Commit 1113236d authored by danfe's avatar danfe
Browse files

Resolve contradiction between BROKEN_SSL=openssl and advice to add

DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf as a workaround.

Squid 3.5 requires pre-1.1 versions of OpenSSL, and that can be only
satisfied by the base system on 11.x versions of FreeBSD; doing the
DEFAULT_VERSIONS+=ssl=openssl would not work.  Unfortunately, making
proper conversion from CRYPTO_LOCK_SSL_* to new multi-threading API
does not look feasible.  Fortunately, LibreSSL could be used as a
drop-in replacement.

That said, change the advice to use DEFAULT_VERSIONS+=ssl=libressl
instead, and add a couple of minor patches to unbreak the build.
parent 167a96f2
......@@ -283,7 +283,7 @@ WITH_DEBUG?= yes
CONFIGURE_ARGS+= ${SQUID_CONFIGURE_ARGS}
.if ${PORT_OPTIONS:MSSL} && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200085 && ${SSL_DEFAULT} == base
BROKEN= Does not build on FreeBSD 12 with OpenSSL 1.1. You may add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf as a workaround
BROKEN= does not build with OpenSSL 1.1; you may add DEFAULT_VERSIONS+=ssl=libressl to /etc/make.conf as a workaround
.endif
post-patch:
......
--- src/enums.h.orig 2018-07-15 20:46:55 UTC
+++ src/enums.h
@@ -9,6 +9,8 @@
#ifndef SQUID_ENUMS_H
#define SQUID_ENUMS_H
+#undef FD_NONE
+
enum fd_type {
FD_NONE,
FD_LOG,
--- src/ssl/gadgets.cc.orig 2018-07-15 20:46:55 UTC
+++ src/ssl/gadgets.cc
@@ -321,7 +321,7 @@ mimicExtensions(Ssl::X509_Pointer & cert, Ssl::X509_Po
&ext_der,
(const ASN1_ITEM *)ASN1_ITEM_ptr(method->it));
- ASN1_OCTET_STRING *ext_oct = M_ASN1_OCTET_STRING_new();
+ ASN1_OCTET_STRING *ext_oct = ASN1_OCTET_STRING_new();
ext_oct->data = ext_der;
ext_oct->length = ext_len;
X509_EXTENSION_set_data(ext, ext_oct);
--- src/ssl/support.cc.orig 2018-07-15 20:46:55 UTC
+++ src/ssl/support.cc
@@ -2159,7 +2159,7 @@ remove_session_cb(SSL_CTX *, SSL_SESSION *sessionID)
}
static SSL_SESSION *
-get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
+get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy)
{
if (!SslSessionCache)
return NULL;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment