[Buildroot] [PATCH 1/1] package/libshout: Add support for openssl 1.1.x

[Buildroot] [PATCH 1/1] package/libshout: Add support for openssl 1.1.x

[Vadim Kochan]

Added patch from Debian:

https://sources.debian.org/data/main/libs/libshout/2.4.1-2/debian/patches/01-libshout-tls-compile-with-OpenSSL-1.1.0.patch

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
---
 ...3-libshout-tls-compile-with-OpenSSL-1.1.0.patch | 58 ++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch

diff --git a/package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch b/package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch
new file mode 100644
index 0000000000..befd16e384
--- /dev/null
+++ b/package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch
@@ -0,0 +1,58 @@
+From 01fafc449f0de56743d08e7976933c49e2915bfa Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Wed, 15 Nov 2017 12:46:25 +0000
+Subject: [PATCH] tls: compile with OpenSSL 1.1.0
+
+The init functions are not longer required in OpenSSL 1.1 so I dropped
+them.
+
+TLSv1_client_method() should not be used because it enables only the
+TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable
+all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3
+is theoretically possible but as of today those protocols are usually
+build-time disabled.
+To avoid all this OpenSSL 1.1 provides TLS_client_method() which is aim
+to provide to highest TLS protocol version (same as
+SSLv23_client_method() but it is deprecated in 1.1).
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ src/tls.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/tls.c b/src/tls.c
+index 4562c7327077..e0e5c1a5f079 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -24,6 +24,7 @@
+ #endif
+ 
+ #include <shout/shout.h>
++#include <string.h>
+ #include "shout_private.h"
+ 
+ #ifndef XXX_HAVE_X509_check_host
+@@ -61,14 +62,17 @@ shout_tls_t *shout_tls_new(shout_t *self, sock_t socket)
+ 
+ static inline int tls_setup(shout_tls_t *tls)
+ {
+-	SSL_METHOD *meth;
+-
++	const SSL_METHOD *meth;
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL_library_init();
+ 	SSL_load_error_strings();
+ 	SSLeay_add_all_algorithms();
+- 	SSLeay_add_ssl_algorithms();
++	SSLeay_add_ssl_algorithms();
+ 
+-	meth = TLSv1_client_method();
++	meth = SSLv23_client_method();
++#else
++	meth = TLS_client_method();
++#endif
+ 	if (!meth)
+ 		goto error;
+ 
+-- 
+2.15.0
-- 
2.14.1

[Buildroot] [PATCH 1/1] package/libshout: Add support for openssl 1.1.x

[Arnout Vandecappelle]

On 18/01/2019 01:10, Vadim Kochan wrote:
> Added patch from Debian:
> 
> https://sources.debian.org/data/main/libs/libshout/2.4.1-2/debian/patches/01-libshout-tls-compile-with-OpenSSL-1.1.0.patch
> 
> Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
> ---
>  ...3-libshout-tls-compile-with-OpenSSL-1.1.0.patch | 58 ++++++++++++++++++++++
>  1 file changed, 58 insertions(+)
>  create mode 100644 package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch
> 
> diff --git a/package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch b/package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch
> new file mode 100644
> index 0000000000..befd16e384
> --- /dev/null
> +++ b/package/libshout/0003-libshout-tls-compile-with-OpenSSL-1.1.0.patch
> @@ -0,0 +1,58 @@
> +From 01fafc449f0de56743d08e7976933c49e2915bfa Mon Sep 17 00:00:00 2001
> +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
> +Date: Wed, 15 Nov 2017 12:46:25 +0000
> +Subject: [PATCH] tls: compile with OpenSSL 1.1.0
> +
> +The init functions are not longer required in OpenSSL 1.1 so I dropped
> +them.
> +
> +TLSv1_client_method() should not be used because it enables only the
> +TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable
> +all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3
> +is theoretically possible but as of today those protocols are usually
> +build-time disabled.
> +To avoid all this OpenSSL 1.1 provides TLS_client_method() which is aim
> +to provide to highest TLS protocol version (same as
> +SSLv23_client_method() but it is deprecated in 1.1).
> +
> +Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

 You should also add your Signed-off-by here (cfr. [1]).


 Regards,
 Arnout

[1]
https://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches


> +---
> + src/tls.c | 12 ++++++++----
> + 1 file changed, 8 insertions(+), 4 deletions(-)
> +
> +diff --git a/src/tls.c b/src/tls.c
> +index 4562c7327077..e0e5c1a5f079 100644
> +--- a/src/tls.c
> ++++ b/src/tls.c
> +@@ -24,6 +24,7 @@
> + #endif
> + 
> + #include <shout/shout.h>
> ++#include <string.h>
> + #include "shout_private.h"
> + 
> + #ifndef XXX_HAVE_X509_check_host
> +@@ -61,14 +62,17 @@ shout_tls_t *shout_tls_new(shout_t *self, sock_t socket)
> + 
> + static inline int tls_setup(shout_tls_t *tls)
> + {
> +-	SSL_METHOD *meth;
> +-
> ++	const SSL_METHOD *meth;
> ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
> + 	SSL_library_init();
> + 	SSL_load_error_strings();
> + 	SSLeay_add_all_algorithms();
> +- 	SSLeay_add_ssl_algorithms();
> ++	SSLeay_add_ssl_algorithms();
> + 
> +-	meth = TLSv1_client_method();
> ++	meth = SSLv23_client_method();
> ++#else
> ++	meth = TLS_client_method();
> ++#endif
> + 	if (!meth)
> + 		goto error;
> + 
> +-- 
> +2.15.0
>