From: Antoine Jacoutot <ajacoutot@bsdfrog.org>
Subject: Re: [update] neon 0.35.0
To: Theo Buehler <tb@theobuehler.org>
Cc: ports@openbsd.org
Date: Fri, 31 Oct 2025 01:41:37 +0100

Ok aja

On Thu, Oct 30, 2025 at 07:56:17PM +0100, Theo Buehler wrote:
> On Fri, Oct 24, 2025 at 05:17:06PM +0200, Theo Buehler wrote:
> > Now that we have SSL_SESSION_dup() in libssl.so.60.2, we can update this
> > port. This passes most of regress except for six client cert related
> > tests which I didn't look at closely (may well be related to the store
> > stuff).
> > 
> > Is anyone using this and could give this a spin?
> 
> I am going to commit this soon.
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/neon/Makefile,v
> diff -u -p -r1.61 Makefile
> --- Makefile	26 Aug 2025 16:08:32 -0000	1.61
> +++ Makefile	24 Oct 2025 14:19:31 -0000
> @@ -1,9 +1,8 @@
>  COMMENT=		HTTP and WebDAV client library, with C interface
>  
> -DISTNAME=		neon-0.34.2
> -REVISION=		1
> +DISTNAME=		neon-0.35.0
>  
> -SHARED_LIBS +=  neon                 31.4     # 34.2
> +SHARED_LIBS +=  neon                 31.5     # 34.2
>  
>  CATEGORIES=		net www devel
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/net/neon/distinfo,v
> diff -u -p -r1.27 distinfo
> --- distinfo	17 Jul 2025 15:53:18 -0000	1.27
> +++ distinfo	24 Oct 2025 13:04:18 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (neon-0.34.2.tar.gz) = +Yzjx0MAvgXt3wXcy9ykmLFNQMKJ93MZXdGlWc/6WFY=
> -SIZE (neon-0.34.2.tar.gz) = 936809
> +SHA256 (neon-0.35.0.tar.gz) = FGevtz814/XQ6f1wYowUy6Jmpl4qH7bj+UXuM4XIWVs=
> +SIZE (neon-0.35.0.tar.gz) = 949492
> Index: patches/patch-src_ne_openssl_c
> ===================================================================
> RCS file: patches/patch-src_ne_openssl_c
> diff -N patches/patch-src_ne_openssl_c
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_ne_openssl_c	24 Oct 2025 15:12:51 -0000
> @@ -0,0 +1,33 @@
> +Don't use store, replace SSL_CIPHER_standard_name() by existin API and
> +don't try to run EVP_DigestInit() with NULL md, this ends in tears.
> +
> +Index: src/ne_openssl.c
> +--- src/ne_openssl.c.orig
> ++++ src/ne_openssl.c
> +@@ -86,7 +86,7 @@ typedef const unsigned char ne_d2i_uchar;
> + #define EVP_PKEY_get0_RSA(evp) (evp->pkey.rsa)
> + #endif
> + 
> +-#if OPENSSL_VERSION_NUMBER >= 0x10101000
> ++#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
> + /* OpenSSL 1.1.1 has STORE. */
> + #define HAVE_OPENSSL111
> + #include <openssl/store.h>
> +@@ -795,7 +795,7 @@ int ne__negotiate_ssl(ne_session *sess)
> +         const SSL_CIPHER *ciph = SSL_get_current_cipher(ssl);
> + 
> +         sess->status.hs.protocol = ne_sock_getproto(sess->socket);
> +-        sess->status.hs.ciphersuite = SSL_CIPHER_standard_name(ciph);
> ++        sess->status.hs.ciphersuite = SSL_CIPHER_get_name(ciph);
> +         sess->notify_cb(sess->notify_ud, ne_status_handshake, &sess->status);
> +     }
> + 
> +@@ -1358,6 +1358,8 @@ char *ne_vstrhash(unsigned int flags, va_list ap)
> +     unsigned char v[EVP_MAX_MD_SIZE];
> +     unsigned int vlen;
> +     const char *arg;
> ++
> ++    if (!md) return NULL;
> + 
> +     ctx = EVP_MD_CTX_new();
> +     if (!ctx) return NULL;
> Index: patches/patch-test_ssl_c
> ===================================================================
> RCS file: patches/patch-test_ssl_c
> diff -N patches/patch-test_ssl_c
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-test_ssl_c	24 Oct 2025 15:10:46 -0000
> @@ -0,0 +1,13 @@
> +Disable test depending on <openssl/store.h>
> +
> +Index: test/ssl.c
> +--- test/ssl.c.orig
> ++++ test/ssl.c
> +@@ -2093,7 +2093,6 @@ ne_test tests[] = {
> +     T_XFAIL(pkcs11_dsa), /* unclear why this fails currently. */
> + #endif
> +     T(notifier),
> +-    T(clicert_uri),
> + 
> +     T(NULL) 
> + };
> Index: patches/patch-test_utils_c
> ===================================================================
> RCS file: /cvs/ports/net/neon/patches/patch-test_utils_c,v
> diff -u -p -r1.1 patch-test_utils_c
> --- patches/patch-test_utils_c	17 Jul 2025 15:53:18 -0000	1.1
> +++ patches/patch-test_utils_c	24 Oct 2025 14:12:24 -0000
> @@ -8,4 +8,4 @@ Index: test/utils.c
>  +#include <sys/socket.h>
>   
>   #include "ne_session.h"
> - 
> + #include "ne_string.h"
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/net/neon/pkg/PLIST,v
> diff -u -p -r1.18 PLIST
> --- pkg/PLIST	17 Jul 2025 15:53:18 -0000	1.18
> +++ pkg/PLIST	24 Oct 2025 14:15:25 -0000
> @@ -30,6 +30,7 @@ lib/libneon.la
>  lib/pkgconfig/neon.pc
>  @man man/man1/neon-config.1
>  @man man/man3/ne_add_request_header.3
> +@man man/man3/ne_addr_canonical.3
>  @man man/man3/ne_addr_destroy.3
>  @man man/man3/ne_addr_error.3
>  @man man/man3/ne_addr_first.3
> @@ -55,6 +56,7 @@ lib/pkgconfig/neon.pc
>  @man man/man3/ne_get_request_target.3
>  @man man/man3/ne_get_response_header.3
>  @man man/man3/ne_get_response_location.3
> +@man man/man3/ne_get_response_retry_after.3
>  @man man/man3/ne_get_scheme.3
>  @man man/man3/ne_get_server_hostport.3
>  @man man/man3/ne_get_session_flag.3
> @@ -113,6 +115,8 @@ lib/pkgconfig/neon.pc
>  @man man/man3/ne_ssl_clicert_decrypt.3
>  @man man/man3/ne_ssl_clicert_encrypted.3
>  @man man/man3/ne_ssl_clicert_free.3
> +@man man/man3/ne_ssl_clicert_fromuri.3
> +@man man/man3/ne_ssl_clicert_import.3
>  @man man/man3/ne_ssl_clicert_name.3
>  @man man/man3/ne_ssl_clicert_owner.3
>  @man man/man3/ne_ssl_clicert_read.3
> 

-- 
Antoine