Date: Tuesday, November 1, 2022 @ 11:44:15 Author: foutrelis Revision: 459793
Fix build with OpenSSL 3.0 (patch by loqs) Added: libevent/trunk/libevent-2.1.12-openssl-compat.patch Modified: libevent/trunk/PKGBUILD --------------------------------------+ PKGBUILD | 7 ++- libevent-2.1.12-openssl-compat.patch | 74 +++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-11-01 11:42:17 UTC (rev 459792) +++ PKGBUILD 2022-11-01 11:44:15 UTC (rev 459793) @@ -15,10 +15,12 @@ source=( https://github.com/libevent/libevent/releases/download/release-$pkgver-stable/libevent-$pkgver-stable.tar.gz{,.asc} EVENT__SIZEOF_TIME_T.patch + libevent-2.1.12-openssl-compat.patch ) sha256sums=('92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb' 'SKIP' - '945fc885b15692721bc7ae52f5774ef4fab8cc0f6108baa8860ab368de8675cf') + '945fc885b15692721bc7ae52f5774ef4fab8cc0f6108baa8860ab368de8675cf' + 'e41527c55f6dacc6453b13eeeea2664798496896b796abcd2a5c8304c9eb2bae') validpgpkeys=('B35BF85BF19489D04E28C33C21194EBB165733EA' '9E3AC83A27974B84D1B3401DB86086848EF8686D') @@ -27,6 +29,9 @@ # Fix Firefox build patch -Np1 -i ../EVENT__SIZEOF_TIME_T.patch + + # Fix build with OpenSSL 3.0 + patch -Np1 -i ../libevent-2.1.12-openssl-compat.patch } build() { Added: libevent-2.1.12-openssl-compat.patch =================================================================== --- libevent-2.1.12-openssl-compat.patch (rev 0) +++ libevent-2.1.12-openssl-compat.patch 2022-11-01 11:44:15 UTC (rev 459793) @@ -0,0 +1,74 @@ +commit 7f4684c0d362fefee8697ceed3f4f8642ed147ce +Author: William Marlow <[email protected]> +Date: Sat Jun 18 21:43:31 2022 +0100 + + Initial OpenSSL 3.0 support + + * Don't use deprecated functions when building against OpenSSL 3.0. + * Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol. + error in addition to the expected IO error produced by OpenSSL 1.1.1 + * Update regress_mbedtls.c for compatibility with OpenSSL 3 + + (cherry picked from commit 29c420c418aeb497e5e8b7abd45dee39194ca5fc) + + Conflicts: + bufferevent_openssl.c + sample/becat.c + test/regress_mbedtls.c + +diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c +index b51b834b..520e2d6f 100644 +--- a/bufferevent_openssl.c ++++ b/bufferevent_openssl.c +@@ -514,7 +514,9 @@ conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret) + put_error(bev_ssl, errcode); + break; + case SSL_ERROR_SSL: +- /* Protocol error. */ ++ /* Protocol error; possibly a dirty shutdown. */ ++ if (ret == 0 && SSL_is_init_finished(bev_ssl->ssl) == 0) ++ dirty_shutdown = 1; + put_error(bev_ssl, errcode); + break; + case SSL_ERROR_WANT_X509_LOOKUP: +diff --git a/sample/le-proxy.c b/sample/le-proxy.c +index 13e0e2ae..e9af3c68 100644 +--- a/sample/le-proxy.c ++++ b/sample/le-proxy.c +@@ -112,10 +112,15 @@ eventcb(struct bufferevent *bev, short what, void *ctx) + ERR_reason_error_string(err); + const char *lib = (const char*) + ERR_lib_error_string(err); ++#if OPENSSL_VERSION_MAJOR >= 3 ++ fprintf(stderr, ++ "%s in %s\n", msg, lib); ++#else + const char *func = (const char*) + ERR_func_error_string(err); + fprintf(stderr, + "%s in %s %s\n", msg, lib, func); ++#endif + } + if (errno) + perror("connection error"); +diff --git a/test/regress_ssl.c b/test/regress_ssl.c +index 37dc334d..490be9b2 100644 +--- a/test/regress_ssl.c ++++ b/test/regress_ssl.c +@@ -374,7 +374,16 @@ eventcb(struct bufferevent *bev, short what, void *ctx) + ++n_connected; + ssl = bufferevent_openssl_get_ssl(bev); + tt_assert(ssl); ++#if OPENSSL_VERSION_MAJOR >= 3 ++ /* SSL_get1_peer_certificate() means we want ++ * to increase the reference count on the cert ++ * and so we will need to free it ourselves later ++ * when we're done with it. The non-reference count ++ * increasing version is not available in OpenSSL 1.1.1. */ ++ peer_cert = SSL_get1_peer_certificate(ssl); ++#else + peer_cert = SSL_get_peer_certificate(ssl); ++#endif + if (type & REGRESS_OPENSSL_SERVER) { + tt_assert(peer_cert == NULL); + } else {
