- Fix build with newer openssl (>= 0.9.8b)

- Fix build after FAST_IPSEC removal on 7.x and 8.x

PR:		ports/111430
Submitted by:	Dan Lukes <dan at obluda.cz>

3 files changed, 57 insertions, 6 deletions

diff --git a/security/isakmpd/Makefile b/security/isakmpd/Makefile
index f891c86d63f6..d0a22b5f5c83 100644
--- a/security/isakmpd/Makefile
+++ b/security/isakmpd/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	isakmpd
 PORTVERSION=	20041207
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security net
 MASTER_SITES=	${MASTER_SITE_LOCAL}
 MASTER_SITE_SUBDIR=	simon
@@ -16,7 +16,7 @@ MAINTAINER=	ports@FreeBSD.org
 COMMENT=	OpenBSD IKE daemon
 
 # this is not compatible with cross build - there's no other way
-.if !exists(/usr/include/netinet6/ipsec.h)
+.if !exists(/usr/include/netipsec/ipsec.h) && !exists(/usr/include/netinet6/ipsec.h)
 BROKEN=		requires IPsec support
 .endif
 
@@ -35,17 +35,17 @@ MANCOMPRESSED=	yes
 
 .include <bsd.port.pre.mk>
 
-.if ${OSVERSION} >= 700019
-BROKEN=		is not buildable with OpenSSL 0.9.8b
-.else
 OPENSSLINC?=	/usr/include
 OPENSSLLIB?=	/usr/lib
 MAKE_ENV+=	OPENSSLINC="${OPENSSLINC}" OPENSSLLIB="${OPENSSLLIB}"
-.endif
 
 post-patch:
 .for f in conf.h ike_auth.c isakmpd.8 isakmpd.conf.5 isakmpd.policy.5 policy.h
 	${REINPLACE_CMD} -e "s!/etc/!${PREFIX}/etc/!" ${WRKSRC}/${f}
 .endfor
+.if ${OSVERSION} > 700050
+	@${REINPLACE_CMD} -e "s!netinet6/ipsec.h!netipsec/ipsec.h!" \
+		${WRKSRC}/sysdep/freebsd/sysdep-os.h
+.endif
 
 .include <bsd.port.post.mk>
diff --git a/security/isakmpd/files/patch-pf_key_v2.c b/security/isakmpd/files/patch-pf_key_v2.c
new file mode 100644
index 000000000000..605175707e31
--- /dev/null
+++ b/security/isakmpd/files/patch-pf_key_v2.c
@@ -0,0 +1,34 @@
+--- pf_key_v2.c.orig	2004-12-08 04:07:00.000000000 +0800
++++ pf_key_v2.c	2008-04-13 21:00:05.000000000 +0800
+@@ -2204,13 +2204,13 @@
+ 		goto cleanup;
+ 	addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
+ 	addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
+-#ifdef LINUX_IPSEC
++#if defined(LINUX_IPSEC) || defined (__FreeBSD__) 
+ 	addr->sadb_address_proto = tproto;
+ #else
+ 	addr->sadb_address_proto = IPSEC_ULPROTO_ANY;
+ #endif
+ 	addr->sadb_address_reserved = 0;
+-#ifdef LINUX_IPSEC
++#if defined(LINUX_IPSEC) || defined (__FreeBSD__) 
+ 	pf_key_v2_setup_sockaddr(addr + 1, laddr, 0, sport, 0);
+ #else
+ 	pf_key_v2_setup_sockaddr(addr + 1, laddr, 0, IPSEC_PORT_ANY, 0);
+@@ -2238,13 +2238,13 @@
+ 		goto cleanup;
+ 	addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
+ 	addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
+-#ifdef LINUX_IPSEC
++#if defined(LINUX_IPSEC) || defined (__FreeBSD__) 
+ 	addr->sadb_address_proto = tproto;
+ #else
+ 	addr->sadb_address_proto = IPSEC_ULPROTO_ANY;
+ #endif
+ 	addr->sadb_address_reserved = 0;
+-#ifdef LINUX_IPSEC
++#if defined(LINUX_IPSEC) || defined (__FreeBSD__) 
+ 	pf_key_v2_setup_sockaddr(addr + 1, raddr, 0, dport, 0);
+ #else
+ 	pf_key_v2_setup_sockaddr(addr + 1, raddr, 0, IPSEC_PORT_ANY, 0);
diff --git a/security/isakmpd/files/patch-x509.c b/security/isakmpd/files/patch-x509.c
new file mode 100644
index 000000000000..8e1837d394b2
--- /dev/null
+++ b/security/isakmpd/files/patch-x509.c
@@ -0,0 +1,17 @@
+--- x509.c.orig	2004-08-11 03:21:01.000000000 +0800
++++ x509.c	2008-04-13 21:00:05.000000000 +0800
+@@ -910,7 +910,13 @@
+ 	X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ 	/* XXX See comment in x509_read_crls_from_dir.  */
+-	if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) {
++	if (
++#if OPENSSL_VERSION_NUMBER >= 0x00908020L
++	    x509_cas->param->flags
++#else
++	    x509_cas->flags
++#endif
++	                    & X509_V_FLAG_CRL_CHECK) {
+ 		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
+ 		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
+ 	}