This is an automated email from the git hooks/post-receive script.

dom pushed a commit to branch experimental
in repository libnet-ssleay-perl.

commit a14580e766bc5761d89609f58c9e1f9a1f8a322c
Author: Dominic Hargreaves <d...@earth.li>
Date:   Fri Jul 8 17:49:47 2016 +0200

    OpenSSL 1.1 patch from upstream SVN (Closes: #828401)
---
 debian/changelog                 |   8 +-
 debian/patches/openssl-1.1.patch | 917 +++++++++++++++++++++++++++++++++++++++
 debian/patches/series            |   1 +
 3 files changed, 924 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 79eba9a..0142a4e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,12 @@
-libnet-ssleay-perl (1.74-2) UNRELEASED; urgency=medium
+libnet-ssleay-perl (1.74-2) experimental; urgency=medium
 
+  [ gregor herrmann ]
   * debian/copyright: change Copyright-Format 1.0 URL to HTTPS.
 
- -- gregor herrmann <gre...@debian.org>  Fri, 20 May 2016 12:07:51 +0200
+  [ Dominic Hargreaves ]
+  * OpenSSL 1.1 patch from upstream SVN (Closes: #828401)
+
+ -- Dominic Hargreaves <d...@earth.li>  Sat, 09 Jul 2016 00:02:40 +0200
 
 libnet-ssleay-perl (1.74-1) unstable; urgency=medium
 
diff --git a/debian/patches/openssl-1.1.patch b/debian/patches/openssl-1.1.patch
new file mode 100644
index 0000000..806f90e
--- /dev/null
+++ b/debian/patches/openssl-1.1.patch
@@ -0,0 +1,917 @@
+Subject: OpenSSL 1.1 support
+Author: Mike McCauley <mi...@airspayce.com>
+Origin: svn://svn.debian.org/svn/net-ssleay@469
+
+Index: SSLeay.xs
+===================================================================
+--- a/SSLeay.xs        (revision 465)
++++ b/SSLeay.xs        (working copy)
+@@ -237,8 +237,10 @@
+ 
+ #ifdef USE_ITHREADS
+ static perl_mutex LIB_init_mutex;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static perl_mutex *GLOBAL_openssl_mutex = NULL;
+ #endif
++#endif
+ static int LIB_initialized;
+ 
+ UV get_my_thread_id(void) /* returns threads->tid() value */
+@@ -277,6 +279,8 @@
+  */
+ #if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
+ 
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static void openssl_locking_function(int mode, int type, const char *file, 
int line)
+ {
+     PR3("openssl_locking_function %d %d\n", mode, type);
+@@ -331,6 +335,7 @@
+     MUTEX_DESTROY(&l->mutex);
+     Safefree(l);
+ }
++#endif
+ 
+ void openssl_threads_init(void)
+ {
+@@ -338,6 +343,7 @@
+ 
+     PR1("STARTED: openssl_threads_init\n");
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     /* initialize static locking */
+     if ( !CRYPTO_get_locking_callback() ) {
+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
+@@ -371,6 +377,7 @@
+         CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
+         
CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
+     }
++#endif 
+ }
+ 
+ #endif
+@@ -395,7 +402,9 @@
+   if (!m) return;                                           /* Skip aliases */
+   mname = OBJ_nid2ln(EVP_MD_type(m));
+   if (strcmp(from, mname)) return;                          /* Skip 
shortnames */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return;    /* Skip clones */
++#endif
+   if (strchr(mname, ' ')) mname= EVP_MD_name(m);
+   av_push(arg, newSVpv(mname,0));
+ }
+@@ -799,6 +808,7 @@
+     AV *ciphers = newAV();
+     SV *pref_cipher = sv_newmortal();
+     SV * cb_func, *cb_data;
++    SV * secretsv;
+ 
+     PR1("STARTED: ssleay_session_secret_cb_invoke\n");
+     cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
+@@ -811,8 +821,8 @@
+     SAVETMPS;
+ 
+     PUSHMARK(SP);
+-
+-    XPUSHs( sv_2mortal( newSVpv(secret, *secret_len)) );
++    secretsv = sv_2mortal( newSVpv(secret, *secret_len));
++    XPUSHs(secretsv);
+     for (i=0; i<sk_SSL_CIPHER_num(peer_ciphers); i++) {
+         SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
