From 7f71d1a1556f0c27c97f12c5ac1b02601de36d94 Mon Sep 17 00:00:00 2001 From: Christopher Reid Date: Tue, 13 Apr 2021 11:57:20 -0700 Subject: [PATCH] Add patch for libressl TLS1.3 cert error fix --- ...ring-the-error-code-when-sending-an-alert.patch | 14 ++++++++++++++ ports/libressl/portfile.cmake | 2 ++ 2 files changed, 16 insertions(+) create mode 100644 ports/libressl/patches/0003-Avoid-clobbering-the-error-code-when-sending-an-alert.patch diff --git a/ports/libressl/patches/0003-Avoid-clobbering-the-error-code-when-sending-an-alert.patch b/ports/libressl/patches/0003-Avoid-clobbering-the-error-code-when-sending-an-alert.patch new file mode 100644 index 00000000..281f7bcd --- /dev/null +++ b/ports/libressl/patches/0003-Avoid-clobbering-the-error-code-when-sending-an-alert.patch @@ -0,0 +1,14 @@ +diff --git a/ssl/tls13_lib.c b/ssl/tls13_lib.c +index 9dbb7d6430..f064521c8b 100644 +--- a/ssl/tls13_lib.c ++++ b/ssl/tls13_lib.c +@@ -147,7 +147,8 @@ tls13_alert_sent_cb(uint8_t alert_desc, void *arg) + } + + /* All other alerts are treated as fatal in TLSv1.3. */ +- SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); ++ if (ctx->error.code == 0) ++ SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); + } + + static void diff --git a/ports/libressl/portfile.cmake b/ports/libressl/portfile.cmake index a5f0ae6b..3a84aabf 100644 --- a/ports/libressl/portfile.cmake +++ b/ports/libressl/portfile.cmake @@ -11,6 +11,8 @@ vcpkg_download_distfile(ARCHIVE set(PATCHES ${CMAKE_CURRENT_LIST_DIR}/patches/0001-Remove-postfix-from-archive-name.patch ${CMAKE_CURRENT_LIST_DIR}/patches/0002-Disable-additional-warnings-for-Visual-Studio.patch + # Remove after next libressl release + ${CMAKE_CURRENT_LIST_DIR}/patches/0003-Avoid-clobbering-the-error-code-when-sending-an-alert.patch ) # Extract archive