x11/freerdp currently reaches deep into libssl internals, in order to send
TLS alerts. AFAIK OpenSSL 1.1 does not provide any way for TLS alerts to be
triggered outside the library and freerdp's approach is to simply disable
this code. Do the same thing for current LibreSSL, so that we can make
these internals internal.
ok?
Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/freerdp/Makefile,v
retrieving revision 1.33
diff -u -p -u -p -r1.33 Makefile
--- Makefile 14 Aug 2018 08:36:49 -0000 1.33
+++ Makefile 22 Oct 2018 16:08:45 -0000
@@ -6,7 +6,7 @@ BROKEN-hppa = undefined reference to __
COMMENT = open source client for Windows Terminal Server
DISTNAME = freerdp-2.0.0-rc1
PKGNAME = freerdp-2.0.0rc1
-REVISION = 0
+REVISION = 1
CATEGORIES = x11 net
SHARED_LIBS += freerdp-client2 0.0 # 2.0
Index: patches/patch-libfreerdp_crypto_tls_c
===================================================================
RCS file: patches/patch-libfreerdp_crypto_tls_c
diff -N patches/patch-libfreerdp_crypto_tls_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-libfreerdp_crypto_tls_c 22 Oct 2018 16:08:45 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Stop reaching into libssl internals to send TLS alerts.
+
+Index: libfreerdp/crypto/tls.c
+--- libfreerdp/crypto/tls.c.orig
++++ libfreerdp/crypto/tls.c
+@@ -1020,7 +1020,8 @@ BOOL tls_send_alert(rdpTls* tls)
+ * FIXME: The following code does not work on OpenSSL > 1.1.0 because
the
+ * SSL struct is opaqe now
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x2080000fL)
+
+ if (tls->alertDescription != TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY)
+ {