+         av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
+@@ -835,6 +845,13 @@
+         /* See if there is a preferred cipher selected, if so it is an index 
into the stack */
+         if (SvIOK(pref_cipher))
+             *cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++      /* Use any new master secret set by the callback function in secret */
++      STRLEN newsecretlen;
++      char* newsecretdata = SvPV(secretsv, newsecretlen);
++      memcpy(secret, newsecretdata, newsecretlen);
++#endif
+     }
+ 
+     PUTBACK;
+@@ -1404,8 +1421,10 @@
+      OUTPUT:
+      RETVAL
+ 
+-#ifndef OPENSSL_NO_SSL2
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef OPENSSL_NO_SSL2 
++
+ SSL_CTX *
+ SSL_CTX_v2_new()
+      CODE:
+@@ -1414,7 +1433,7 @@
+      RETVAL
+ 
+ #endif
+-
++#endif
+ #ifndef OPENSSL_NO_SSL3
+ 
+ SSL_CTX *
+@@ -2105,10 +2124,35 @@
+ SSL_want(s)
+      SSL *              s
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ int
+ SSL_state(s)
+      SSL *              s
+ 
++int
++SSL_get_state(ssl)
++     SSL *    ssl
++  CODE:
++  RETVAL = SSL_state(ssl);
++  OUTPUT:
++  RETVAL
++
++
++#else
++int
++SSL_state(s)
++     SSL *              s
++     CODE:
++     RETVAL = SSL_get_state(s);
++     OUTPUT:
++     RETVAL
++
++
++int
++SSL_get_state(s)
++     SSL *              s
++
++#endif
+ #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+ 
+ long
+@@ -2734,19 +2778,15 @@
+         X509_ATTRIBUTE * att;
+         int count, i;
+         ASN1_STRING * s;
++      ASN1_TYPE * t;
+     PPCODE:
+         att = X509_REQ_get_attr(req,n);
+-        if (att->single) {
+-            s = (att->value.single->value.asn1_string);
++      count = X509_ATTRIBUTE_count(att);
++      for (i=0; i<count; i++) {
++          t = X509_ATTRIBUTE_get0_type(att, i);
++          s = t->value.asn1_string;
+             XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
+-        }
+-        else {
+-            count = sk_ASN1_TYPE_num(att->value.set);
+-            for (i=0; i<count; i++) {
+-                s = (sk_ASN1_TYPE_value(att->value.set, 
i)->value.asn1_string);
+-                XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
+-            }
+-        }
++      }
+ 
+ #endif
+ 
+@@ -4439,6 +4479,7 @@
+      const unsigned char *   sid_ctx
+      unsigned int sid_ctx_len
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ void
+ SSL_CTX_set_tmp_rsa_callback(ctx, cb)
+      SSL_CTX *   ctx
+@@ -4449,6 +4490,8 @@
+      SSL *   ssl
+      cb_ssl_int_int_ret_RSA *  cb
+ 
++#endif
++
+ void
+ SSL_CTX_set_tmp_dh_callback(ctx, dh)
+      SSL_CTX *   ctx
+@@ -4526,6 +4569,7 @@
+   OUTPUT:
+   RETVAL
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ long
+ SSL_CTX_need_tmp_RSA(ctx)
+      SSL_CTX *        ctx
+@@ -4534,6 +4578,8 @@
+   OUTPUT:
+   RETVAL
+ 
++#endif
++
+ int
+ SSL_CTX_set_app_data(ctx,arg)
+      SSL_CTX *        ctx
+@@ -4575,11 +4621,14 @@
+      SSL_CTX *        ctx
+      DH *     dh
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ long
+ SSL_CTX_set_tmp_rsa(ctx,rsa)
+      SSL_CTX *        ctx
+      RSA *    rsa
+ 
++#endif
++
+ #if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
+ 
+ EC_KEY *
+@@ -4591,12 +4640,55 @@
+     EC_KEY * key
+ 
+ long
+-SSL_CTX_set_tmp_ecdh(ctx,ecdh);
++SSL_CTX_set_tmp_ecdh(ctx,ecdh)
+      SSL_CTX *        ctx
+      EC_KEY  *        ecdh
+ 
++int
++EVP_PKEY_assign_EC_KEY(pkey,key)
++    EVP_PKEY *  pkey
++    EC_KEY *    key
++
++
++EC_KEY *
++EC_KEY_generate_key(curve)
++      SV *curve;
++    CODE:
++      EC_GROUP *group = NULL;
++      EC_KEY *eckey = NULL;
++      int nid;
++
++      RETVAL = 0;
++      if (SvIOK(curve)) {
++          nid = SvIV(curve);
++      } else {
++          nid = OBJ_sn2nid(SvPV_nolen(curve));
++#if OPENSSL_VERSION_NUMBER > 0x10002000L
