3 files changed, 85 insertions, 2 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index f90c57d53f..bc46332da3 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.26 2016/11/02 15:18:42 beck Exp $
+#       $OpenBSD: Makefile,v 1.27 2016/11/04 18:23:32 guenther Exp $
 CFLAGS+= -Wall -Werror -Wimplicit
 CFLAGS+= -DLIBRESSL_INTERNAL
@@ -10,6 +10,9 @@ DPADD=	${LIBCRYPTO} ${LIBSSL}
 LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
 LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl
+VERSION_SCRIPT= Symbols.map
+SYMBOL_LIST=    ${.CURDIR}/Symbols.list
 HDRS=   tls.h
 SRCS=   tls.c \
@@ -34,4 +37,9 @@ includes:
            eval "$$j"; \
        done;
+${VERSION_SCRIPT}: ${SYMBOL_LIST}
+        { printf '{\n\tglobal:\n'; \
+          sed '/^[._a-zA-Z]/s/$$/;/; s/^/               /' ${SYMBOL_LIST}; \
+          printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
 .include <bsd.lib.mk>
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
new file mode 100644
index 0000000000..9074d5e011
--- /dev/null
+++ b/src/lib/libtls/Symbols.list
@@ -0,0 +1,71 @@
+tls_accept_cbs
+tls_accept_fds
+tls_accept_socket
+tls_client
+tls_close
+tls_config_add_keypair_file
+tls_config_add_keypair_mem
+tls_config_clear_keys
+tls_config_error
+tls_config_free
+tls_config_insecure_noverifycert
+tls_config_insecure_noverifyname
+tls_config_insecure_noverifytime
+tls_config_new
+tls_config_ocsp_require_stapling
+tls_config_parse_protocols
+tls_config_prefer_ciphers_client
+tls_config_prefer_ciphers_server
+tls_config_set_alpn
+tls_config_set_ca_file
+tls_config_set_ca_mem
+tls_config_set_ca_path
+tls_config_set_cert_file
+tls_config_set_cert_mem
+tls_config_set_ciphers
+tls_config_set_dheparams
+tls_config_set_ecdhecurve
+tls_config_set_key_file
+tls_config_set_key_mem
+tls_config_set_keypair_file
+tls_config_set_keypair_mem
+tls_config_set_protocols
+tls_config_set_verify_depth
+tls_config_verify
+tls_config_verify_client
+tls_config_verify_client_optional
+tls_configure
+tls_conn_alpn_selected
+tls_conn_cipher
+tls_conn_servername
+tls_conn_version
+tls_connect
+tls_connect_cbs
+tls_connect_fds
+tls_connect_servername
+tls_connect_socket
+tls_error
+tls_free
+tls_handshake
+tls_init
+tls_load_file
+tls_ocsp_process_response
+tls_peer_cert_contains_name
+tls_peer_cert_hash
+tls_peer_cert_issuer
+tls_peer_cert_notafter
+tls_peer_cert_notbefore
+tls_peer_cert_provided
+tls_peer_cert_subject
+tls_peer_ocsp_cert_status
+tls_peer_ocsp_crl_reason
+tls_peer_ocsp_next_update
+tls_peer_ocsp_response_status
+tls_peer_ocsp_result
+tls_peer_ocsp_revocation_time
+tls_peer_ocsp_this_update
+tls_peer_ocsp_url
+tls_read
+tls_reset
+tls_server
+tls_write
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 7b07c96c86..4fe4ee7811 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.47 2016/11/04 18:07:24 beck Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -24,6 +24,8 @@
 #include <openssl/ssl.h>
+__BEGIN_HIDDEN_DECLS
 #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
 #define TLS_CIPHERS_DEFAULT     "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
@@ -209,4 +211,6 @@ int tls_ocsp_verify_cb(SSL *ssl, void *arg);
 void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx);
 struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx);
+__END_HIDDEN_DECLS
 #endif /* HEADER_TLS_INTERNAL_H */

diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile index f90c57d53f..bc46332da3 100644 --- a/src/lib/libtls/Makefile +++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.26 2016/11/02 15:18:42 beck Exp $	1	# $OpenBSD: Makefile,v 1.27 2016/11/04 18:23:32 guenther Exp $
2		2
3	CFLAGS+= -Wall -Werror -Wimplicit	3	CFLAGS+= -Wall -Werror -Wimplicit
4	CFLAGS+= -DLIBRESSL_INTERNAL	4	CFLAGS+= -DLIBRESSL_INTERNAL
@@ -10,6 +10,9 @@ DPADD= ${LIBCRYPTO} ${LIBSSL}
10	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto	10	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
11	LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl	11	LDADD+= -L${BSDOBJDIR}/lib/libssl -lssl
12		12
		13	VERSION_SCRIPT= Symbols.map
		14	SYMBOL_LIST= ${.CURDIR}/Symbols.list
		15
13	HDRS= tls.h	16	HDRS= tls.h
14		17
15	SRCS= tls.c \	18	SRCS= tls.c \
@@ -34,4 +37,9 @@ includes:
34	eval "$$j"; \	37	eval "$$j"; \
35	done;	38	done;
36		39
		40	${VERSION_SCRIPT}: ${SYMBOL_LIST}
		41	{ printf '{\n\tglobal:\n'; \
		42	sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
		43	printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
		44
37	.include <bsd.lib.mk>	45	.include <bsd.lib.mk>


diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list new file mode 100644 index 0000000000..9074d5e011 --- /dev/null +++ b/src/lib/libtls/Symbols.list
@@ -0,0 +1,71 @@
		1	tls_accept_cbs
		2	tls_accept_fds
		3	tls_accept_socket
		4	tls_client
		5	tls_close
		6	tls_config_add_keypair_file
		7	tls_config_add_keypair_mem
		8	tls_config_clear_keys
		9	tls_config_error
		10	tls_config_free
		11	tls_config_insecure_noverifycert
		12	tls_config_insecure_noverifyname
		13	tls_config_insecure_noverifytime
		14	tls_config_new
		15	tls_config_ocsp_require_stapling
		16	tls_config_parse_protocols
		17	tls_config_prefer_ciphers_client
		18	tls_config_prefer_ciphers_server
		19	tls_config_set_alpn
		20	tls_config_set_ca_file
		21	tls_config_set_ca_mem
		22	tls_config_set_ca_path
		23	tls_config_set_cert_file
		24	tls_config_set_cert_mem
		25	tls_config_set_ciphers
		26	tls_config_set_dheparams
		27	tls_config_set_ecdhecurve
		28	tls_config_set_key_file
		29	tls_config_set_key_mem
		30	tls_config_set_keypair_file
		31	tls_config_set_keypair_mem
		32	tls_config_set_protocols
		33	tls_config_set_verify_depth
		34	tls_config_verify
		35	tls_config_verify_client
		36	tls_config_verify_client_optional
		37	tls_configure
		38	tls_conn_alpn_selected
		39	tls_conn_cipher
		40	tls_conn_servername
		41	tls_conn_version
		42	tls_connect
		43	tls_connect_cbs
		44	tls_connect_fds
		45	tls_connect_servername
		46	tls_connect_socket
		47	tls_error
		48	tls_free
		49	tls_handshake
		50	tls_init
		51	tls_load_file
		52	tls_ocsp_process_response
		53	tls_peer_cert_contains_name
		54	tls_peer_cert_hash
		55	tls_peer_cert_issuer
		56	tls_peer_cert_notafter
		57	tls_peer_cert_notbefore
		58	tls_peer_cert_provided
		59	tls_peer_cert_subject
		60	tls_peer_ocsp_cert_status
		61	tls_peer_ocsp_crl_reason
		62	tls_peer_ocsp_next_update
		63	tls_peer_ocsp_response_status
		64	tls_peer_ocsp_result
		65	tls_peer_ocsp_revocation_time
		66	tls_peer_ocsp_this_update
		67	tls_peer_ocsp_url
		68	tls_read
		69	tls_reset
		70	tls_server
		71	tls_write


diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 7b07c96c86..4fe4ee7811 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_internal.h,v 1.47 2016/11/04 18:07:24 beck Exp $ */	1	/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>	3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -24,6 +24,8 @@
24		24
25	#include <openssl/ssl.h>	25	#include <openssl/ssl.h>
26		26
		27	__BEGIN_HIDDEN_DECLS
		28
27	#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"	29	#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
28		30
29	#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"	31	#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
@@ -209,4 +211,6 @@ int tls_ocsp_verify_cb(SSL ssl, void arg);
209	void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx);	211	void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx);
210	struct tls_ocsp_ctx tls_ocsp_setup_from_peer(struct tls ctx);	212	struct tls_ocsp_ctx tls_ocsp_setup_from_peer(struct tls ctx);
211		213
		214	__END_HIDDEN_DECLS
		215
212	#endif /* HEADER_TLS_INTERNAL_H */	216	#endif /* HEADER_TLS_INTERNAL_H */