From fe9e49d220fa424c55fc436303b24f5bddae0b8d Mon Sep 17 00:00:00 2001 From: orbea Date: Mon, 29 May 2023 10:16:33 -0700 Subject: [PATCH 1/2] SSLeay.xs: Disable Policy Tree API for LibreSSL 3.8 and later This is taken from the OpenBSD ports tree. https://github.com/openbsd/ports/commit/f6567f938c9bd51bfd99f8426eba6a1590cc6384 --- SSLeay.xs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SSLeay.xs b/SSLeay.xs index 102e89f3..ae870c0a 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -7157,6 +7157,7 @@ X509_VERIFY_PARAM_get0_peername(param) #endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */ +#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER < 0x3080000fL) /* LibreSSL < 3.8.0 */ void X509_policy_tree_free(tree) X509_POLICY_TREE *tree @@ -7199,6 +7200,7 @@ const X509_POLICY_NODE * X509_policy_node_get0_parent(node) const X509_POLICY_NODE *node +#endif /* !(LibreSSL >= 3.7.0) */ #endif ASN1_OBJECT * From be44d2961cebbbd3185d1fff8b8a1dc3a5b2eca4 Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Mon, 12 Jun 2023 01:03:13 +0300 Subject: [PATCH 2/2] Add Changes entry and update SSLeay.pod for pull request GH-434. Closes #434. --- Changes | 14 ++++++++++++++ SSLeay.xs | 2 +- lib/Net/SSLeay.pod | 24 ++++++++++++++++++++++-- 3 files changed, 37 insertions(+), 3 deletions(-) diff --git a/Changes b/Changes index 7ae59ebd..a301f505 100644 --- a/Changes +++ b/Changes @@ -12,6 +12,20 @@ Revision history for Perl extension Net::SSLeay. Rocky Linux 9.2. Any Red Hat Enterprise Linux 9 and derived system is likely to have similar behaviour. Thanks to Paul Howarth for the investigation and patches. + - LibreSSL 3.8.0 release notes state: The POLICY_TREE and its + related structures and API were removed. The affected + Net::SSLeay functions are: + - X509_policy_level_get0_node + - X509_policy_level_node_count + - X509_policy_node_get0_parent + - X509_policy_node_get0_policy + - X509_policy_node_get0_qualifiers + - X509_policy_tree_free + - X509_policy_tree_get0_level + - X509_policy_tree_get0_policies + - X509_policy_tree_get0_user_policies + - X509_policy_tree_level_count + Patch by GitHub user orbea. 1.93_02 2023-02-22 - Update ppport.h to version 3.68. This eliminates thousands of diff --git a/SSLeay.xs b/SSLeay.xs index ae870c0a..492a3a18 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -7200,7 +7200,7 @@ const X509_POLICY_NODE * X509_policy_node_get0_parent(node) const X509_POLICY_NODE *node -#endif /* !(LibreSSL >= 3.7.0) */ +#endif /* LibreSSL < 3.8.0 */ #endif ASN1_OBJECT * diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod index d11d2d63..348b954e 100644 --- a/lib/Net/SSLeay.pod +++ b/lib/Net/SSLeay.pod @@ -6498,6 +6498,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_level_get0_node +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_level_get0_node($level, $i); @@ -6508,6 +6510,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_level_node_count +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_level_node_count($level); @@ -6517,6 +6521,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_node_get0_parent +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_node_get0_parent($node); @@ -6526,6 +6532,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_node_get0_policy +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_node_get0_policy($node); @@ -6535,6 +6543,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_node_get0_qualifiers +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_node_get0_qualifiers($node); @@ -6544,6 +6554,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_tree_free +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) Net::SSLeay::X509_policy_tree_free($tree); @@ -6553,6 +6565,8 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_tree_get0_level +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_tree_get0_level($tree, $i); @@ -6563,24 +6577,30 @@ Loads/adds X509 CRL from $file to X509_LOOKUP structure =item * X509_policy_tree_get0_policies +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_tree_get0_policies($tree); # $tree - value corresponding to openssl's X509_POLICY_TREE structure # - # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure) + # returns: value corresponding to openssl's STACK_OF(X509_POLICY_NODE) structure (0 on failure) =item * X509_policy_tree_get0_user_policies +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_tree_get0_user_policies($tree); # $tree - value corresponding to openssl's X509_POLICY_TREE structure # - # returns: value corresponding to openssl's X509_POLICY_NODE structure (0 on failure) + # returns: value corresponding to openssl's STACK_OF(X509_POLICY_NODE) structure (0 on failure) =item * X509_policy_tree_level_count +B no longer available in LibreSSL 3.8.0 and later + ??? (more info needed) my $rv = Net::SSLeay::X509_policy_tree_level_count($tree);