++          if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve));
+ #endif
++          if (!nid) croak("unknown curve %s",SvPV_nolen(curve));
++      }
+ 
++      group = EC_GROUP_new_by_curve_name(nid);
++      if (!group) croak("unknown curve nid=%d",nid);
++      EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE);
++
++      eckey = EC_KEY_new();
++      if ( eckey
++          && EC_KEY_set_group(eckey, group)
++          && EC_KEY_generate_key(eckey)) {
++          RETVAL = eckey;
++      } else {
++          if (eckey) EC_KEY_free(eckey);
++      }
++      if (group) EC_GROUP_free(group);
++
++    OUTPUT:
++      RETVAL
++
++
++#endif
++
+ void *
+ SSL_get_app_data(s)
+      SSL *    s
+@@ -4622,25 +4714,20 @@
+   OUTPUT:
+   RETVAL
+ 
+-int
+-SSL_get_state(ssl)
+-     SSL *    ssl
+-  CODE:
+-  RETVAL = SSL_state(ssl);
+-  OUTPUT:
+-  RETVAL
+-
+ void
+ SSL_set_state(ssl,state)
+      SSL *    ssl
+      int        state
+   CODE:
+-#ifdef OPENSSL_NO_SSL_INTERN
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++      /* not available */
++#elif defined(OPENSSL_NO_SSL_INTERN)
+    SSL_set_state(ssl,state);
+ #else
+   ssl->state = state;
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ long
+ SSL_need_tmp_RSA(ssl)
+      SSL *    ssl
+@@ -4649,6 +4736,9 @@
+   OUTPUT:
+   RETVAL
+ 
++
++#endif
++
+ long
+ SSL_num_renegotiations(ssl)
+      SSL *    ssl
+@@ -4668,10 +4758,6 @@
+ long
+ SSL_session_reused(ssl)
+      SSL *    ssl
+-  CODE:
+-  RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_SESSION_REUSED,0,NULL);
+-  OUTPUT:
+-  RETVAL
+ 
+ int
+ SSL_SESSION_set_app_data(s,a)
+@@ -4714,6 +4800,7 @@
+      SSL *    ssl
+      DH *     dh
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ long
+ SSL_set_tmp_rsa(ssl,rsa)
+      SSL *    ssl
+@@ -4723,6 +4810,7 @@
+   OUTPUT:
+   RETVAL
+ 
++#endif
+ 
+ #ifdef __ANDROID__
+ 
+@@ -4855,13 +4943,33 @@
+   OUTPUT:
+   RETVAL
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ void
+ SSL_SESSION_get_master_key(s)
+      SSL_SESSION *   s
++     PREINIT:
++     size_t master_key_length;
++     unsigned char* master_key;
+      CODE:
+      ST(0) = sv_newmortal();   /* Undefined to start with */
++     master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the 
length */
++     New(0, master_key, master_key_length, unsigned char);
++     SSL_SESSION_get_master_key(s, master_key, master_key_length);
++     sv_setpvn(ST(0), (const char*)master_key, master_key_length);
++     Safefree(master_key);
++
++#else
++void
++SSL_SESSION_get_master_key(s)
++     SSL_SESSION *   s
++     CODE:
++     ST(0) = sv_newmortal();   /* Undefined to start with */
+      sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
+ 
++#endif
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
+ void
+ SSL_SESSION_set_master_key(s,key)
+      SSL_SESSION *   s
+@@ -4873,24 +4981,80 @@
+      memcpy(s->master_key, key, len);
+      s->master_key_length = len;
+ 
++#endif
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++
+ void
+ SSL_get_client_random(s)
+      SSL *   s
++     PREINIT:
++     size_t random_length;
++     unsigned char* random_data;
+      CODE:
+      ST(0) = sv_newmortal();   /* Undefined to start with */
++     random_length = SSL_get_client_random(s, 0, 0); /* get the length */
++     New(0, random_data, random_length, unsigned char);
++     SSL_get_client_random(s, random_data, random_length);
++     sv_setpvn(ST(0), (const char*)random_data, random_length);
++     Safefree(random_data);
++
++#else
++
++void
++SSL_get_client_random(s)
++     SSL *   s
++     CODE:
++     ST(0) = sv_newmortal();   /* Undefined to start with */
+      sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
+ 
++#endif
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++
+ void
