Upgrade to 1.7.12. It bothers me, that the port can not be

linked with the base OpenSSL, if some other implementation
is merely installed, but that seems like a common problem...

PR:		216174
Submitted by:	gahr
Sponsored by:	Unemployment Insurance

devel/tcltls/Makefile

@@ -2,11 +2,10 @@
 # $FreeBSD$
 
 PORTNAME=	tcltls
-PORTVERSION=	1.6.7
-PORTREVISION=	1
-CATEGORIES=	devel tcl
-MASTER_SITES=	SF/tls/tls/${PORTVERSION}
-DISTNAME=	tls${PORTVERSION}-src
+PORTVERSION=	1.7.12
+CATEGORIES=	devel security tcl
+MASTER_SITES=	http://core.tcl.tk/tcltls/uv/ \
+		http://tcltls.rkeene.org/uv/
 
 MAINTAINER=	mi@aldan.algebra.com
 COMMENT=	SSL extensions for TCL; dynamicly loadable
@@ -19,29 +18,22 @@ LICENSE_PERMS=	dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
 OPTIONS_DEFINE=	DOCS
 
 USES+=		tcl:tea ssl
-CONFIGURE_ARGS+=--with-ssl-dir=${OPENSSLBASE}
+CONFIGURE_ARGS+=--with-ssl-dir=${OPENSSLBASE}	\
+		--disable-rpath
 
-WRKSRC=		${WRKDIR}/${TCL_PKG}
-PLIST_FILES=	lib/${TCL_PKG}/libtls.so.1 \
-		lib/${TCL_PKG}/pkgIndex.tcl \
-		lib/${TCL_PKG}/tls.tcl
+PLIST_FILES=	lib/${TCL_PKG}/tcltls.so \
+		lib/${TCL_PKG}/pkgIndex.tcl
 PORTDOCS=	*
-INSTALL_TARGET=	install-binaries install-doc
+MAKE_ARGS+=	"PACKAGE_INSTALL_DIR=${PREFIX}/lib/${TCL_PKG}"
+TEST_TARGET=	test
+MAKE_ENV+=	PATH=${OPENSSLBASE}/bin:${PATH}
+CONFIGURE_ENV+=	PATH=${OPENSSLBASE}/bin:${PATH}
 
 post-patch:
-	${REINPLACE_CMD} -e \
-		's,package require tls.*,load ${WRKSRC}/libtls.so.1;\
-			source ${WRKSRC}/tls.tcl,' \
-		${WRKSRC}/tests/*.test
-	# The tests in ciphers.test are meaningless so far:
 	${MV} ${WRKSRC}/tests/ciphers.test ${WRKSRC}/tests/ciphers.test.broken
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/tls.htm ${STAGEDIR}${DOCSDIR}
 
-xregression-test test check: build
-	cd ${WRKSRC}/tests && ${SETENV} TCL_LIBRARY="${WRKSRC}" \
-		tclsh${TCL_VER} all.tcl
-
 .include <bsd.port.mk>

devel/tcltls/distinfo

@@ -1,2 +1,3 @@
-SHA256 (tls1.6.7-src.tar.gz) = 5119de3e5470359b97a8a00d861c9c48433571ee0167af0a952de66c99d3a3b8
-SIZE (tls1.6.7-src.tar.gz) = 173654
+TIMESTAMP = 1494970441
+SHA256 (tcltls-1.7.12.tar.gz) = 0e09e8e1cb3dcb3d419079fe40c521b7283d5e822dc914ffd1e4ff600b895caa
+SIZE (tcltls-1.7.12.tar.gz) = 162259

devel/tcltls/files/patch-gen_dh_params

@@ -0,0 +1,27 @@
+--- gen_dh_params	2017-05-01 10:45:59.000000000 -0400
++++ gen_dh_params	2017-05-16 18:19:20.703957000 -0400
+@@ -12,11 +12,8 @@
+ 
+ openssl_dhparam() {
+-	if [ -x "`which openssl 2>/dev/null`" ]; then
+-		o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1
+-		o_output="`echo "${o_output}" | sed 's/get_dh[0-9]\+/get_dhParams/'`" || return 1
+-		o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1
+-
+-		echo "${o_output}"
+-
++	if openssl dhparam -C "$@" | sed	\
++	    -e 's/^DH \*get_dh[0-9]*/static DH *get_dhParams/'	\
++	    -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'
++	then
+ 		return 0
+ 	fi
+@@ -273,6 +270,6 @@
+ echo "*****************************" >&2
+ gen_dh_params_openssl && exit 0
+-gen_dh_params_remote && exit 0
+-gen_dh_params_fallback && exit 0
++# gen_dh_params_remote && exit 0
++# gen_dh_params_fallback && exit 0
+ 
+ echo "Unable to generate parameters for DH of ${bits} bits" >&2

devel/tcltls/files/patch-protocols

@@ -1,106 +0,0 @@
---- tls.c	2014-12-08 14:10:28.000000000 -0500
-+++ tls.c	2015-03-25 19:37:53.000000000 -0400
-@@ -538,5 +538,5 @@
-     case TLS_SSL2:
- #if defined(NO_SSL2)
--		Tcl_AppendResult(interp, "protocol not supported", NULL);
-+		Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
- 		return TCL_ERROR;
- #else
-@@ -545,5 +545,5 @@
-     case TLS_SSL3:
- #if defined(NO_SSL3)
--		Tcl_AppendResult(interp, "protocol not supported", NULL);
-+		Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
- 		return TCL_ERROR;
- #else
-@@ -552,5 +552,5 @@
-     case TLS_TLS1:
- #if defined(NO_TLS1)
--		Tcl_AppendResult(interp, "protocol not supported", NULL);
-+		Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
- 		return TCL_ERROR;
- #else
-@@ -559,5 +559,5 @@
-     case TLS_TLS1_1:
- #if defined(NO_TLS1_1)
--		Tcl_AppendResult(interp, "protocol not supported", NULL);
-+		Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
- 		return TCL_ERROR;
- #else
-@@ -566,5 +566,5 @@
-     case TLS_TLS1_2:
- #if defined(NO_TLS1_2)
--		Tcl_AppendResult(interp, "protocol not supported", NULL);
-+		Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
- 		return TCL_ERROR;
- #else
-@@ -575,10 +575,10 @@
-     }
-     if (ctx == NULL) {
--	Tcl_AppendResult(interp, REASON(), (char *) NULL);
-+	Tcl_AppendResult(interp, REASON(), NULL);
- 	return TCL_ERROR;
-     }
-     ssl = SSL_new(ctx);
-     if (ssl == NULL) {
--	Tcl_AppendResult(interp, REASON(), (char *) NULL);
-+	Tcl_AppendResult(interp, REASON(), NULL);
- 	SSL_CTX_free(ctx);
- 	return TCL_ERROR;
-@@ -747,6 +747,18 @@
- #endif
-     int tls1 = 1;
--    int tls1_1 = 1;
--    int tls1_2 = 1;
-+    int tls1_1 =
-+#if defined(NO_TLS1_1)
-+    0
-+#else
-+    1
-+#endif
-+    ;
-+    int tls1_2 =
-+#if defined(NO_TLS1_2)
-+    0
-+#else
-+    1
-+#endif
-+    ;
-     int proto = 0;
-     int verify = 0, require = 0, request = 1;
-@@ -1050,5 +1050,5 @@
- #if defined(NO_SSL2)
-     if (ENABLED(proto, TLS_PROTO_SSL2)) {
--	Tcl_AppendResult(interp, "protocol not supported", NULL);
-+	Tcl_AppendResult(interp, "protocol SSL2 not supported", NULL);
- 	return (SSL_CTX *)0;
-     }
-@@ -1056,5 +1056,5 @@
- #if defined(NO_SSL3)
-     if (ENABLED(proto, TLS_PROTO_SSL3)) {
--	Tcl_AppendResult(interp, "protocol not supported", NULL);
-+	Tcl_AppendResult(interp, "protocol SSL3 not supported", NULL);
- 	return (SSL_CTX *)0;
-     }
-@@ -1062,5 +1062,5 @@
- #if defined(NO_TLS1)
-     if (ENABLED(proto, TLS_PROTO_TLS1)) {
--	Tcl_AppendResult(interp, "protocol not supported", NULL);
-+	Tcl_AppendResult(interp, "protocol TLS1 not supported", NULL);
- 	return (SSL_CTX *)0;
-     }
-@@ -1068,5 +1068,5 @@
- #if defined(NO_TLS1_1)
-     if (ENABLED(proto, TLS_PROTO_TLS1_1)) {
--	Tcl_AppendResult(interp, "protocol not supported", NULL);
-+	Tcl_AppendResult(interp, "protocol TLS1.1 not supported", NULL);
- 	return (SSL_CTX *)0;
-     }
-@@ -1074,5 +1074,5 @@
- #if defined(NO_TLS1_2)
-     if (ENABLED(proto, TLS_PROTO_TLS1_2)) {
--	Tcl_AppendResult(interp, "protocol not supported", NULL);
-+	Tcl_AppendResult(interp, "protocol TLS1.2 not supported", NULL);
- 	return (SSL_CTX *)0;
-     }

devel/tcltls/files/patch-warnings

@@ -1,268 +0,0 @@
---- tlsBIO.c	Tue Feb  3 23:02:19 2004
-+++ tlsBIO.c	Mon Jun 20 10:18:45 2005
-@@ -30,4 +30,5 @@
-     BioNew,
-     BioFree,
-+    NULL
- };
- 
-@@ -62,6 +63,6 @@
-     int ret;
- 
--    dprintf(stderr,"\nBioWrite(0x%x, <buf>, %d) [0x%x]",
--	    (unsigned int) bio, bufLen, (unsigned int) chan);
-+    dprintf(stderr,"\nBioWrite(%p, <buf>, %d) [%p]",
-+	    (void *)bio, bufLen, (void *)chan);
- 
-     if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
-@@ -71,6 +72,6 @@
-     }
- 
--    dprintf(stderr,"\n[0x%x] BioWrite(%d) -> %d [%d.%d]",
--	    (unsigned int) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
-+    dprintf(stderr,"\n[%p] BioWrite(%d) -> %d [%d.%d]",
-+	    (void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
- 
-     BIO_clear_flags(bio, BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
-@@ -97,6 +98,6 @@
-     int ret = 0;
- 
--    dprintf(stderr,"\nBioRead(0x%x, <buf>, %d) [0x%x]",
--	    (unsigned int) bio, bufLen, (unsigned int) chan);
-+    dprintf(stderr,"\nBioRead(%p, <buf>, %d) [%p]",
-+	    (void *)bio, bufLen, (void *)chan);
- 
-     if (buf == NULL) return 0;
-@@ -108,6 +109,6 @@
-     }
- 
--    dprintf(stderr,"\n[0x%x] BioRead(%d) -> %d [%d.%d]",
--	    (unsigned int) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
-+    dprintf(stderr,"\n[%p] BioRead(%d) -> %d [%d.%d]",
-+	    (void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
- 
-     BIO_clear_flags(bio, BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-@@ -144,7 +145,6 @@
-     int *ip;
- 
--    dprintf(stderr,"\nBioCtrl(0x%x, 0x%x, 0x%x, 0x%x)",
--	    (unsigned int) bio, (unsigned int) cmd, (unsigned int) num,
--	    (unsigned int) ptr);
-+    dprintf(stderr,"\nBioCtrl(%p, 0x%x, 0x%lx, %p)",
-+	    (void *)bio, cmd, num, ptr);
- 
-     switch (cmd) {
---- tlsIO.c	2015-06-06 09:07:08 UTC
-+++ tlsIO.c	2015-09-22 20:41:37 UTC
-@@ -287,5 +287,5 @@
-     State *statePtr = (State *) instanceData;
- 
--    dprintf(stderr,"\nTlsCloseProc(0x%x)", (unsigned int) statePtr);
-+    dprintf(stderr,"\nTlsCloseProc(%p)", instanceData);
- 
-     if (channelTypeVersion == TLS_CHANNEL_VERSION_1) {
-@@ -424,5 +424,5 @@
-     *errorCodePtr = 0;
- 
--    dprintf(stderr,"\nBIO_write(0x%x, %d)", (unsigned int) statePtr, toWrite);
-+    dprintf(stderr,"\nBIO_write(%p, %d)", instanceData, toWrite);
- 
-     if (statePtr->flags & TLS_TCL_CALLBACK) {
-@@ -444,5 +444,5 @@
-     if (toWrite == 0) {
- 	dprintf(stderr, "zero-write\n");
--	BIO_flush(statePtr->bio);
-+	(void)BIO_flush(statePtr->bio);
- 	written = 0;
- 	goto output;
-@@ -461,6 +461,6 @@
- 	ERR_clear_error();
- 	written = BIO_write(statePtr->bio, buf, toWrite);
--	dprintf(stderr,"\nBIO_write(0x%x, %d) -> [%d]",
--		(unsigned int) statePtr, toWrite, written);
-+	dprintf(stderr,"\nBIO_write(%p, %d) -> [%d]",
-+		instanceData, toWrite, written);
-     }
-     if (written <= 0) {
-@@ -543,5 +543,5 @@
- 	    return (*getOptionProc)(Tcl_GetChannelInstanceData(downChan),
- 		    interp, optionName, dsPtr);
--	} else if (optionName == (char*) NULL) {
-+	} else if (optionName == NULL) {
- 	    /*
- 	     * Request is query for all options, this is ok.
-@@ -554,10 +554,10 @@
- 	return TCL_ERROR;
-     } else {
-+#if 0
- 	size_t len = 0;
- 
--	if (optionName != (char *) NULL) {
-+	if (optionName != NULL) {
- 	    len = strlen(optionName);
- 	}
--#if 0
- 	if ((len == 0) || ((len > 1) && (optionName[1] == 'c') &&
- 		(strncmp(optionName, "-cipher", len) == 0))) {
-@@ -888,5 +888,5 @@
-     int err;
- 
--    dprintf(stderr,"\nWaitForConnect(0x%x)", (unsigned int) statePtr);
-+    dprintf(stderr,"\nWaitForConnect(%p)", (void *)statePtr);
- 
-     if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
-@@ -913,5 +913,5 @@
- 	/*SSL_write(statePtr->ssl, (char*)&err, 0);	HACK!!! */
- 	if (err > 0) {
--	    BIO_flush(statePtr->bio);
-+	    (void)BIO_flush(statePtr->bio);
- 	}
- 
---- tls.c	2015-07-07 17:16:02 UTC
-+++ tls.c	2015-09-22 20:18:04 UTC
-@@ -64,7 +64,7 @@
- 			Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]));
- 
--static SSL_CTX *CTX_Init _ANSI_ARGS_((State *statePtr, int proto, char *key,
--			char *cert, char *CAdir, char *CAfile, char *ciphers,
--			char *DHparams));
-+static SSL_CTX *CTX_Init _ANSI_ARGS_((State *statePtr, int proto, const char *key,
-+			const char *cert, const char *CAdir, const char *CAfile,
-+			const char *ciphers, const char *DHparams));
- 
- static int	TlsLibInit _ANSI_ARGS_ (()) ;
-@@ -309,5 +309,5 @@
- {
-     Tcl_Obj *cmdPtr, *result;
--    char *errStr, *string;
-+    const char *errStr;
-     int length;
-     SSL   *ssl		= (SSL*)X509_STORE_CTX_get_app_data(ctx);
-@@ -320,7 +320,7 @@
- 
-     if (!ok) {
--	errStr = (char*)X509_verify_cert_error_string(err);
-+	errStr = X509_verify_cert_error_string(err);
-     } else {
--	errStr = (char *)0;
-+	errStr = NULL;
-     }
- 
-@@ -350,5 +350,5 @@
- 
-     Tcl_ListObjAppendElement( statePtr->interp, cmdPtr,
--	    Tcl_NewStringObj( errStr ? errStr : "", -1) );
-+	    Tcl_NewStringObj( errStr != NULL ? errStr : "", -1) );
- 
-     Tcl_Preserve( (ClientData) statePtr->interp);
-@@ -364,5 +364,5 @@
-     } else {
- 	result = Tcl_GetObjResult(statePtr->interp);
--	string = Tcl_GetStringFromObj(result, &length);
-+	Tcl_GetStringFromObj(result, &length); /* We only need the length */
- 	/* An empty result leaves verification unchanged.	*/
- 	if (length > 0) {
-@@ -532,5 +532,5 @@
-     };
-     enum protocol {
--	TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_NONE
-+	TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2
-     };
-     Tcl_Obj *objPtr;
-@@ -745,13 +745,13 @@
-     int flags		= TLS_TCL_INIT;
-     int server		= 0;	/* is connection incoming or outgoing? */
--    char *key		= NULL;
--    char *cert		= NULL;
--    char *ciphers	= NULL;
--    char *CAfile	= NULL;
--    char *CAdir		= NULL;
--    char *DHparams	= NULL;
--    char *model		= NULL;
-+    const char *key		= NULL;
-+    const char *cert		= NULL;
-+    const char *ciphers	= NULL;
-+    const char *CAfile	= NULL;
-+    const char *CAdir		= NULL;
-+    const char *DHparams	= NULL;
-+    const char *model		= NULL;
- #ifndef OPENSSL_NO_TLSEXT
--    char *servername	= NULL;	/* hostname for Server Name Indication */
-+    const char *servername	= NULL;	/* hostname for Server Name Indication */
- #endif
- #if defined(NO_SSL2)
-@@ -1050,10 +1062,10 @@
-     State *statePtr;
-     int proto;
--    char *key;
--    char *cert;
--    char *CAdir;
--    char *CAfile;
--    char *ciphers;
--    char *DHparams;
-+    const char *key;
-+    const char *cert;
-+    const char *CAdir;
-+    const char *CAfile;
-+    const char *ciphers;
-+    const char *DHparams;
- {
-     Tcl_Interp *interp = statePtr->interp;
-@@ -1422,5 +1434,5 @@
- {
-     static CONST84 char *commands [] = { "req", NULL };
--    enum command { C_REQ, C_DUMMY };
-+    enum command { C_REQ };
-     int cmd;
- 
-@@ -1526,11 +1538,11 @@
- 		name=X509_get_subject_name(cert);
- 
--		X509_NAME_add_entry_by_txt(name,"C", MBSTRING_ASC, k_C, -1, -1, 0);
--		X509_NAME_add_entry_by_txt(name,"ST", MBSTRING_ASC, k_ST, -1, -1, 0);
--		X509_NAME_add_entry_by_txt(name,"L", MBSTRING_ASC, k_L, -1, -1, 0);
--		X509_NAME_add_entry_by_txt(name,"O", MBSTRING_ASC, k_O, -1, -1, 0);
--		X509_NAME_add_entry_by_txt(name,"OU", MBSTRING_ASC, k_OU, -1, -1, 0);
--		X509_NAME_add_entry_by_txt(name,"CN", MBSTRING_ASC, k_CN, -1, -1, 0);
--		X509_NAME_add_entry_by_txt(name,"Email", MBSTRING_ASC, k_Email, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"C",     MBSTRING_ASC, (const unsigned char *)k_C, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"ST",    MBSTRING_ASC, (const unsigned char *)k_ST, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"L",     MBSTRING_ASC, (const unsigned char *)k_L, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"O",     MBSTRING_ASC, (const unsigned char *)k_O, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"OU",    MBSTRING_ASC, (const unsigned char *)k_OU, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"CN",    MBSTRING_ASC, (const unsigned char *)k_CN, -1, -1, 0);
-+		X509_NAME_add_entry_by_txt(name,"Email", MBSTRING_ASC, (const unsigned char *)k_Email, -1, -1, 0);
- 
- 		X509_set_subject_name(cert,name);
---- tlsInt.h	2014-12-08 14:10:28.000000000 -0500
-+++ tlsInt.h	2015-03-25 18:29:34.000000000 -0400
-@@ -18,5 +18,5 @@
-  *
-  */
--#ifndef _TSLINT_H
-+#ifndef _TLSINT_H
- #define _TLSINT_H
- 
---- tlsX509.c	2004-06-29 10:58:08 UTC
-+++ tlsX509.c	2015-09-22 20:49:42 UTC
-@@ -119,5 +119,5 @@
- 	n = max(n, 0);
- 	subject[n] = 0;
--	BIO_flush(bio);
-+	(void)BIO_flush(bio);
- 
- 	X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags);
-@@ -125,5 +125,5 @@
- 	n = max(n, 0);
- 	issuer[n] = 0;
--	BIO_flush(bio);
-+	(void)BIO_flush(bio);
- 
- 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
-@@ -131,5 +131,5 @@
- 	n = max(n, 0);
- 	serial[n] = 0;
--	BIO_flush(bio);
-+	(void)BIO_flush(bio);
- 
- 	BIO_free(bio);