Funny, I'm running with 4.9.0r0 since yesterday. Diff below.
My diff includes an additional diff, since coturn moves to
openssl/{decoder,param_build}.h, which isn't supported by LibreSSL. I
discussed this with tb@, and we came to the conclusion that just
reintroducing the old DH-based code is the easiest way forward.
Some comments on your diff inline. Apart from those, there's quite
a bit of moving parts. Anything relevant between your diff and mine
that I might have overlooked?
martijn@
On 3/5/26 12:31 PM, Stuart Henderson wrote:
> if anyone's using this, can you test this update/cleanup please?
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/telephony/coturn/Makefile,v
> diff -u -p -r1.20 Makefile
> --- Makefile 14 Jan 2025 15:07:27 -0000 1.20
> +++ Makefile 5 Mar 2026 11:30:24 -0000
> @@ -1,13 +1,9 @@
> COMMENT = coturn STUN/TURN server
>
> -V = 4.6.3-r0
> GH_ACCOUNT = coturn
> GH_PROJECT = coturn
> -GH_TAGNAME = docker/${V}
> -DISTNAME = turnserver-${V:S/-r/pl/}
> -
> -COMPILER = base-clang ports-gcc
> -COMPILER_LANGS = c
> +GH_TAGNAME = 4.8.0
> +PKGNAME = turnserver-${GH_TAGNAME}
Last time we chose to go with the r* versions, since they also add code
changes in there. I don't have a hard preference for one of the other,
but considering our previous choice is it worth swapping again?
>
> CATEGORIES = telephony
>
> @@ -15,27 +11,33 @@ CATEGORIES = telephony
> PERMIT_PACKAGE = Yes
>
> WANTLIB += c crypto event_core event_extra event_openssl event_pthreads
> -WANTLIB += hiredis intl mariadb pq pthread sqlite3 ssl m z
> +WANTLIB += hiredis mariadb pq pthread sqlite3 ssl
> +
> +COMPILER = base-clang ports-gcc
> +COMPILER_LANGS = c
>
> -LIB_DEPENDS = databases/mariadb \
> - databases/postgresql \
> - databases/sqlite3 \
> - devel/gettext,-runtime \
> - devel/libevent2 \
> - databases/libhiredis
> -
> -CONFIGURE_STYLE = simple
> -CONFIGURE_ARGS = --localstatedir='${LOCALSTATEDIR}'
> -# There is no port for MongoDB development libraries and/or headers
> -CONFIGURE_ENV = TURN_NO_MONGO=1 \
> - TURN_NO_PROMETHEUS=1 \
> - TURN_NO_SYSTEMD=1
> -# Don't pick up devel/pkgconf
> -CONFIGURE_ENV += PKGCONFIG="pkg-config"
> +MODULES = devel/cmake
Any particular reason to change build environment?
> +
> +LIB_DEPENDS = databases/mariadb \
> + databases/postgresql \
> + databases/sqlite3 \
> + devel/libevent2 \
> + databases/libhiredis
>
> post-install:
> - rm -rf ${PREFIX}/etc
> - mv ${WRKINST}${LOCALSTATEDIR}/db/turndb \
> + rm -rf ${PREFIX}/etc \
> + ${PREFIX}/share/examples/turnserver/ca \
> + ${PREFIX}/share/examples/turnserver/run*.sh
> + mv ${PREFIX}/share/examples/turnserver/var/db/turndb \
> ${PREFIX}/share/examples/turnserver
> + rmdir ${PREFIX}/share/examples/turnserver/var{/db,}
> + chmod +x ${PREFIX}/bin/* # huh?! not installed as executable...