+ SSL_get_server_random(s)
+      SSL *   s
++     PREINIT:
++     size_t random_length;
++     unsigned char* random_data;
+      CODE:
+      ST(0) = sv_newmortal();   /* Undefined to start with */
++     random_length = SSL_get_server_random(s, 0, 0); /* get the length */
++     New(0, random_data, random_length, unsigned char);
++     SSL_get_server_random(s, random_data, random_length);
++     sv_setpvn(ST(0), (const char*)random_data, random_length);
++     Safefree(random_data);
++
++#else
++
++void
++SSL_get_server_random(s)
++     SSL *   s
++     CODE:
++     ST(0) = sv_newmortal();   /* Undefined to start with */
+      sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
+ 
++#endif
++
+ int
+ SSL_get_keyblock_size(s)
+      SSL *   s
+      CODE:
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++        const SSL_CIPHER *ssl_cipher;
++      int cipher, digest;
++      const EVP_CIPHER *c;
++      const EVP_MD *h;
++
++      ssl_cipher = SSL_get_current_cipher(s);
++      cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
++      digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
++      c = EVP_get_cipherbynid(cipher);
++      h = EVP_get_digestbynid(digest);
++      RETVAL = 2 * (EVP_CIPHER_key_length(c) + EVP_MD_size(h) +
++                  EVP_CIPHER_iv_length(c));
++#else
+      if (s == NULL ||
+        s->enc_read_ctx == NULL ||
+        s->enc_read_ctx->cipher == NULL ||
+@@ -4919,6 +5083,8 @@
+                                      EVP_CIPHER_iv_length(c)))
+                              : -1;
+      }
++#endif
++
+      OUTPUT:
+      RETVAL
+ 
+@@ -4956,9 +5122,7 @@
+         else {
+             cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", 
newSVsv(callback));
+             cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", 
newSVsv(data));
+-            SSL_set_session_secret_cb(s, (int (*)(SSL *s, void *secret, int 
*secret_len,
+-                STACK_OF(SSL_CIPHER) *peer_ciphers,
+-                SSL_CIPHER **cipher, void 
*arg))&ssleay_session_secret_cb_invoke, s);
++            SSL_set_session_secret_cb(s, 
(tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
+         }
+ 
+ #endif
+@@ -5382,7 +5546,11 @@
+ P_X509_get_signature_alg(x)
+         X509 * x
+     CODE:
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++        RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
++#else
+         RETVAL = (x->cert_info->signature->algorithm);
++#endif
+     OUTPUT:
+         RETVAL
+ 
+@@ -5389,8 +5557,17 @@
+ ASN1_OBJECT *
+ P_X509_get_pubkey_alg(x)
+         X509 * x
++    PREINIT:
+     CODE:
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    {
++      X509_ALGOR * algor;
++        X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
++        RETVAL = (algor->algorithm);
++    }
++#else
+         RETVAL = (x->cert_info->key->algor->algorithm);
++#endif
+     OUTPUT:
+         RETVAL
+ 
+@@ -5705,8 +5882,7 @@
+            * response does not contain the chain up to the trusted root */
+           STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
+           for(i=0;i<sk_X509_num(chain);i++) {
+-              if (!bsr->certs) bsr->certs = sk_X509_new_null();
+-              sk_X509_push(bsr->certs,X509_dup(sk_X509_value(chain,i)));
++              OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
+           }
+           TRACE(1,"run basic verify");
+           RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
+@@ -5718,7 +5894,7 @@
+               X509 *issuer;
+               X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
+               if ( (issuer = find_issuer(last,store,chain))) {
+-                  sk_X509_push(bsr->certs,X509_dup(issuer));
++                  OCSP_basic_add1_cert(bsr, X509_dup(issuer));
