Re: update security/p5-Net_SSLeay with LibreSSL patch

Sat, 07 Jan 2017 08:30:43 -0800 

On Thu, Jan 05, 2017 at 11:10:37PM +0100, Alexander Bluhm wrote:
> On Wed, Jan 04, 2017 at 05:53:30PM +0100, Alexander Bluhm wrote:
> > Net-SSLeay 1.79 provides a function RSA_get_key_parameters() that
> > only works with OpenSSL < 1.1.  As it works also with our LibreSSL,
> > I have added a #ifdef for that.
> >
> > Now Net::SSLeay checks for #ifndef OPENSSL_NO_COMP.  So the sub
> > Net::SSLeay::COMP_add_compression_method() does not exists anymore.
> > I think this is intensional as LibreSSL says "no compression is
> > also a feature of libressl".
> 
> Net::SSLeay has been updated to 1.80 to resolve the issue with
> IO::Socket::SSL.  Patch for LibreSSL remains the same.
> 
> ok?

The reverse dependency tests seem unaffected by the update.
(p5-Event-RPC tests still hang, which made testing take a while)

IO-Socket-SSL has a test that fails for me.

t/verify_fingerprint.t ............
Dubious, test returned 6 (wstat 1536, 0x600)
Failed 6/13 subtests


as does p5-Net_SSLEay 

t/local/07_sslecho.t ...................                          
Dubious, test returned 4 (wstat 1024, 0x400)                              
Failed 12/78 subtests                                                           


However, that's apparently just me as the existing versions also fail.

OK afresh1@




> Index: security/p5-Net_SSLeay/Makefile
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/ports/security/p5-Net_SSLeay/Makefile,v
> retrieving revision 1.63
> diff -u -p -r1.63 Makefile
> --- security/p5-Net_SSLeay/Makefile   16 Aug 2016 16:34:07 -0000      1.63
> +++ security/p5-Net_SSLeay/Makefile   5 Jan 2017 20:58:43 -0000
> @@ -2,7 +2,7 @@
>  
>  COMMENT =            perl module for using OpenSSL
>  
> -DISTNAME =           Net-SSLeay-1.78
> +DISTNAME =           Net-SSLeay-1.80
>  
>  CATEGORIES =         security
>  
> Index: security/p5-Net_SSLeay/distinfo
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/ports/security/p5-Net_SSLeay/distinfo,v
> retrieving revision 1.40
> diff -u -p -r1.40 distinfo
> --- security/p5-Net_SSLeay/distinfo   16 Aug 2016 16:34:07 -0000      1.40
> +++ security/p5-Net_SSLeay/distinfo   5 Jan 2017 20:58:49 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (Net-SSLeay-1.78.tar.gz) = 
> 5/VkJ2AviXRGATuEuf9RuOirT84LvQhsTijBmKlC7VM=
> -SIZE (Net-SSLeay-1.78.tar.gz) = 394554
> +SHA256 (Net-SSLeay-1.80.tar.gz) = 
> pUGmbVn8X5u3rwnToLaDBeTEO6lIixKRVyj9KC6gG5M=
> +SIZE (Net-SSLeay-1.80.tar.gz) = 395820
> Index: security/p5-Net_SSLeay/patches/patch-SSLeay_xs
> ===================================================================
> RCS file: security/p5-Net_SSLeay/patches/patch-SSLeay_xs
> diff -N security/p5-Net_SSLeay/patches/patch-SSLeay_xs
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ security/p5-Net_SSLeay/patches/patch-SSLeay_xs    5 Jan 2017 21:01:35 
> -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- SSLeay.xs.orig   Wed Jan  4 22:39:08 2017
> ++++ SSLeay.xs        Thu Jan  5 22:01:15 2017
> +@@ -4989,7 +4989,7 @@ RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data
> + 
> + #endif
> + 
> +-#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> + 
> + void
> + RSA_get_key_parameters(rsa)
> Index: security/p5-Net_SSLeay/patches/patch-t_local_33_x509_create_cert_t
> ===================================================================
> RCS file: security/p5-Net_SSLeay/patches/patch-t_local_33_x509_create_cert_t
> diff -N security/p5-Net_SSLeay/patches/patch-t_local_33_x509_create_cert_t
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ security/p5-Net_SSLeay/patches/patch-t_local_33_x509_create_cert_t        
> 4 Jan 2017 18:26:41 -0000
> @@ -0,0 +1,28 @@
> +$OpenBSD$
> +--- t/local/33_x509_create_cert.t.orig       Tue Nov  1 22:46:12 2016
> ++++ t/local/33_x509_create_cert.t    Wed Jan  4 17:39:35 2017
> +@@ -2,7 +2,7 @@
> + 
> + use strict;
> + use warnings;
> +-use Test::More tests => 122;
> ++use Test::More tests => 123;
> + use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN 
> EVP_PKT_ENC/;
> + use File::Spec;
> + use utf8;
> +@@ -32,9 +32,12 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer, $ca_subject)
> +   ok(my $rsa = Net::SSLeay::RSA_generate_key(2048, &Net::SSLeay::RSA_F4), 
> "RSA_generate_key");
> +   ok(Net::SSLeay::EVP_PKEY_assign_RSA($pk,$rsa), "EVP_PKEY_assign_RSA");
> + 
> +-# ONly in pre 1.1:
> +-#  my @params = Net::SSLeay::RSA_get_key_parameters($rsa);
> +-#  ok(@params == 8, "RSA_get_key_parameters");
> ++  SKIP: {
> ++    skip 'openssl<1.1.0 required', 1 unless Net::SSLeay::SSLeay < 0x10100000
> ++    or Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER");
> ++    my @params = Net::SSLeay::RSA_get_key_parameters($rsa);
> ++    ok(@params == 8, "RSA_get_key_parameters");
> ++  }
> + 
> +   ok(my $x509  = Net::SSLeay::X509_new(), "X509_new");
> +   ok(Net::SSLeay::X509_set_pubkey($x509,$pk), "X509_set_pubkey");
> 

-- 
andrew - http://afresh1.com

Computer hackers do it all night long.

Reply via email to