devel/tcltls: adapt to OpenSSL-3.0, upgrade, fix tests.

PR: 275160
freebsd · Nov 20, 2023 · 2ed62c7 · 2ed62c7
1 parent d2a64b7
commit 2ed62c7
Show file tree

Hide file tree

Showing 7 changed files with 123 additions and 31 deletions.
diff --git a/devel/tcltls/Makefile b/devel/tcltls/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	tcltls
-PORTVERSION=	1.7.18
+PORTVERSION=	1.7.22
 CATEGORIES=	devel security tcl
 MASTER_SITES=	http://core.tcl.tk/tcltls/uv/ \
 		http://tcltls.rkeene.org/uv/
@@ -38,6 +38,15 @@ CFLAGS+=       -Wno-error=int-conversion
 
 post-patch:
 	${MV} ${WRKSRC}/tests/ciphers.test ${WRKSRC}/tests/ciphers.test.broken
+	${CP} ${FILESDIR}/dh_params.h ${WRKSRC}/
+
+# Newer openssl-dhparam has no "-C" option, we emulate it here :-/
+post-configure:
+	${OPENSSLBASE}/bin/openssl dhparam -text 2048 | \
+	    ${SED} -E -e '/^---/,/^---/d' \
+		-e '/(DH|prime|generator)/d' \
+		-e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' \
+		-e w${WRKSRC}/generateddh.txt
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}

diff --git a/devel/tcltls/distinfo b/devel/tcltls/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1556815670
-SHA256 (tcltls-1.7.18.tar.gz) = 6b21e7a4343bf8ae87358f933e98c61ea9c22162b916f35c9433e053a8f19b49
-SIZE (tcltls-1.7.18.tar.gz) = 163473
+TIMESTAMP = 1700353727
+SHA256 (tcltls-1.7.22.tar.gz) = e84e2b7a275ec82c4aaa9d1b1f9786dbe4358c815e917539ffe7f667ff4bc3b4
+SIZE (tcltls-1.7.22.tar.gz) = 165206
diff --git a/devel/tcltls/files/dh_params.h b/devel/tcltls/files/dh_params.h
@@ -0,0 +1,28 @@
+/*
+ * OpenSSL no longer offers the "-C" option for its dhparam
+ * subcommand, so we keep our own C-code here...
+ */
+
+static DH * get_dhParams(void) {
+	static unsigned char dhp_2048[] = {
+#include "generateddh.txt"
+	};
+	static unsigned char dhg_2048[] = {
+		0x02
+	};
+	DH	       *dh = DH_new();
+	BIGNUM	       *p, *g;
+
+	if (dh == NULL)
+		return NULL;
+	p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL);
+	g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL);
+	if (p == NULL || g == NULL
+	    || !DH_set0_pqg(dh, p, NULL, g)) {
+		DH_free(dh);
+		BN_free(p);
+		BN_free(g);
+		return NULL;
+	}
+	return dh;
+}
diff --git a/devel/tcltls/files/patch-gen_dh_params b/devel/tcltls/files/patch-gen_dh_params
diff --git a/devel/tcltls/files/patch-ssl_ignore_unexpected_eof b/devel/tcltls/files/patch-ssl_ignore_unexpected_eof
@@ -0,0 +1,14 @@
+See bug-report:
+
+	https://core.tcl-lang.org/tcltls/tktview/88c0c84969
+
+--- tls.c	2020-10-12 16:39:22.000000000 -0400
++++ tls.c	2023-11-19 21:44:39.676318000 -0500
+@@ -1215,4 +1214,7 @@
+     SSL_CTX_set_options( ctx, SSL_OP_ALL);	/* all SSL bug workarounds */
+     SSL_CTX_set_options( ctx, off);	/* all SSL bug workarounds */
++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
++    SSL_CTX_set_options( ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
++#endif
+     SSL_CTX_sess_set_cache_size( ctx, 128);
+
diff --git a/devel/tcltls/files/patch-tests b/devel/tcltls/files/patch-tests
@@ -0,0 +1,38 @@
+See bug-reports:
+
+	https://core.tcl-lang.org/tcltls/tktview/bb7085cfdc
+	https://core.tcl-lang.org/tcltls/tktview/c6b35cf0e3
+	https://core.tcl-lang.org/tcltls/tktview/64cdb76212
+
+--- tests/tlsIO.test	2020-10-12 16:39:22.000000000 -0400
++++ tests/tlsIO.test	2023-11-19 21:03:22.658062000 -0500
+@@ -1106,4 +1106,5 @@
+     # need update to complete TLS handshake in-process
+     update
++    fconfigure $s1 -blocking 1
+     set z [gets $s1]
+     close $s
+@@ -2027,5 +2028,5 @@
+ } {{} 0 {} 0 {}}
+
+-test tls-bug58-1.0 {test protocol negotiation failure} {socket} {
++test tls-bug58-1.0 {test protocol negotiation failure} -constraints {socket} -body {
+     # Following code is based on what was reported in bug #58. Prior
+     # to fix the program would crash with a segfault.
+@@ -2062,5 +2063,5 @@
+     }
+     set ::done
+-} {handshake failed: wrong version number}
++} -result {handshake failed: *} -match glob
+
+ # cleanup
+--- tests/all.tcl	2020-10-12 16:39:22.000000000 -0400
++++ tests/all.tcl	2023-11-19 21:19:34.128221000 -0500
+@@ -55,5 +55,5 @@
+ # cleanup
+ puts stdout "\nTests ended at [eval $timeCmd]"
++set failCount [llength $::tcltest::failFiles]
+ ::tcltest::cleanupTests 1
+-return
+-
++exit [expr $failCount > 0]
diff --git a/devel/tcltls/files/patch-warnings b/devel/tcltls/files/patch-warnings
@@ -0,0 +1,30 @@
+See bug-report:
+
+	https://core.tcl-lang.org/tcltls/tktview/539d25f105
+
+--- tls.c	2020-10-12 16:39:22.000000000 -0400
++++ tls.c	2023-11-19 21:30:03.357601000 -0500
+@@ -62,5 +62,5 @@
+ 			Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]);
+
+-static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key,
++static SSL_CTX *CTX_Init(State *statePtr, int proto, char *key,
+ 			char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1,
+ 			int key_asn1_len, int cert_asn1_len, char *CAdir, char *CAfile,
+@@ -897,5 +897,5 @@
+ 	ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
+     } else {
+-	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key,
++	if ((ctx = CTX_Init(statePtr, proto, keyfile, certfile, key,
+     cert, key_len, cert_len, CAdir, CAfile, ciphers,
+     DHparams)) == (SSL_CTX*)0) {
+@@ -1067,8 +1067,7 @@
+
+ static SSL_CTX *
+-CTX_Init(statePtr, isServer, proto, keyfile, certfile, key, cert,
++CTX_Init(statePtr, proto, keyfile, certfile, key, cert,
+          key_len, cert_len, CAdir, CAfile, ciphers, DHparams)
+     State *statePtr;
+-    int isServer;
+     int proto;
+     char *keyfile;