gentoo-overlay/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch

diff -u -r openntpd-5.7p4-orig/src/config.c openntpd-5.7p4/src/config.c
--- openntpd-5.7p4-orig/src/config.c	2015-03-24 18:18:56.000000000 -0700
+++ openntpd-5.7p4/src/config.c	2015-05-25 16:48:59.000000000 -0700
@@ -218,6 +218,9 @@
 		fatal("new_constraint calloc");
 	p->id = ++constraint_maxid;
 
+#ifndef HAVE_LIBTLS
+	fatal("constraint configured without libtls support");
+#endif
 	return (p);
 }
 
diff -u -r openntpd-5.7p4-orig/src/ntp.c openntpd-5.7p4/src/ntp.c
--- openntpd-5.7p4-orig/src/ntp.c	2015-03-11 19:15:36.000000000 -0700
+++ openntpd-5.7p4/src/ntp.c	2015-05-25 16:48:59.000000000 -0700
@@ -110,12 +110,14 @@
 		return (pid);
 	}
 
+#ifdef HAVE_LIBTLS
 	tls_init();
 
 	/* Verification will be turned off if CA is not found */
 	if ((conf->ca = tls_load_file(CONSTRAINT_CA,
 	    &conf->ca_len, NULL)) == NULL)
 		log_warnx("constraint certificate verification turned off");
+#endif
 
 	/* in this case the parent didn't init logging and didn't daemonize */
 	if (nconf->settime && !nconf->debug) {
diff -u -r openntpd-5.7p4-orig/src/ntpd.conf.5 openntpd-5.7p4/src/ntpd.conf.5
--- openntpd-5.7p4-orig/src/ntpd.conf.5	2015-03-24 18:18:56.000000000 -0700
+++ openntpd-5.7p4/src/ntpd.conf.5	2015-05-25 16:48:59.000000000 -0700
@@ -192,8 +192,11 @@
 .Sq Man-In-The-Middle
 attacks.
 Received NTP packets with time information falling outside of a range
-near the constraint will be discarded and such NTP servers
-will be marked as invalid.
+near the constraint will be discarded and such NTP servers will be marked as
+invalid. Contraints are only available if
+.Xr ntpd 8
+has been compiled with libtls support. Configuring a constraint without libtls
+support will result in a fatal error.
 .Bl -tag -width Ds
 .It Ic constraint from Ar url
 Specify the URL, IP address or the hostname of an HTTPS server to
Only in openntpd-5.7p4/src: ntpd.conf.5.orig