Attachment #152367 for bug #196139

Lines 1-8 Link Here

(-)Makefile (-2 / +1 lines)
1	# $FreeBSD$	1	# $FreeBSD$
2		2
3	PORTNAME= apache24	3	PORTNAME= apache24
4	PORTVERSION= 2.4.10	4	PORTVERSION= 2.4.12
5	PORTREVISION= 2
6	CATEGORIES= www ipv6	5	CATEGORIES= www ipv6
7	MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}	6	MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
8	DISTNAME= httpd-${PORTVERSION}	7	DISTNAME= httpd-${PORTVERSION}

Lines 1-2 Link Here

(-)distinfo (-2 / +2 lines)
1	SHA256 (apache24/httpd-2.4.10.tar.bz2) = 176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a	1	SHA256 (apache24/httpd-2.4.12.tar.bz2) = ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4
2	SIZE (apache24/httpd-2.4.10.tar.bz2) = 5031834	2	SIZE (apache24/httpd-2.4.12.tar.bz2) = 5054838




--- modules/ssl/ssl_engine_init.c.orig	2014-07-14 14:29:22.000000000 +0200
+++ modules/ssl/ssl_engine_init.c	2014-12-17 10:13:39.269794278 +0100
@@ -353,9 +353,11 @@
             return ssl_die(s);
         }
 
+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
         if (strEQ(mc->szCryptoDevice, "chil")) {
             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
         }
+#endif
 
         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
             ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889)
@@ -828,7 +830,11 @@
         }
     }
 
-    n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+          n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+#else
+          n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+#endif
                                       (char *)chain,
                                       skip_first, NULL);
     if (n < 0) {
--- modules/ssl/ssl_util_ssl.c.orig	2014-03-02 21:20:14.000000000 +0100
+++ modules/ssl/ssl_util_ssl.c	2014-12-17 10:11:23.293801088 +0100
@@ -460,7 +460,11 @@
  * format, possibly followed by a sequence of CA certificates that
  * should be sent to the peer in the SSL Certificate message.
  */
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
 int SSL_CTX_use_certificate_chain(
+#else
+int _SSL_CTX_use_certificate_chain(
+#endif
     SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb)
 {
     BIO *bio;
--- modules/ssl/ssl_util_ssl.h.orig	2014-03-02 21:20:14.000000000 +0100
+++ modules/ssl/ssl_util_ssl.h	2014-12-17 10:10:36.197804421 +0100
@@ -69,7 +69,11 @@
 BOOL        SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
 BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
 BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
 int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
+#else
+int         _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
+#endif
 char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
 
 #endif /* __SSL_UTIL_SSL_H__ */
--- configure.orig	2014-12-17 10:02:21.347839093 +0100
+++ configure	2014-12-17 10:05:43.329830871 +0100
@@ -24897,6 +24897,17 @@
 fi
 done
 
+      for ac_func in SSL_CTX_use_certificate_chain
+do :
+  ac_fn_c_check_func "$LINENO" "SSL_CTX_use_certificate_chain" "ac_cv_func_SSL_CTX_use_certificate_chain"
+if test "x$ac_cv_func_SSL_CTX_use_certificate_chain" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN 1
+_ACEOF
+
+fi
+done
+
       if test "x$liberrors" != "x"; then
         { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL libraries are unusable" >&5
 $as_echo "$as_me: WARNING: OpenSSL libraries are unusable" >&2;}
--- acinclude.m4.orig	2014-01-05 09:37:21.000000000 +0100
+++ acinclude.m4	2014-12-17 10:05:33.351835262 +0100
@@ -577,6 +577,7 @@
       AC_CHECK_HEADERS([openssl/engine.h])
       AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
       AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
+      AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain])
       if test "x$liberrors" != "x"; then
         AC_MSG_WARN([OpenSSL libraries are unusable])
       fi
--- modules/ssl/ssl_engine_rand.c.orig	2011-12-05 01:08:01.000000000 +0100
+++ modules/ssl/ssl_engine_rand.c	2014-12-17 16:33:37.584222069 +0100
@@ -81,15 +81,6 @@
                 nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
                 ssl_util_ppclose(s, p, fp);
             }
-            else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
-                /*
-                 * seed in contents provided by the external
-                 * Entropy Gathering Daemon (EGD)
-                 */
-                if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
-                    continue;
-                nDone += n;
-            }
             else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
                 struct {
                     time_t t;
--- include/ap_config_auto.h.in.orig	2014-12-17 17:17:19.700041176 +0100
+++ include/ap_config_auto.h.in	2014-12-17 17:18:33.231033347 +0100
@@ -64,6 +64,9 @@
 /* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
 #undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
 
+/* Define to 1 if you run LibreSSL which defines SSL_CTX_use_certificate_chain as well */
+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+
 /* Define to 1 if you have the `epoll_create' function. */
 #undef HAVE_EPOLL_CREATE
 

