net-misc/curl: compatibility patch for LibreSSL

This patch fixes building with dev-libs/libressl-2.7.x. Patch was pulled
from upstream Git and should be included in the next 7.60.0 release.

Closes: https://bugs.gentoo.org/651172
Package-Manager: Portage-2.3.29, Repoman-2.3.9

2 files changed, 72 insertions, 0 deletions

diff --git a/net-misc/curl/curl-7.59.0.ebuild b/net-misc/curl/curl-7.59.0.ebuild
index 2240efbd3a89..87d83904d5db 100644
--- a/net-misc/curl/curl-7.59.0.ebuild
+++ b/net-misc/curl/curl-7.59.0.ebuild
@@ -108,6 +108,8 @@ src_prepare() {
 	eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
 	eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+	# the next curl release (7.60.0) *should* contain this patch as it is in Git head and 7.60.0 has been tagged
+    eapply "${FILESDIR}"/${PN}-7.59.0-libressl-compatibility.patch
 
 	sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
 
diff --git a/net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch b/net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch
new file mode 100644
index 000000000000..e7ee6c3ab157
--- /dev/null
+++ b/net-misc/curl/files/curl-7.59.0-libressl-compatibility.patch
@@ -0,0 +1,70 @@
+From da51ddee81e10398172f0baf3327b5db82846175 Mon Sep 17 00:00:00 2001
+From: Bernard Spil <brnrd@FreeBSD.org>
+Date: Mon, 2 Apr 2018 19:04:06 +0200
+Subject: [PATCH] openssl: fix build with LibreSSL 2.7
+
+ - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
+
+Fixes #2319
+Closes #2447
+Closes #2448
+
+Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
+---
+ lib/vtls/openssl.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 2a6b3cfac..bbb8ec766 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -104,7 +104,8 @@
+ #endif
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
+-  !defined(LIBRESSL_VERSION_NUMBER)
++    !(defined(LIBRESSL_VERSION_NUMBER) && \
++      LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+ #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
+ #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
+@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num(void)
+ #endif
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
+-  !defined(LIBRESSL_VERSION_NUMBER)
++    !(defined(LIBRESSL_VERSION_NUMBER) && \
++      LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #define HAVE_X509_GET0_SIGNATURE 1
+ #endif
+ 
+@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num(void)
+  * Whether SSL_CTX_set_keylog_callback is available.
+  * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
+  * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
+- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
++ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
+  *           lies and pretends to be OpenSSL 2.0.0).
+  */
+ #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
+   if(!session || !keylog_file_fp)
+     return;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
++    !(defined(LIBRESSL_VERSION_NUMBER) && \
++      LIBRESSL_VERSION_NUMBER < 0x20700000L)
+   /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
+    * we have a valid SSL context if we have a non-NULL session. */
+   SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
+@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+   case CURL_SSLVERSION_TLSv1_2:
+   case CURL_SSLVERSION_TLSv1_3:
+     /* it will be handled later with the context options */
+-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+-    !defined(LIBRESSL_VERSION_NUMBER)
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+     req_method = TLS_client_method();
+ #else
+     req_method = SSLv23_client_method();