> +
> +NO_TEST = Yes
> +# there are tests, but hitting "bind: Address already in use"
> +#do-test:
> +# ln -fs ${WRKBUILD} ${WRKSRC}/build
> +# cd ${WRKSRC}/examples; sh run_tests.sh
> +# cd ${WRKSRC}/examples; sh run_tests_conf.sh
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/telephony/coturn/distinfo,v
> diff -u -p -r1.6 distinfo
> --- distinfo 16 Dec 2024 13:14:51 -0000 1.6
> +++ distinfo 5 Mar 2026 11:30:24 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (turnserver-4.6.3pl0.tar.gz) =
> yIFrwM9YQT5Y6r8EDtTCHp8kHKk6cEVja1Dow0BsTrk=
> -SIZE (turnserver-4.6.3pl0.tar.gz) = 535329
> +SHA256 (coturn-4.8.0.tar.gz) = o7MCtSxUBaJZX1kDbJX8NnbmQENrpn4/Yhk37GSLHqU=
> +SIZE (coturn-4.8.0.tar.gz) = 544737
> Index: patches/patch-CMakeLists_txt
> ===================================================================
> RCS file: patches/patch-CMakeLists_txt
> diff -N patches/patch-CMakeLists_txt
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-CMakeLists_txt 5 Mar 2026 11:30:24 -0000
> @@ -0,0 +1,34 @@
> +Index: CMakeLists.txt
> +--- CMakeLists.txt.orig
> ++++ CMakeLists.txt
> +@@ -147,7 +147,7 @@ install(DIRECTORY turndb/
> + DESTINATION share/turnserver
> + COMPONENT Runtime)
> + install(DIRECTORY turndb/
> +- DESTINATION doc/turnserver
> ++ DESTINATION share/doc/turnserver
> + COMPONENT Runtime)
> + install(FILES
> + LICENSE
> +@@ -156,7 +156,7 @@ install(FILES
> + README.turnutils
> + INSTALL
> + postinstall.txt
> +- DESTINATION doc/turnserver
> ++ DESTINATION share/doc/turnserver
> + COMPONENT Runtime)
> + install(FILES examples/etc/turnserver.conf
> + DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}
> +@@ -164,9 +164,9 @@ install(FILES examples/etc/turnserver.conf
> + RENAME turnserver.conf.default
> + )
> + install(DIRECTORY
> +- examples
> +- DESTINATION share
> +- COMPONENT examples
> ++ examples/
> ++ DESTINATION share/examples/turnserver
> ++ COMPONENT turnserver
> + )
> + include(cmake/CMakeCPack.cmake)
> +
> Index: patches/patch-src_apps_common_apputils_c
> ===================================================================
> RCS file:
> /cvs/ports/telephony/coturn/patches/patch-src_apps_common_apputils_c,v
> diff -u -p -r1.1 patch-src_apps_common_apputils_c
> --- patches/patch-src_apps_common_apputils_c 16 Dec 2024 13:14:51 -0000
> 1.1
> +++ patches/patch-src_apps_common_apputils_c 5 Mar 2026 11:30:24 -0000
> @@ -1,7 +1,7 @@
> Index: src/apps/common/apputils.c
> --- src/apps/common/apputils.c.orig
> +++ src/apps/common/apputils.c
> -@@ -1179,7 +1179,7 @@ char *find_config_file(const char *config_file) {
> +@@ -1190,7 +1190,7 @@ char *find_config_file(const char *config_file) {
> /////////////////// SYS SETTINGS ///////////////////////
>
> void ignore_sigpipe(void) {
> Index: patches/patch-src_apps_relay_CMakeLists_txt
> ===================================================================
> RCS file: patches/patch-src_apps_relay_CMakeLists_txt
> diff -N patches/patch-src_apps_relay_CMakeLists_txt
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_apps_relay_CMakeLists_txt 5 Mar 2026 11:30:24
> -0000
> @@ -0,0 +1,19 @@
> +Index: src/apps/relay/CMakeLists.txt
> +--- src/apps/relay/CMakeLists.txt.orig
> ++++ src/apps/relay/CMakeLists.txt
> +@@ -188,12 +188,8 @@ if(WIN32)
> + DESTINATION "${CMAKE_INSTALL_BINDIR}"
> + COMPONENT Runtime)
> + else()
> +- add_custom_target(turnadmin ALL
> +- COMMAND
> +- ${CMAKE_COMMAND} -E create_symlink