+                   TRACE(1,"run OCSP_basic_verify with issuer for last chain 
element");
+                   RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
+               }
+@@ -5736,7 +5912,6 @@
+       OCSP_BASICRESP *bsr;
+       int i,want_array;
+       time_t nextupd = 0;
+-      STACK_OF(OCSP_SINGLERESP) *sks;
+       int getall,sksn;
+ 
+       bsr = OCSP_response_get1_basic(rsp);
+@@ -5744,8 +5919,7 @@
+ 
+       want_array = (GIMME == G_ARRAY);
+       getall = (items <= 1);
+-      sks = bsr->tbsResponseData->responses;
+-      sksn = sk_OCSP_SINGLERESP_num(sks);
++      sksn = OCSP_resp_count(bsr);
+ 
+       for(i=0; i < (getall ? sksn : items-1); i++) {
+           const char *error = NULL;
+@@ -5754,9 +5928,8 @@
+           SV *idsv = NULL;
+ 
+           if(getall) {
+-              sir = sk_OCSP_SINGLERESP_value(sks,i);
++              sir = OCSP_resp_get0(bsr,i);
+           } else {
+-              int k;
+               STRLEN len;
+               const unsigned char *p;
+ 
+@@ -5767,22 +5940,36 @@
+                   error = "failed to get OCSP certid from string";
+                   goto end;
+               }
+-              for(k=0;k<sksn;k++) {
+-                  if 
(!OCSP_id_cmp(certid,sk_OCSP_SINGLERESP_value(sks,k)->certId)) {
+-                      sir = sk_OCSP_SINGLERESP_value(sks,k);
+-                      break;
+-                  }
++                int first = OCSP_resp_find(bsr, certid, -1); /* Find the 
first matching */
++              if (first >= 0)
++              {
++                  sir = OCSP_resp_get0(bsr,first);
++                  break;
+               }
+           }
+ 
+-          if (!sir) {
+-              error = "cannot find entry for certificate in OCSP response";
+-          } else if 
(!OCSP_check_validity(sir->thisUpdate,sir->nextUpdate,0,-1)) {
+-              error = "response not yet valid or expired";
+-          } else if (sir->certStatus->type == V_OCSP_CERTSTATUS_REVOKED) {
+-              error = "certificate status is revoked";
+-          } else if (sir->certStatus->type != V_OCSP_CERTSTATUS_GOOD) {
+-              error = "certificate status is unknown";
++          int status, revocationReason;   
++          ASN1_GENERALIZEDTIME *revocationTime, *thisupdate, *nextupdate;
++          if (sir)
++          {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++              status = OCSP_single_get0_status(sir, &revocationReason, 
&revocationTime, &thisupdate, &nextupdate);
++#else
++              status = sir->certStatus->type;
++              revocationTime = sir->certStatus->value.revoked->revocationTime;
++              thisupdate = sir->thisUpdate;
++              nextupdate = sir->nextUpdate;
++#endif
++              if (status == V_OCSP_CERTSTATUS_REVOKED) {
++                  error = "certificate status is revoked";
++              } else if (status != V_OCSP_CERTSTATUS_GOOD) {
++                  error = "certificate status is unknown";
++              }
++              else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
++                  error = "response not yet valid or expired";
++              }
++          } else {
++              error = "cannot find entry for certificate in OCSP response";
+           }
+ 
+           end:
+@@ -5791,12 +5978,20 @@
+               if (!idsv) {
+                   /* getall: create new SV with OCSP_CERTID */
+                   unsigned char *pi,*pc;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++                  int len = 
i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),NULL);
++#else
+                   int len = i2d_OCSP_CERTID(sir->certId,NULL);
++#endif
+                   if(!len) continue;
+                   Newx(pc,len,unsigned char);
+                   if (!pc) croak("out of memory");
+                   pi = pc;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++                  i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),&pi);
++#else
+                   i2d_OCSP_CERTID(sir->certId,&pi);
++#endif
+                   idsv = newSVpv((char*)pc,len);
+                   Safefree(pc);
+               } else {
+@@ -5809,26 +6004,26 @@
+                   HV *details = newHV();
+                   av_push(idav,newRV_noinc((SV*)details));
+                   hv_store(details,"statusType",10,
+-                      newSViv(sir->certStatus->type),0);
+-                  if (sir->nextUpdate) hv_store(details,"nextUpdate",10,
+-                      newSViv(ASN1_TIME_timet(sir->nextUpdate)),0);
+-                  if (sir->thisUpdate) hv_store(details,"thisUpdate",10,
+-                      newSViv(ASN1_TIME_timet(sir->thisUpdate)),0);
+-                  if (sir->certStatus->type == V_OCSP_CERTSTATUS_REVOKED) {
++                      newSViv(status),0);
++                  if (nextupdate) hv_store(details,"nextUpdate",10,
++                      newSViv(ASN1_TIME_timet(nextupdate)),0);
++                  if (thisupdate) hv_store(details,"thisUpdate",10,
++                      newSViv(ASN1_TIME_timet(thisupdate)),0);
++                  if (status == V_OCSP_CERTSTATUS_REVOKED) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+                       OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
+-                      hv_store(details,"revocationTime",14,newSViv(
+-                          ASN1_TIME_timet(rev->revocationTime)),0);
+-                      hv_store(details,"revocationReason",16,newSViv(
+-                          ASN1_ENUMERATED_get(rev->revocationReason)),0);
++                      revocationReason = 
ASN1_ENUMERATED_get(rev->revocationReason);
++#endif
++                      
hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime)),0);
++                      
hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
+                       hv_store(details,"revocationReason_str",20,newSVpv(
+-                          OCSP_crl_reason_str(ASN1_ENUMERATED_get(
+-                          rev->revocationReason)),0),0);
++                          OCSP_crl_reason_str(revocationReason),0),0);
+                   }
+               }
+               XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
+           } else if (!error) {
+               /* compute lowest nextUpdate */
+-              time_t nu = ASN1_TIME_timet(sir->nextUpdate);
++              time_t nu = ASN1_TIME_timet(nextupdate);
+               if (!nextupd || nextupd>nu) nextupd = nu;
+           }
+ 
+Index: t/local/32_x509_get_cert_info.t
+===================================================================
+--- a/t/local/32_x509_get_cert_info.t  (revision 465)
++++ b/t/local/32_x509_get_cert_info.t  (working copy)
+@@ -175,7 +175,7 @@
+   }
+     
+   SKIP: {
+-    skip('crl_distribution_points requires 0.9.7+', 
scalar(@{$dump->{$f}->{cdp}})+1) unless Net::SSLeay::SSLeay >= 0x0090700f;
++    skip('crl_distribution_points requires 0.9.7+', 
int(@{$dump->{$f}->{cdp}})+1) unless Net::SSLeay::SSLeay >= 0x0090700f;
+     my @cdp = Net::SSLeay::P_X509_get_crl_distribution_points($x509);
+     is(scalar(@cdp), scalar(@{$dump->{$f}->{cdp}}), "cdp size\t$f");
+     for my $i (0..$#cdp) {
+Index: t/local/35_ephemeral.t
+===================================================================
+--- a/t/local/35_ephemeral.t   (revision 465)
++++ b/t/local/35_ephemeral.t   (working copy)
+@@ -6,7 +6,7 @@
+ use Net::SSLeay;
+ 
+ BEGIN {
+-  plan skip_all => "libressl removed support for ephemeral/temporary RSA 
private keys" if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER");
++  plan skip_all => "libressl and OpenSSL 1.1 removed support for 
