--- modules/ssl/ssl_engine_init.c.orig 2014-07-14 14:29:22.000000000 +0200 +++ modules/ssl/ssl_engine_init.c 2014-12-17 10:13:39.269794278 +0100 @@ -353,9 +353,11 @@ return ssl_die(s); } +#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK if (strEQ(mc->szCryptoDevice, "chil")) { ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); } +#endif if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889) @@ -828,7 +830,11 @@ } } - n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, +#else + n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx, +#endif (char *)chain, skip_first, NULL); if (n < 0) { --- modules/ssl/ssl_util_ssl.c.orig 2014-03-02 21:20:14.000000000 +0100 +++ modules/ssl/ssl_util_ssl.c 2014-12-17 10:11:23.293801088 +0100 @@ -460,7 +460,11 @@ * format, possibly followed by a sequence of CA certificates that * should be sent to the peer in the SSL Certificate message. */ +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN int SSL_CTX_use_certificate_chain( +#else +int _SSL_CTX_use_certificate_chain( +#endif SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb) { BIO *bio; --- modules/ssl/ssl_util_ssl.h.orig 2014-03-02 21:20:14.000000000 +0100 +++ modules/ssl/ssl_util_ssl.h 2014-12-17 10:10:36.197804421 +0100 @@ -69,7 +69,11 @@ BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *); BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); +#else +int _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); +#endif char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); #endif /* __SSL_UTIL_SSL_H__ */ --- modules/ssl/ssl_engine_rand.c.orig 2011-12-05 01:08:01.000000000 +0100 +++ modules/ssl/ssl_engine_rand.c 2014-12-19 18:39:04.825554353 +0100 @@ -81,6 +81,7 @@ nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes); ssl_util_ppclose(s, p, fp); } +#ifdef HAVE_RAND_EGD else if (pRandSeed->nSrc == SSL_RSSRC_EGD) { /* * seed in contents provided by the external @@ -90,6 +91,7 @@ continue; nDone += n; } +#endif else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) { struct { time_t t; --- configure.orig 2014-07-15 19:15:03.000000000 +0200 +++ configure 2014-12-19 18:43:31.217134498 +0100 @@ -24885,7 +24885,7 @@ fi done - for ac_func in ENGINE_init ENGINE_load_builtin_engines + for ac_func in ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" --- include/ap_config_auto.h.in.orig 2014-07-15 19:15:02.000000000 +0200 +++ include/ap_config_auto.h.in 2014-12-19 18:49:26.301357912 +0100 @@ -130,6 +130,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_PWD_H +/* Define to 1 if you have the `RAND_egd' function. */ +#undef HAVE_RAND_EGD + /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID @@ -139,6 +142,9 @@ /* Define to 1 if you have the `SSL_CTX_new' function. */ #undef HAVE_SSL_CTX_NEW +/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */ +#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H --- acinclude.m4.orig 2014-01-05 09:37:21.000000000 +0100 +++ acinclude.m4 2014-12-19 18:53:07.033409821 +0100 @@ -576,7 +576,7 @@ liberrors="" AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd]) if test "x$liberrors" != "x"; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi