--- acinclude.m4.orig 2012-07-06 17:23:21.000000000 +0200 +++ acinclude.m4 2014-12-24 12:14:22.207357460 +0100 @@ -454,7 +454,7 @@ if test "$ap_ssltk_type" = "openssl"; then AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd]) else AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"]) AC_CHECK_FUNCS(SSL_set_state) --- configure.bak 2014-08-22 19:54:19.000000000 +0200 +++ configure 2014-12-24 12:20:30.867335396 +0100 @@ -13841,7 +13841,7 @@ fi done - for ac_func in ENGINE_init ENGINE_load_builtin_engines + for ac_func in ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" --- include/ap_config_auto.h.in.orig 2014-08-22 19:54:18.000000000 +0200 +++ include/ap_config_auto.h.in 2014-12-24 12:38:06.864258210 +0100 @@ -109,6 +109,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_PWD_H +/* Define to 1 if you have the `RAND_egd' function. */ +#undef HAVE_RAND_EGD + /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID @@ -127,6 +130,9 @@ /* Define to 1 if you have the `SSL_CTX_new' function. */ #undef HAVE_SSL_CTX_NEW +/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */ +#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN + /* Define to 1 if you have the `SSL_set_cert_store' function. */ #undef HAVE_SSL_SET_CERT_STORE --- modules/ssl/ssl_engine_init.c.orig 2014-07-16 08:04:38.000000000 +0200 +++ modules/ssl/ssl_engine_init.c 2014-12-24 12:42:00.248249930 +0100 @@ -406,9 +406,11 @@ ssl_die(); } +#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK if (strEQ(mc->szCryptoDevice, "chil")) { ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); } +#endif if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, @@ -583,6 +585,9 @@ } #endif +#ifdef SSL_NO_COMP +#define OPENSSL_NO_COMP +#endif #ifndef OPENSSL_NO_COMP if (sc->compression != TRUE) { @@ -831,7 +833,11 @@ } } +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, +#else + n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx, +#endif (char *)chain, skip_first, NULL); if (n < 0) { --- modules/ssl/ssl_util_ssl.h.orig 2012-08-17 19:30:46.000000000 +0200 +++ modules/ssl/ssl_util_ssl.h 2014-12-24 12:42:52.358238155 +0100 @@ -89,7 +89,11 @@ BOOL SSL_X509_getCN(apr_pool_t *, X509 *, char **); BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *); +#else +int _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); +#endif char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); /** util functions for OpenSSL+sslc compat */ --- modules/ssl/ssl_util_ssl.c.orig 2012-08-17 19:30:46.000000000 +0200 +++ modules/ssl/ssl_util_ssl.c 2014-12-24 12:44:30.382233287 +0100 @@ -492,7 +492,11 @@ * format, possibly followed by a sequence of CA certificates that * should be sent to the peer in the SSL Certificate message. */ +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN int SSL_CTX_use_certificate_chain( +#else +int _SSL_CTX_use_certificate_chain( +#endif SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb) { BIO *bio; --- modules/ssl/ssl_toolkit_compat.h.orig 2014-12-24 12:52:45.725199639 +0100 +++ modules/ssl/ssl_toolkit_compat.h 2014-12-24 12:53:07.419197093 +0100 @@ -143,7 +143,9 @@ #define X509_reference_inc(cert) \ CRYPTO_add(&((cert)->references), +1, CRYPTO_LOCK_X509) +#ifdef HAVE_RAND_EGD #define HAVE_SSL_RAND_EGD /* since 9.5.1 */ +#endif #define HAVE_SSL_X509V3_EXT_d2i --- modules/ssl/ssl_engine_vars.c.orig 2013-02-12 12:51:17.000000000 +0100 +++ modules/ssl/ssl_engine_vars.c 2014-12-24 13:13:40.645111263 +0100 @@ -834,7 +834,7 @@ #ifdef OPENSSL_VERSION_NUMBER #if (OPENSSL_VERSION_NUMBER >= 0x00908000) SSL_SESSION *pSession = SSL_get_session(ssl); - +#ifndef SSL_NO_COMP if (pSession) { switch (pSession->compress_meth) { case 0: @@ -856,6 +856,10 @@ break; } } +#else + /* default "NULL" already set */ + break; +#endif /* SSL_NO_COMP */ #endif #endif return result;