void-packages/srcpkgs/dovecot/patches/patch-src_login-common_ssl-proxy-openssl_c

Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number.
Fixed compiling with SSL compression disabled.

Based on the existing OpenBSD patch, but updated for 2.2.13.

--- src/login-common/ssl-proxy-openssl.c.orig	2014-08-04 19:00:05.463014161 +0200
+++ src/login-common/ssl-proxy-openssl.c	2014-08-04 19:02:39.069231713 +0200
@@ -125,7 +125,7 @@ static void ssl_server_context_deinit(st
 
 static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
                                             const struct master_service_ssl_settings *set);
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
 #endif
 
@@ -769,7 +769,7 @@ const char *ssl_proxy_get_security_strin
 
 const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED)
 {
-#ifdef HAVE_SSL_COMPRESSION
+#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP)
 	const COMP_METHOD *comp;
 
 	comp = SSL_get_current_compression(proxy->ssl);
@@ -1024,7 +1024,7 @@ static void
 ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
 	const struct master_service_ssl_settings *set ATTR_UNUSED)
 {
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 	EC_KEY *ecdh;
 	int nid;
 	const char *curve_name;
@@ -1032,12 +1032,12 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX
 	if (SSL_CTX_need_tmp_RSA(ssl_ctx))
 		SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
 	SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
-#ifdef HAVE_ECDH
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 	/* In the non-recommended situation where ECDH cipher suites are being
 	   used instead of ECDHE, do not reuse the same ECDH key pair for
 	   different sessions. This option improves forward secrecy. */
 	SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#ifdef SSL_CTRL_SET_ECDH_AUTO
 	/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
 	   selection. */
 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
@@ -1152,7 +1152,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx,
 	EVP_PKEY_free(pkey);
 }
 
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 static int
 ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
 {
dovecot: enable lzma/lucene support and switch to libressl. - lzma has been enabled by default - lucene support is provided by the -plugin-lucene subpkg. - switch to libressl with some patches from OpenBSD 2014-08-04 17:26:22 +00:00			`Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number.`
			`Fixed compiling with SSL compression disabled.`

			`Based on the existing OpenBSD patch, but updated for 2.2.13.`

			`--- src/login-common/ssl-proxy-openssl.c.orig 2014-08-04 19:00:05.463014161 +0200`
			`+++ src/login-common/ssl-proxy-openssl.c 2014-08-04 19:02:39.069231713 +0200`
			`@@ -125,7 +125,7 @@ static void ssl_server_context_deinit(st`

			`static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,`
			`const struct master_service_ssl_settings *set);`
			`-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L`
			`+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)`
			`static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);`
			`#endif`

			`@@ -769,7 +769,7 @@ const char *ssl_proxy_get_security_strin`

			`const char ssl_proxy_get_compression(struct ssl_proxy proxy ATTR_UNUSED)`
			`{`
			`-#ifdef HAVE_SSL_COMPRESSION`
			`+#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP)`
			`const COMP_METHOD *comp;`

			`comp = SSL_get_current_compression(proxy->ssl);`
			`@@ -1024,7 +1024,7 @@ static void`
			`ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,`
			`const struct master_service_ssl_settings *set ATTR_UNUSED)`
			`{`
			`-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L`
			`+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)`
			`EC_KEY *ecdh;`
			`int nid;`
			`const char *curve_name;`
			`@@ -1032,12 +1032,12 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX`
			`if (SSL_CTX_need_tmp_RSA(ssl_ctx))`
			`SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);`
			`SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);`
			`-#ifdef HAVE_ECDH`
			`+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)`
			`/* In the non-recommended situation where ECDH cipher suites are being`
			`used instead of ECDHE, do not reuse the same ECDH key pair for`
			`different sessions. This option improves forward secrecy. */`
			`SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);`
			`-#if OPENSSL_VERSION_NUMBER >= 0x10002000L`
			`+#ifdef SSL_CTRL_SET_ECDH_AUTO`
			`/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter`
			`selection. */`
			`SSL_CTX_set_ecdh_auto(ssl_ctx, 1);`
			`@@ -1152,7 +1152,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx,`
			`EVP_PKEY_free(pkey);`
			`}`

			`-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L`
			`+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)`
			`static int`
			`ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)`
			`{`