> $<TARGET_FILE:${PROJECT_NAME}> $<TARGET_FILE_DIR:${PROJECT_NAME}>/turnadmin
> +- DEPENDS ${PROJECT_NAME})
> +- INSTALL(FILES $<TARGET_FILE_DIR:${PROJECT_NAME}>/turnadmin
> +- DESTINATION "${CMAKE_INSTALL_BINDIR}"
> ++ INSTALL(CODE "execute_process(COMMAND ${CMAKE_COMMAND} -E
> create_symlink ${PROJECT_NAME} turnadmin WORKING_DIRECTORY
> \$ENV{DESTDIR}/${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR})"
> + COMPONENT Runtime
> +- )
> ++ )
> + endif()
> ++
> Index: patches/patch-src_apps_relay_mainrelay_c
> ===================================================================
> RCS file:
> /cvs/ports/telephony/coturn/patches/patch-src_apps_relay_mainrelay_c,v
> diff -u -p -r1.3 patch-src_apps_relay_mainrelay_c
> --- patches/patch-src_apps_relay_mainrelay_c 16 Dec 2024 13:14:51 -0000
> 1.3
> +++ patches/patch-src_apps_relay_mainrelay_c 5 Mar 2026 11:30:24 -0000
> @@ -3,9 +3,9 @@ Don't create a default pidfile
> Index: src/apps/relay/mainrelay.c
> --- src/apps/relay/mainrelay.c.orig
> +++ src/apps/relay/mainrelay.c
> -@@ -126,7 +126,7 @@ turn_params_t turn_params = {
> +@@ -131,7 +131,7 @@ turn_params_t turn_params = {
>
> - 0, /* do_not_use_config_file */
> + false, /* do_not_use_config_file */
>
> - "/var/run/turnserver.pid", /* pidfile */
> + "", /* pidfile */
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/telephony/coturn/pkg/PLIST,v
> diff -u -p -r1.5 PLIST
> --- pkg/PLIST 8 Nov 2022 11:17:14 -0000 1.5
> +++ pkg/PLIST 5 Mar 2026 11:30:24 -0000
> @@ -1,23 +1,49 @@
> @newgroup _turnserver:795
> @newuser _turnserver:795:795::TURN Server user:/var/empty:/sbin/nologin
> @rcscript ${RCDIR}/turnserver
> -@bin bin/turnadmin
> +bin/turnadmin
> @bin bin/turnserver
> @bin bin/turnutils_natdiscovery
> @bin bin/turnutils_oauth
> @bin bin/turnutils_peer
> +@bin bin/turnutils_rfc5769check
> @bin bin/turnutils_stunclient
> @bin bin/turnutils_uclient
> include/turn/
> +include/turn/apputils.h
> include/turn/client/
> include/turn/client/TurnMsgLib.h
> +include/turn/client/ns_turn_defs.h
> include/turn/client/ns_turn_ioaddr.h
> include/turn/client/ns_turn_msg.h
> include/turn/client/ns_turn_msg_addr.h
> include/turn/client/ns_turn_msg_defs.h
> include/turn/client/ns_turn_msg_defs_experimental.h
> -include/turn/ns_turn_defs.h
> +include/turn/ns_turn_openssl.h
> +include/turn/ns_turn_utils.h
> +include/turn/server/
> +include/turn/server/ns_turn_allocation.h
> +include/turn/server/ns_turn_ioalib.h
> +include/turn/server/ns_turn_khash.h
> +include/turn/server/ns_turn_maps.h
> +include/turn/server/ns_turn_maps_rtcp.h
> +include/turn/server/ns_turn_server.h
> +include/turn/server/ns_turn_session.h
> +include/turn/stun_buffer.h
> +lib/cmake/coturn/
> +lib/cmake/coturn/coturnConfig.cmake
> +lib/cmake/coturn/turn_serverConfig${MODCMAKE_BUILD_SUFFIX}
> +lib/cmake/coturn/turn_serverConfig.cmake
> +lib/cmake/coturn/turn_serverConfigVersion.cmake
> +lib/cmake/coturn/turnclientConfig${MODCMAKE_BUILD_SUFFIX}
> +lib/cmake/coturn/turnclientConfig.cmake
> +lib/cmake/coturn/turnclientConfigVersion.cmake
> +lib/cmake/coturn/turncommonConfig${MODCMAKE_BUILD_SUFFIX}
> +lib/cmake/coturn/turncommonConfig.cmake
> +lib/cmake/coturn/turncommonConfigVersion.cmake
> +@static-lib lib/libturn_server.a
> @static-lib lib/libturnclient.a
> +@static-lib lib/libturncommon.a
> @man man/man1/coturn.1
> @man man/man1/turnadmin.1
> @man man/man1/turnserver.1
> @@ -38,7 +64,11 @@ share/doc/turnserver/schema.mongo.sh
> share/doc/turnserver/schema.sql
> share/doc/turnserver/schema.stats.redis
> share/doc/turnserver/schema.userdb.redis
> +share/doc/turnserver/testmongosetup.sh
> +share/doc/turnserver/testredisdbsetup.sh
> +share/doc/turnserver/testsqldbsetup.sql
> share/examples/turnserver/
> +share/examples/turnserver/cpu-mem.sh
> share/examples/turnserver/etc/
> share/examples/turnserver/etc/cacert.pem
> share/examples/turnserver/etc/coturn.service
> @@ -106,6 +136,7 @@ share/examples/turnserver/scripts/restap
>
> share/examples/turnserver/scripts/restapi/secure_relay_secret_with_db_sqlite.sh
> share/examples/turnserver/scripts/restapi/secure_udp_client_with_secret.sh
> share/examples/turnserver/scripts/restapi/shared_secret_maintainer.pl
> +share/examples/turnserver/scripts/rfc5769.sh
> share/examples/turnserver/scripts/selfloadbalance/
> share/examples/turnserver/scripts/selfloadbalance/secure_dos_attack.sh
> share/examples/turnserver/scripts/selfloadbalance/secure_relay.sh
>
diff refs/heads/master refs/heads/coturn/4.9.0
commit - c0ffeeec67cf93452bf5892d2b6e0e11a10066f5
commit + 43a7c459a11797dd46d7af48e6953cfbbaaced76
blob - ef0cbfbc767bf831937c3754b5589a9a6bc9ddcd
blob + 350abbba7e180e4e475f843b59c12e81fbbdc663
--- telephony/coturn/Makefile
+++ telephony/coturn/Makefile
@@ -1,6 +1,6 @@
COMMENT = coturn STUN/TURN server
-V = 4.6.3-r0
+V = 4.9.0-r0
GH_ACCOUNT = coturn
GH_PROJECT = coturn
GH_TAGNAME = docker/${V}
blob - 93d10c927ffdf908e9b712c49dfca88bf9c3ff38
blob + 44836b10d7f817a45d69ff290db566b46bab7a09
--- telephony/coturn/distinfo
+++ telephony/coturn/distinfo
@@ -1,2 +1,2 @@
-SHA256 (turnserver-4.6.3pl0.tar.gz) =
yIFrwM9YQT5Y6r8EDtTCHp8kHKk6cEVja1Dow0BsTrk=
-SIZE (turnserver-4.6.3pl0.tar.gz) = 535329
+SHA256 (turnserver-4.9.0pl0.tar.gz) =
yCqvwI3ynHV2HxTNLTZHkpe7KsA3sKPrtX15uuvz1CQ=
+SIZE (turnserver-4.9.0pl0.tar.gz) = 546458
blob - bac4ba5c6b066fe048f01e0411763a742b1e8c85
blob + 887c28bbbd52c63d6eb6cbee3eebf64f5960011a
--- telephony/coturn/patches/patch-src_apps_common_apputils_c
+++ telephony/coturn/patches/patch-src_apps_common_apputils_c
@@ -1,7 +1,7 @@
Index: src/apps/common/apputils.c
--- src/apps/common/apputils.c.orig
+++ src/apps/common/apputils.c
-@@ -1179,7 +1179,7 @@ char *find_config_file(const char *config_file) {
+@@ -1190,7 +1190,7 @@ char *find_config_file(const char *config_file) {
/////////////////// SYS SETTINGS ///////////////////////
void ignore_sigpipe(void) {
blob - c79bb29d7dd5a1cd330b7cd76f63c0732a411d5a
blob + 85357b9a0a9fb25f422435d360a77e35d18c17a4
--- telephony/coturn/patches/patch-src_apps_relay_mainrelay_c
+++ telephony/coturn/patches/patch-src_apps_relay_mainrelay_c
@@ -1,14 +1,208 @@
-Don't create a default pidfile
+- Don't create a default pidfile
+- Use the old DH code, since LibreSSL doesn't support OSSL_{DECODER,PARAM}
Index: src/apps/relay/mainrelay.c
--- src/apps/relay/mainrelay.c.orig
+++ src/apps/relay/mainrelay.c
-@@ -126,7 +126,7 @@ turn_params_t turn_params = {
+@@ -132,7 +132,7 @@ turn_params_t turn_params = {
- 0, /* do_not_use_config_file */
+ false, /* do_not_use_config_file */
- "/var/run/turnserver.pid", /* pidfile */
+ "", /* pidfile */
"", /* acme_redirect */
//////////////// Listener server /////////////////
+@@ -3523,7 +3523,7 @@ static void adjust_key_file_names(void) {
+ adjust_key_file_name(turn_params.dh_file, "DH key", 0);
+ }
+ }
+-static EVP_PKEY *get_dh566(void) {
++static DH *get_dh566(void) {
+