ephemeral/temporary RSA private keys" if 
Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") || $Net::SSLeay::VERSION > 
1.74;
+ }
+ 
+ plan tests => 3;
+Index: t/local/63_ec_key_generate_key.t
+===================================================================
+--- a/t/local/63_ec_key_generate_key.t (revision 0)
++++ b/t/local/63_ec_key_generate_key.t (revision 469)
+@@ -0,0 +1,35 @@
++#!/usr/bin/perl
++
++use strict;
++use warnings;
++use Test::More;
++use Net::SSLeay;
++
++if (!defined &Net::SSLeay::EC_KEY_generate_key) {
++    plan skip_all => "no suport for ECC in your OpenSSL";
++    exit(0);
++}
++
++plan tests => 4;
++
++Net::SSLeay::randomize();
++Net::SSLeay::load_error_strings();
++Net::SSLeay::ERR_load_crypto_strings();
++Net::SSLeay::SSLeay_add_ssl_algorithms();
++
++my $ec = Net::SSLeay::EC_KEY_generate_key('prime256v1');
++ok($ec,'EC key created');
++
++if ($ec) {
++    my $key = Net::SSLeay::EVP_PKEY_new();
++    my $rv = Net::SSLeay::EVP_PKEY_assign_EC_KEY($key,$ec);
++    ok($rv,'EC key assigned to PKEY');
++
++    my $pem = Net::SSLeay::PEM_get_string_PrivateKey($key);
++    ok( $pem =~m{^---.* PRIVATE KEY}m, "output key as PEM");
++
++    my $bio = Net::SSLeay::BIO_new( Net::SSLeay::BIO_s_mem());
++    Net::SSLeay::BIO_write($bio,$pem);
++    my $newkey = Net::SSLeay::PEM_read_bio_PrivateKey($bio);
++    ok($newkey,"read key again from PEM");
++}
+Index: lib/Net/SSLeay.pod
+===================================================================
+--- a/lib/Net/SSLeay.pod       (revision 465)
++++ b/lib/Net/SSLeay.pod       (working copy)
+@@ -44,6 +44,8 @@
+ to use at least 0.9.7 (as older versions are not tested during development). 
Some low level API functions
+ may be available with certain openssl versions.
+ 
++It is compatible with OpenSSL 1.0 and 1.1. Some functions are not available 
under OpenSSL 1.1.
++
+ L<Net::SSLeay> module basically comprise of:
+ 
+ =over
+@@ -1393,8 +1395,8 @@
+ 
+ Set the key referenced by $pkey to $key
+ 
+-B<NOTE:> In accordance with the OpenSSL naming convention the $key assigned
+-to the $pkey using the "1" functions must be freed as well as $pkey.
++B<NOTE:> No reference counter will be increased, i.e. $key will be freed if
++$pkey is freed.
+ 
+  my $rv = Net::SSLeay::EVP_PKEY_assign_RSA($pkey, $key);
+  # $pkey - value corresponding to openssl's EVP_PKEY structure
+@@ -1402,8 +1404,25 @@
+  #
+  # returns: 1 on success, 0 on failure
+ 
+-Check openssl doc 
L<http://www.openssl.org/docs/crypto/EVP_PKEY_set1_RSA.html|http://www.openssl.org/docs/crypto/EVP_PKEY_set1_RSA.html>
++Check openssl doc 
L<http://www.openssl.org/docs/crypto/EVP_PKEY_assign_RSA.html|http://www.openssl.org/docs/crypto/EVP_PKEY_assign_RSA.html>
++ 
++=item * EVP_PKEY_assign_EC_KEY
+ 
++B<COMPATIBILITY:> not available in Net-SSLeay-1.74 and before
++
++Set the key referenced by $pkey to $key
++
++B<NOTE:> No reference counter will be increased, i.e. $key will be freed if
++$pkey is freed.
++
++ my $rv = Net::SSLeay::EVP_PKEY_assign_EC_KEY($pkey, $key);
++ # $pkey - value corresponding to openssl's EVP_PKEY structure
++ # $key - value corresponding to openssl's EC_KEY structure
++ #
++ # returns: 1 on success, 0 on failure
++
++Check openssl doc 
L<http://www.openssl.org/docs/crypto/EVP_PKEY_assign_EC_KEY.html|http://www.openssl.org/docs/crypto/EVP_PKEY_assign_EC_KEY.html>
++
+ =item * EVP_PKEY_bits
+ 
+ B<COMPATIBILITY:> not available in Net-SSLeay-1.45 and before
+@@ -1844,6 +1863,11 @@
+  #
+  # returns: no return value
+ 
++Not available with OpenSSL 1.1 and later.
++Code that previously used
++       SESSION_set_master_key must now set $secret in the session_secret
++       callback set with SSL_set_session_secret_cb.
++
+ =item * SESSION_get_time
+ 
+ Returns the time at which the session s was established.
