From d2545249739ae3fd9f99f400004058872e0bee94 Mon Sep 17 00:00:00 2001
From: Mikhail Teterin <mi@FreeBSD.org>
Date: Sun, 19 Nov 2023 23:10:55 -0500
Subject: [PATCH] devel/tcltls: fixes to the newly-added generation of
 DH-parameters

Specifically:
	- move the entire code to the post-configure target -- so
	  that our own header will be newer than the Makefile
	  generated by configure. Otherwise the authors' Makefile
	  will (attempt to) regenerate the dh_param.h again.
	- use openssl's asnparse functionality to more reliably
	  parse the generated prime -- and turn it into C.

PR:	275160
---
 devel/tcltls/Makefile | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/devel/tcltls/Makefile b/devel/tcltls/Makefile
index d370430fad53b..e2965fb6995f9 100644
--- a/devel/tcltls/Makefile
+++ b/devel/tcltls/Makefile
@@ -38,15 +38,17 @@ CFLAGS+=       -Wno-error=int-conversion
 
 post-patch:
 	${MV} ${WRKSRC}/tests/ciphers.test ${WRKSRC}/tests/ciphers.test.broken
-	${CP} ${FILESDIR}/dh_params.h ${WRKSRC}/
 
 # Newer openssl-dhparam has no "-C" option, we emulate it here :-/
 post-configure:
+	${CP} ${FILESDIR}/dh_params.h ${WRKSRC}/
 	${OPENSSLBASE}/bin/openssl dhparam -text 2048 | \
-	    ${SED} -E -e '/^---/,/^---/d' \
-		-e '/(DH|prime|generator)/d' \
-		-e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' \
-		-e w${WRKSRC}/generateddh.txt
+	    ${OPENSSLBASE}/bin/openssl asn1parse | \
+	    ${SED} -E \
+		-e '/^ .*(0|5):d=/d' \
+		-e 's/    4:d=1.*INTEGER *://' \
+		-e 's/([0-9A-H]{2})/0x\1, /g' \
+		-e 'w${WRKSRC}/generateddh.txt'
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}