+ unsigned char dh566_p[] = {0x36, 0x53, 0xA8, 0x9C, 0x3C, 0xF1, 0xD1, 0x1B,
0x2D, 0xA2, 0x64, 0xDE, 0x59, 0x3B, 0xE3,
+ 0x8C, 0x27, 0x74, 0xC2, 0xBE, 0x9B, 0x6D, 0x56,
0xE7, 0xDF, 0xFF, 0x67, 0x6A, 0xD2, 0x0C,
+@@ -3537,34 +3537,25 @@ static EVP_PKEY *get_dh566(void) {
+ // -----END DH PARAMETERS-----
+
+ unsigned char dh566_g[] = {0x05};
++ DH *dh;
+
+- BIGNUM *p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
+- BIGNUM *g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
+- if (!p || !g) {
+- BN_free(p);
+- BN_free(g);
+- return NULL;
++ if ((dh = DH_new()) == NULL) {
++ return (NULL);
+ }
+-
+- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
+- OSSL_PARAM_BLD_push_BN(bld, "p", p);
+- OSSL_PARAM_BLD_push_BN(bld, "g", g);
+- OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld);
+- OSSL_PARAM_BLD_free(bld);
+- BN_free(p);
+- BN_free(g);
+-
+- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
+- EVP_PKEY *pkey = NULL;
+- EVP_PKEY_fromdata_init(pctx);
+- EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params);
+- EVP_PKEY_CTX_free(pctx);
+- OSSL_PARAM_free(params);
+- return pkey;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
++ dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ DH_free(dh);
++ return (NULL);
++ }
++#else
++ DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL,
BN_bin2bn(dh566_g, sizeof(dh566_g), NULL));
++#endif
++ return (dh);
+ }
++static DH *get_dh1066(void) {
+
+-static EVP_PKEY *get_dh1066(void) {
+-
+ unsigned char dh1066_p[] = {0x02, 0x0E, 0x26, 0x6F, 0xAA, 0x9F, 0xA8, 0xE5,
0x3F, 0x70, 0x88, 0xF1, 0xA9, 0x29, 0xAE,
+ 0x1A, 0x2B, 0xA8, 0x2F, 0xE8, 0xE5, 0x0E, 0x81,
0x78, 0xD7, 0x12, 0x41, 0xDC, 0xE2, 0xD5,
+ 0x10, 0x6F, 0x8A, 0x35, 0x23, 0xCE, 0x66, 0x93,
0x67, 0x14, 0xEA, 0x0A, 0x61, 0xD4, 0x43,
+@@ -3582,34 +3573,25 @@ static EVP_PKEY *get_dh1066(void) {
+ // -----END DH PARAMETERS-----
+
+ unsigned char dh1066_g[] = {0x02};
++ DH *dh;
+
+- BIGNUM *p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
+- BIGNUM *g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
+- if (!p || !g) {
+- BN_free(p);
+- BN_free(g);
+- return NULL;
++ if ((dh = DH_new()) == NULL) {
++ return (NULL);
+ }
+-
+- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
+- OSSL_PARAM_BLD_push_BN(bld, "p", p);
+- OSSL_PARAM_BLD_push_BN(bld, "g", g);
+- OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld);
+- OSSL_PARAM_BLD_free(bld);
+- BN_free(p);
+- BN_free(g);
+-
+- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
+- EVP_PKEY *pkey = NULL;
+- EVP_PKEY_fromdata_init(pctx);
+- EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params);
+- EVP_PKEY_CTX_free(pctx);
+- OSSL_PARAM_free(params);
+- return pkey;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
++ dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ DH_free(dh);
++ return (NULL);
++ }
++#else
++ DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL,
BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL));
++#endif
++ return (dh);
+ }
++static DH *get_dh2066(void) {
+
+-static EVP_PKEY *get_dh2066(void) {
+-
+ unsigned char dh2066_p[] = {
+ 0x03, 0x31, 0x77, 0x20, 0x58, 0xA6, 0x69, 0xA3, 0x9D, 0x2D, 0x5E, 0xE0,
0x5C, 0x46, 0x82, 0x0F, 0x9E, 0x80, 0xF0,
+ 0x00, 0x2A, 0xF9, 0x0F, 0x62, 0x1F, 0x89, 0xCE, 0x7D, 0x2A, 0xFD, 0xC5,
0x9A, 0x7C, 0x6A, 0x60, 0x2C, 0xF1, 0xDD,
+@@ -3636,32 +3618,23 @@ static EVP_PKEY *get_dh2066(void) {
+ // -----END DH PARAMETERS-----
+
+ unsigned char dh2066_g[] = {0x05};
