Line 0
Link Here
|
|
|
1 |
--- modules/ssl/ssl_engine_init.c.orig 2014-07-14 14:29:22.000000000 +0200 |
2 |
+++ modules/ssl/ssl_engine_init.c 2014-12-17 10:13:39.269794278 +0100 |
3 |
@@ -353,9 +353,11 @@ |
4 |
return ssl_die(s); |
5 |
} |
6 |
|
7 |
+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK |
8 |
if (strEQ(mc->szCryptoDevice, "chil")) { |
9 |
ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); |
10 |
} |
11 |
+#endif |
12 |
|
13 |
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { |
14 |
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889) |
15 |
@@ -828,7 +830,11 @@ |
16 |
} |
17 |
} |
18 |
|
19 |
- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, |
20 |
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN |
21 |
+ n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, |
22 |
+#else |
23 |
+ n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx, |
24 |
+#endif |
25 |
(char *)chain, |
26 |
skip_first, NULL); |
27 |
if (n < 0) { |
28 |
--- modules/ssl/ssl_util_ssl.c.orig 2014-03-02 21:20:14.000000000 +0100 |
29 |
+++ modules/ssl/ssl_util_ssl.c 2014-12-17 10:11:23.293801088 +0100 |
30 |
@@ -460,7 +460,11 @@ |
31 |
* format, possibly followed by a sequence of CA certificates that |
32 |
* should be sent to the peer in the SSL Certificate message. |
33 |
*/ |
34 |
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN |
35 |
int SSL_CTX_use_certificate_chain( |
36 |
+#else |
37 |
+int _SSL_CTX_use_certificate_chain( |
38 |
+#endif |
39 |
SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb) |
40 |
{ |
41 |
BIO *bio; |
42 |
--- modules/ssl/ssl_util_ssl.h.orig 2014-03-02 21:20:14.000000000 +0100 |
43 |
+++ modules/ssl/ssl_util_ssl.h 2014-12-17 10:10:36.197804421 +0100 |
44 |
@@ -69,7 +69,11 @@ |
45 |
BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *); |
46 |
BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); |
47 |
BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); |
48 |
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN |
49 |
int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); |
50 |
+#else |
51 |
+int _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); |
52 |
+#endif |
53 |
char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); |
54 |
|
55 |
#endif /* __SSL_UTIL_SSL_H__ */ |
56 |
--- configure.orig 2014-12-17 10:02:21.347839093 +0100 |
57 |
+++ configure 2014-12-17 10:05:43.329830871 +0100 |
58 |
@@ -24897,6 +24897,17 @@ |
59 |
fi |
60 |
done |
61 |
|
62 |
+ for ac_func in SSL_CTX_use_certificate_chain |
63 |
+do : |
64 |
+ ac_fn_c_check_func "$LINENO" "SSL_CTX_use_certificate_chain" "ac_cv_func_SSL_CTX_use_certificate_chain" |
65 |
+if test "x$ac_cv_func_SSL_CTX_use_certificate_chain" = xyes; then : |
66 |
+ cat >>confdefs.h <<_ACEOF |
67 |
+#define HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN 1 |
68 |
+_ACEOF |
69 |
+ |
70 |
+fi |
71 |
+done |
72 |
+ |
73 |
if test "x$liberrors" != "x"; then |
74 |
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL libraries are unusable" >&5 |
75 |
$as_echo "$as_me: WARNING: OpenSSL libraries are unusable" >&2;} |
76 |
--- acinclude.m4.orig 2014-01-05 09:37:21.000000000 +0100 |
77 |
+++ acinclude.m4 2014-12-17 10:05:33.351835262 +0100 |
78 |
@@ -577,6 +577,7 @@ |
79 |
AC_CHECK_HEADERS([openssl/engine.h]) |
80 |
AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) |
81 |
AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) |
82 |
+ AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain]) |
83 |
if test "x$liberrors" != "x"; then |
84 |
AC_MSG_WARN([OpenSSL libraries are unusable]) |
85 |
fi |
86 |
--- modules/ssl/ssl_engine_rand.c.orig 2011-12-05 01:08:01.000000000 +0100 |
87 |
+++ modules/ssl/ssl_engine_rand.c 2014-12-17 16:33:37.584222069 +0100 |
88 |
@@ -81,15 +81,6 @@ |
89 |
nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes); |
90 |
ssl_util_ppclose(s, p, fp); |
91 |
} |
92 |
- else if (pRandSeed->nSrc == SSL_RSSRC_EGD) { |
93 |
- /* |
94 |
- * seed in contents provided by the external |
95 |
- * Entropy Gathering Daemon (EGD) |
96 |
- */ |
97 |
- if ((n = RAND_egd(pRandSeed->cpPath)) == -1) |
98 |
- continue; |
99 |
- nDone += n; |
100 |
- } |
101 |
else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) { |
102 |
struct { |
103 |
time_t t; |
104 |
--- include/ap_config_auto.h.in.orig 2014-12-17 17:17:19.700041176 +0100 |
105 |
+++ include/ap_config_auto.h.in 2014-12-17 17:18:33.231033347 +0100 |
106 |
@@ -64,6 +64,9 @@ |
107 |
/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */ |
108 |
#undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES |
109 |
|
110 |
+/* Define to 1 if you run LibreSSL which defines SSL_CTX_use_certificate_chain as well */ |
111 |
+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN |
112 |
+ |
113 |
/* Define to 1 if you have the `epoll_create' function. */ |
114 |
#undef HAVE_EPOLL_CREATE |
115 |
|