net-misc/openvpn: fix bug 608244

Package-Manager: Portage-2.3.3, Repoman-2.3.1

2 files changed, 22 insertions, 0 deletions

diff --git a/net-misc/openvpn/files/openvpn-2.4.0-fix-libressl.patch b/net-misc/openvpn/files/openvpn-2.4.0-fix-libressl.patch
new file mode 100644
index 000000000000..4c3aca5d5a92
--- /dev/null
+++ b/net-misc/openvpn/files/openvpn-2.4.0-fix-libressl.patch
@@ -0,0 +1,21 @@
+diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
+index 8266595..a889332 100644
+--- a/src/openvpn/ssl_openssl.c
++++ b/src/openvpn/ssl_openssl.c
+@@ -508,10 +508,13 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
+         const EC_GROUP *ecgrp = NULL;
+         EVP_PKEY *pkey = NULL;
+
+-        /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
+-        SSL ssl;
+-        ssl.cert = ctx->ctx->cert;
+-        pkey = SSL_get_privatekey(&ssl);
++        SSL *ssl = SSL_new(ctx->ctx);
++        if (!ssl)
++        {
++            crypto_msg(M_FATAL, "SSL_new failed");
++        }
++        pkey = SSL_get_privatekey(ssl);
++        SSL_free(ssl);
+
+         msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
diff --git a/net-misc/openvpn/openvpn-2.4.0-r1.ebuild b/net-misc/openvpn/openvpn-2.4.0-r1.ebuild
index 1b64d5b698a4..bd85309308cc 100644
--- a/net-misc/openvpn/openvpn-2.4.0-r1.ebuild
+++ b/net-misc/openvpn/openvpn-2.4.0-r1.ebuild
@@ -52,6 +52,7 @@ CONFIG_CHECK="~TUN"
 
 PATCHES=(
 	"${FILESDIR}/${PN}-external-cmocka.patch"
+	"${FILESDIR}/${PN}-2.4.0-fix-libressl.patch"
 )
 
 pkg_setup()  {