h b/www/nghttp2/files/patch-src-ssl_compat.h deleted file mode 100644 index 5b5877629252..000000000000 --- a/www/nghttp2/files/patch-src-ssl_compat.h +++ /dev/null @@ -1,32 +0,0 @@ ---- src/ssl_compat.h.orig 2018-02-27 12:18:50 UTC -+++ src/ssl_compat.h -@@ -26,16 +26,22 @@ - - #include <openssl/opensslv.h> - --#if defined(LIBRESSL_VERSION_NUMBER) --#define LIBRESSL_IN_USE 1 --#else // !defined(LIBRESSL_VERSION_NUMBER) --#define LIBRESSL_IN_USE 0 --#endif // !defined(LIBRESSL_VERSION_NUMBER) -+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L -+#define LIBRESSL_1_0_API 1 -+#define LIBRESSL_1_1_API 0 -+#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L -+#define LIBRESSL_1_0_API 0 -+#define LIBRESSL_1_1_API 1 -+#else // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L -+#define LIBRESSL_1_0_API 0 -+#define LIBRESSL_1_1_API 0 -+#endif // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L - - #define OPENSSL_1_1_API \ -- (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x1010000fL) -+ (!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x1010000fL) - - #define OPENSSL_1_1_1_API \ -- (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10101000L) -+ (!LIBRESSL_1_0_API && !LIBRESSL_1_1_API && \ -+ OPENSSL_VERSION_NUMBER >= 0x10101000L) - - #endif // OPENSSL_COMPAT_H |