++ DH *dh;
+
+- BIGNUM *p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
+- BIGNUM *g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
+- if (!p || !g) {
+- BN_free(p);
+- BN_free(g);
+- return NULL;
++ if ((dh = DH_new()) == NULL) {
++ return (NULL);
+ }
+-
+- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
+- OSSL_PARAM_BLD_push_BN(bld, "p", p);
+- OSSL_PARAM_BLD_push_BN(bld, "g", g);
+- OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld);
+- OSSL_PARAM_BLD_free(bld);
+- BN_free(p);
+- BN_free(g);
+-
+- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
+- EVP_PKEY *pkey = NULL;
+- EVP_PKEY_fromdata_init(pctx);
+- EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params);
+- EVP_PKEY_CTX_free(pctx);
+- OSSL_PARAM_free(params);
+- return pkey;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
++ dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ DH_free(dh);
++ return (NULL);
++ }
++#else
++ DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL,
BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL));
++#endif
++ return (dh);
+ }
+-
+ static int pem_password_func(char *buf, int size, int rwflag, void *password)
{
+ UNUSED_ARG(rwflag);
+
+@@ -3811,20 +3784,13 @@ static void set_ctx(SSL_CTX **out, const char *protoco
+
+ { // DH algorithms:
+
+- EVP_PKEY *dh = NULL;
++ DH *dh = NULL;
+ if (turn_params.dh_file[0]) {
+ FILE *paramfile = fopen(turn_params.dh_file, "r");
+ if (!paramfile) {
+ perror("Cannot open DH file");
+ } else {
+- OSSL_DECODER_CTX *dctx =
+- OSSL_DECODER_CTX_new_for_pkey(&dh, "PEM", NULL, "DH",
EVP_PKEY_KEY_PARAMETERS, NULL, NULL);
+- if (dctx) {
+- if (!OSSL_DECODER_from_fp(dctx, paramfile)) {
+- dh = NULL;
+- }
+- OSSL_DECODER_CTX_free(dctx);
+- }
++ dh = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+ fclose(paramfile);
+ if (dh) {
+ turn_params.dh_key_size = DH_CUSTOM;
+@@ -3846,11 +3812,11 @@ static void set_ctx(SSL_CTX **out, const char *protoco
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot allocate DH
suite\n", __FUNCTION__);
+ err = 1;
+ } else {
+- if (1 != SSL_CTX_set0_tmp_dh_pkey(ctx, dh)) {
++ if (1 != SSL_CTX_set_tmp_dh(ctx, dh)) {
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot set DH\n",
__FUNCTION__);
+ err = 1;
+ }
+- // No EVP_PKEY_free: SSL_CTX_set0_tmp_dh_pkey always takes ownership
++ DH_free(dh);
+ }
+ }
+
blob - /dev/null
blob + 31584be71d70fb8144f2bbdbde773438f782f1ac (mode 644)
--- /dev/null
+++ telephony/coturn/patches/patch-src_apps_relay_mainrelay_h
@@ -0,0 +1,13 @@
+Index: src/apps/relay/mainrelay.h
+--- src/apps/relay/mainrelay.h.orig
++++ src/apps/relay/mainrelay.h
+@@ -87,9 +87,7 @@
+ #include "ns_ioalib_impl.h"
+
+ #include <openssl/aes.h>
+-#include <openssl/decoder.h>
+ #include <openssl/err.h>
+-#include <openssl/param_build.h>
+ #include <openssl/pem.h>
+ #include <openssl/ssl.h>
+
blob - 013057e051989ad133ec83faf7d2889d04a829ec
blob + b702c2d5925873e4189fa9e1a46c693c6c3686ae
--- telephony/coturn/pkg/PLIST
+++ telephony/coturn/pkg/PLIST
@@ -34,10 +34,6 @@ share/doc/turnserver/README.turnadmin
share/doc/turnserver/README.turnserver
share/doc/turnserver/README.turnutils
share/doc/turnserver/postinstall.txt
-share/doc/turnserver/schema.mongo.sh
-share/doc/turnserver/schema.sql
-share/doc/turnserver/schema.stats.redis
-share/doc/turnserver/schema.userdb.redis
share/examples/turnserver/
share/examples/turnserver/etc/
share/examples/turnserver/etc/cacert.pem