+@@ -2447,6 +2471,8 @@
+  #
+  # returns: result of SSL_CTRL_NEED_TMP_RSA command
+ 
++Not available with OpenSSL 1.1 and later.
++
+ =item * CTX_new
+ 
+ The same as L</CTX_v23_new>
+@@ -2457,6 +2483,8 @@
+ 
+ Check openssl doc 
L<http://www.openssl.org/docs/ssl/SSL_CTX_new.html|http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
+ 
++Not available with OpenSSL 1.1 and later.
++
+ =item * CTX_v2_new
+ 
+ Creates a new SSL_CTX object - based on SSLv2_method() - as framework to 
establish TLS/SSL enabled connections.
+@@ -2906,6 +2934,8 @@
+ 
+ Check openssl doc 
L<http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html|http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
+ 
++Not available with OpenSSL 1.1 and later.
++
+ =item * CTX_set_tmp_rsa_callback
+ 
+ Sets the callback function for ctx to be used when a temporary/ephemeral RSA 
key is required to $tmp_rsa_callback.
+@@ -2920,6 +2950,8 @@
+ 
+ Check openssl doc 
L<http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html|http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
+ 
++Not available with OpenSSL 1.1 and later.
++
+ =item * CTX_set_trust
+ 
+  my $rv = Net::SSLeay::CTX_set_trust($s, $trust);
+@@ -3436,10 +3468,10 @@
+ 
+ =item * get_keyblock_size
+ 
++Gets the length of the TLS keyblock.
++
+ B<NOTE:> Does not exactly correspond to any low level API function.
+ 
+-??? (more info needed)
+-
+  my $rv = Net::SSLeay::get_keyblock_size($ssl);
+  # $ssl - value corresponding to openssl's SSL structure
+  #
+@@ -3680,6 +3712,8 @@
+ 
+  Net::SSLeay::set_state($ssl,Net::SSLeay::SSL_ST_ACCEPT());
+ 
++Not available with OpenSSL 1.1 and later.
++
+ =item * get_verify_depth
+ 
+ Returns the verification depth limit currently set in $ssl.
+@@ -3829,6 +3863,8 @@
+  #
+  # returns: command result
+ 
++Not available with OpenSSL 1.1 and later.
++
+ =item * num_renegotiations
+ 
+ Executes SSL_CTRL_GET_NUM_RENEGOTIATIONS command on $ssl.
+@@ -4131,6 +4167,21 @@
+  #
+  # returns: no return value
+ 
++The callback function will be called like:
++callback_function($secret, $ciphers, $pref_cipher, $data);
++
++# $secret is the current master session key, usually all 0s at the beginning 
of a session
++# $ciphers is ref to an array of peer cipher names
++# $pref_cipher is a ref to an index into the list of cipher names of 
++#  the preferred cipher. Set it if you want to specify a preferred cipher
++# $data is the data passed to set_session_secret_cb
++
++The callback function should return 1 if it likes the suggested cipher (or 
has selected an alternative 
++by setting pref_cipher), else it should return 0 (in which case OpenSSL will 
select its own preferred cipher).
++
++With OpenSSL 1.1 and later, callback_function can change the master key for 
the session by 
++altering $secret and returning 1.
++
+ =item * set_shutdown
+ 
+ Sets the shutdown state of $ssl to $mode.
+@@ -7961,6 +8012,23 @@
+ 
+ TBA
+ 
++=item * EC_KEY_generate_key
++
++Generates a EC key and returns it in a newly allocated EC_KEY structure.
++The EC key then can be used to create a PKEY which can be used in calls
++like X509_set_pubkey.
++
++ my $key = Net::SSLeay::EVP_PKEY_new();
++ my $ec  = Net::SSLeay::EC_KEY_generate_key($curve);
++ Net::SSLeay::EVP_PKEY_assign_EC_KEY($key,$ec);
++
++ # $curve - curve name like 'secp521r1' or the matching Id (integer) of the 
curve
++ #
++ # returns: value corresponding to openssl's EC_KEY structure (0 on failure)
++
++This function has no equivalent in OpenSSL but combines multiple OpenSSL
++functions for an easier interface.
++
+ =back
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index a147a3a..9cc133e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 0001-fix-typo-in-manpage.patch
 20no-stray-libz-link.patch
+openssl-1.1.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libnet-ssleay-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to