From: Theo Buehler <tb@theobuehler.org>
Subject: Re: [update] neon 0.35.0
To: ports@openbsd.org
Date: Thu, 30 Oct 2025 19:56:17 +0100

On Fri, Oct 24, 2025 at 05:17:06PM +0200, Theo Buehler wrote:
> Now that we have SSL_SESSION_dup() in libssl.so.60.2, we can update this
> port. This passes most of regress except for six client cert related
> tests which I didn't look at closely (may well be related to the store
> stuff).
> 
> Is anyone using this and could give this a spin?

I am going to commit this soon.

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/neon/Makefile,v
diff -u -p -r1.61 Makefile
--- Makefile	26 Aug 2025 16:08:32 -0000	1.61
+++ Makefile	24 Oct 2025 14:19:31 -0000
@@ -1,9 +1,8 @@
 COMMENT=		HTTP and WebDAV client library, with C interface
 
-DISTNAME=		neon-0.34.2
-REVISION=		1
+DISTNAME=		neon-0.35.0
 
-SHARED_LIBS +=  neon                 31.4     # 34.2
+SHARED_LIBS +=  neon                 31.5     # 34.2
 
 CATEGORIES=		net www devel
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/neon/distinfo,v
diff -u -p -r1.27 distinfo
--- distinfo	17 Jul 2025 15:53:18 -0000	1.27
+++ distinfo	24 Oct 2025 13:04:18 -0000
@@ -1,2 +1,2 @@
-SHA256 (neon-0.34.2.tar.gz) = +Yzjx0MAvgXt3wXcy9ykmLFNQMKJ93MZXdGlWc/6WFY=
-SIZE (neon-0.34.2.tar.gz) = 936809
+SHA256 (neon-0.35.0.tar.gz) = FGevtz814/XQ6f1wYowUy6Jmpl4qH7bj+UXuM4XIWVs=
+SIZE (neon-0.35.0.tar.gz) = 949492
Index: patches/patch-src_ne_openssl_c
===================================================================
RCS file: patches/patch-src_ne_openssl_c
diff -N patches/patch-src_ne_openssl_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ne_openssl_c	24 Oct 2025 15:12:51 -0000
@@ -0,0 +1,33 @@
+Don't use store, replace SSL_CIPHER_standard_name() by existin API and
+don't try to run EVP_DigestInit() with NULL md, this ends in tears.
+
+Index: src/ne_openssl.c
+--- src/ne_openssl.c.orig
++++ src/ne_openssl.c
+@@ -86,7 +86,7 @@ typedef const unsigned char ne_d2i_uchar;
+ #define EVP_PKEY_get0_RSA(evp) (evp->pkey.rsa)
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000
++#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL 1.1.1 has STORE. */
+ #define HAVE_OPENSSL111
+ #include <openssl/store.h>
+@@ -795,7 +795,7 @@ int ne__negotiate_ssl(ne_session *sess)
+         const SSL_CIPHER *ciph = SSL_get_current_cipher(ssl);
+ 
+         sess->status.hs.protocol = ne_sock_getproto(sess->socket);
+-        sess->status.hs.ciphersuite = SSL_CIPHER_standard_name(ciph);
++        sess->status.hs.ciphersuite = SSL_CIPHER_get_name(ciph);
+         sess->notify_cb(sess->notify_ud, ne_status_handshake, &sess->status);
+     }
+ 
+@@ -1358,6 +1358,8 @@ char *ne_vstrhash(unsigned int flags, va_list ap)
+     unsigned char v[EVP_MAX_MD_SIZE];
+     unsigned int vlen;
+     const char *arg;
++
++    if (!md) return NULL;
+ 
+     ctx = EVP_MD_CTX_new();
+     if (!ctx) return NULL;
Index: patches/patch-test_ssl_c
===================================================================
RCS file: patches/patch-test_ssl_c
diff -N patches/patch-test_ssl_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-test_ssl_c	24 Oct 2025 15:10:46 -0000
@@ -0,0 +1,13 @@
+Disable test depending on <openssl/store.h>
+
+Index: test/ssl.c
+--- test/ssl.c.orig
++++ test/ssl.c
+@@ -2093,7 +2093,6 @@ ne_test tests[] = {
+     T_XFAIL(pkcs11_dsa), /* unclear why this fails currently. */
+ #endif
+     T(notifier),
+-    T(clicert_uri),
+ 
+     T(NULL) 
+ };
Index: patches/patch-test_utils_c
===================================================================
RCS file: /cvs/ports/net/neon/patches/patch-test_utils_c,v
diff -u -p -r1.1 patch-test_utils_c
--- patches/patch-test_utils_c	17 Jul 2025 15:53:18 -0000	1.1
+++ patches/patch-test_utils_c	24 Oct 2025 14:12:24 -0000
@@ -8,4 +8,4 @@ Index: test/utils.c
 +#include <sys/socket.h>
  
  #include "ne_session.h"
- 
+ #include "ne_string.h"
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/neon/pkg/PLIST,v
diff -u -p -r1.18 PLIST
--- pkg/PLIST	17 Jul 2025 15:53:18 -0000	1.18
+++ pkg/PLIST	24 Oct 2025 14:15:25 -0000
@@ -30,6 +30,7 @@ lib/libneon.la
 lib/pkgconfig/neon.pc
 @man man/man1/neon-config.1
 @man man/man3/ne_add_request_header.3
+@man man/man3/ne_addr_canonical.3
 @man man/man3/ne_addr_destroy.3
 @man man/man3/ne_addr_error.3
 @man man/man3/ne_addr_first.3
@@ -55,6 +56,7 @@ lib/pkgconfig/neon.pc
 @man man/man3/ne_get_request_target.3
 @man man/man3/ne_get_response_header.3
 @man man/man3/ne_get_response_location.3
+@man man/man3/ne_get_response_retry_after.3
 @man man/man3/ne_get_scheme.3
 @man man/man3/ne_get_server_hostport.3
 @man man/man3/ne_get_session_flag.3
@@ -113,6 +115,8 @@ lib/pkgconfig/neon.pc
 @man man/man3/ne_ssl_clicert_decrypt.3
 @man man/man3/ne_ssl_clicert_encrypted.3
 @man man/man3/ne_ssl_clicert_free.3
+@man man/man3/ne_ssl_clicert_fromuri.3
+@man man/man3/ne_ssl_clicert_import.3
 @man man/man3/ne_ssl_clicert_name.3
 @man man/man3/ne_ssl_clicert_owner.3
 @man man/man3/ne_ssl_clicert_read.3