net-misc/openconnect: Reintroduce libressl USE.

[lluixhi]

Patch from voidlinux.

The libressl USE flag works on openconnect-7.06 without modification, but openconnect-7.06_p20160614 requires a patch, as does openconnect-7.07.

@floppym Is this okay? You removed the USE flag before because of a bug report.

[floppym]

Have you actually tested this? Both build time and run time?

As the ebuild is currently written, I would expect configure to error out due to missing DTLS support in libressl.

[floppym]

Actually, LibreSSL was blacklisted in configure.ac post-7.07. My mistake.

[lluixhi]

Yeah I tested this at runtime and it worked on my end.
re: blacklisting

The developer blacklisted it in this commit post 7.07:
http://git.infradead.org/users/dwmw2/openconnect.git/commit/62d6fc112c71ba15963b78b733835f70ec1c70fc

Reason being DTLSv2 is the default connection encryption scheme, which is not included in LibreSSL. That said, normal TLS does work in 7.07, and as far as I can tell, he doesn't drop TLS support in favor of just DTLS support

EDIT: Ah. In order to force LibreSSL or "broken" openssl in new versions, we need to use the configure flag --without-openssl-version-check.

The developer also included the patch I added upstream, so it seems he wants to discourage anyone from using that backend, but not break it.

EDIT 2: confirmed, with --without-openssl-version-check, LibreSSL still works at runtime (minus DTLS)

[lluixhi]

And about fixing DTLSv2 support in LibreSSL:
It might happen, but only if someone wants to rebase the patchset
libressl/openbsd#17

And one of the reasons they didn't merge it is because the DTLSv2 used by openconnect is Cisco specific, and doesn't follow the spec.

[floppym]

Ok. Could you please make the necessary adjustments to the openconnect-9999 ebuild?

[lluixhi]

Done.

Should I patch 7.06_p20160614 or just leave it as is?

[floppym]

You don't need to touch anything older than 7.07-r2, which is currently being stabilized.

https://bugs.gentoo.org/show_bug.cgi?id=591138

[floppym]

This patch is missing a descriptive header.

Please use the upstream commits as the basis for the patch(es). You can generate them using git format-patch, or by using the upstream gitweb patch function.

For example:
http://git.infradead.org/users/dwmw2/openconnect.git/patch/9c36560d3ed0aaf5d40c94fb18873584afe96cb8

[lluixhi]

That patch doesn't apply cleanly to the 7.07 release.. What should I do?

[floppym]

In that case, you could manually add a description to your own patch, or we can just wait until the next openconnect release.

[floppym]

Please regen the patch(es) with a proper patch header.