Return to bug 196139

Line 0 Link Here

(-)files/patch-libressl (+115 lines)
		1	--- modules/ssl/ssl_engine_init.c.orig 2014-07-14 14:29:22.000000000 +0200
		2	+++ modules/ssl/ssl_engine_init.c 2014-12-17 10:13:39.269794278 +0100
		3	@@ -353,9 +353,11 @@
		4	return ssl_die(s);
		5	}
		6
		7	+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
		8	if (strEQ(mc->szCryptoDevice, "chil")) {
		9	ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
		10	}
		11	+#endif
		12
		13	if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
		14	ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889)
		15	@@ -828,7 +830,11 @@
		16	}
		17	}
		18
		19	- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
		20	+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
		21	+ n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
		22	+#else
		23	+ n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
		24	+#endif
		25	(char *)chain,
		26	skip_first, NULL);
		27	if (n < 0) {
		28	--- modules/ssl/ssl_util_ssl.c.orig 2014-03-02 21:20:14.000000000 +0100
		29	+++ modules/ssl/ssl_util_ssl.c 2014-12-17 10:11:23.293801088 +0100
		30	@@ -460,7 +460,11 @@
		31	* format, possibly followed by a sequence of CA certificates that
		32	* should be sent to the peer in the SSL Certificate message.
		33	*/
		34	+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
		35	int SSL_CTX_use_certificate_chain(
		36	+#else
		37	+int _SSL_CTX_use_certificate_chain(
		38	+#endif
		39	SSL_CTX ctx, char file, int skipfirst, pem_password_cb *cb)
		40	{
		41	BIO *bio;
		42	--- modules/ssl/ssl_util_ssl.h.orig 2014-03-02 21:20:14.000000000 +0100
		43	+++ modules/ssl/ssl_util_ssl.h 2014-12-17 10:10:36.197804421 +0100
		44	@@ -69,7 +69,11 @@
		45	BOOL SSL_X509_match_name(apr_pool_t , X509 , const char , BOOL, server_rec );
		46	BOOL SSL_X509_INFO_load_file(apr_pool_t , STACK_OF(X509_INFO) , const char *);
		47	BOOL SSL_X509_INFO_load_path(apr_pool_t , STACK_OF(X509_INFO) , const char *);
		48	+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
		49	int SSL_CTX_use_certificate_chain(SSL_CTX , char , int, pem_password_cb *);
		50	+#else
		51	+int _SSL_CTX_use_certificate_chain(SSL_CTX , char , int, pem_password_cb *);
		52	+#endif
		53	char SSL_SESSION_id2sz(unsigned char , int, char *, int);
		54
		55	#endif /* __SSL_UTIL_SSL_H__ */
		56	--- configure.orig 2014-12-17 10:02:21.347839093 +0100
		57	+++ configure 2014-12-17 10:05:43.329830871 +0100
		58	@@ -24897,6 +24897,17 @@
		59	fi
		60	done
		61
		62	+ for ac_func in SSL_CTX_use_certificate_chain
		63	+do :
		64	+ ac_fn_c_check_func "$LINENO" "SSL_CTX_use_certificate_chain" "ac_cv_func_SSL_CTX_use_certificate_chain"
65	+if test "x$ac_cv_func_SSL_CTX_use_certificate_chain" = xyes; then :
66	+ cat >>confdefs.h <<_ACEOF
67	+#define HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN 1
68	+_ACEOF
69	+
70	+fi
71	+done
72	+
73	if test "x$liberrors" != "x"; then
74	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL libraries are unusable" >&5
75	$as_echo "$as_me: WARNING: OpenSSL libraries are unusable" >&2;}
76	--- acinclude.m4.orig 2014-01-05 09:37:21.000000000 +0100
77	+++ acinclude.m4 2014-12-17 10:05:33.351835262 +0100
78	@@ -577,6 +577,7 @@
79	AC_CHECK_HEADERS([openssl/engine.h])
80	AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
81	AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
82	+ AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain])
83	if test "x$liberrors" != "x"; then
84	AC_MSG_WARN([OpenSSL libraries are unusable])
85	fi
86	--- modules/ssl/ssl_engine_rand.c.orig 2011-12-05 01:08:01.000000000 +0100
87	+++ modules/ssl/ssl_engine_rand.c 2014-12-17 16:33:37.584222069 +0100
88	@@ -81,15 +81,6 @@
89	nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
90	ssl_util_ppclose(s, p, fp);
91	}
92	- else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
93	- /*
94	- * seed in contents provided by the external
95	- * Entropy Gathering Daemon (EGD)
96	- */
97	- if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
98	- continue;
99	- nDone += n;
100	- }
101	else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
102	struct {
103	time_t t;
104	--- include/ap_config_auto.h.in.orig 2014-12-17 17:17:19.700041176 +0100
105	+++ include/ap_config_auto.h.in 2014-12-17 17:18:33.231033347 +0100
106	@@ -64,6 +64,9 @@
107	/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
108	#undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
109
110	+/* Define to 1 if you run LibreSSL which defines SSL_CTX_use_certificate_chain as well */
111	+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
112	+
113	/* Define to 1 if you have the `epoll_create' function. */
114	#undef HAVE_EPOLL_CREATE
115