Attachment 150943 Details for Bug 196256 – Patch for apache22 to build cleanly with LibreSSL

[patch] Patch for apache22 to build cleanly with LibreSSL

patch-PR999999 (text/plain), 4.82 KB, created by Bernard Spil on 2014-12-24 17:55:41 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Bernard Spil

Created: 2014-12-24 17:55:41 UTC

Size: 4.82 KB

patch

obsolete

>--- acinclude.m4.orig	2012-07-06 17:23:21.000000000 +0200
>+++ acinclude.m4	2014-12-24 12:14:22.207357460 +0100
>@@ -454,7 +454,7 @@
>   if test "$ap_ssltk_type" = "openssl"; then
>     AC_CHECK_HEADERS([openssl/engine.h])
>     AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
>-    AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
>+    AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd])
>   else
>     AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"])
>     AC_CHECK_FUNCS(SSL_set_state)
>--- configure.bak	2014-08-22 19:54:19.000000000 +0200
>+++ configure	2014-12-24 12:20:30.867335396 +0100
>@@ -13841,7 +13841,7 @@
> fi
> done
> 
>-    for ac_func in ENGINE_init ENGINE_load_builtin_engines
>+    for ac_func in ENGINE_init ENGINE_load_builtin_engines SSL_CTX_use_certificate_chain RAND_egd
> do :
>   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
> ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
>--- include/ap_config_auto.h.in.orig	2014-08-22 19:54:18.000000000 +0200
>+++ include/ap_config_auto.h.in	2014-12-24 12:38:06.864258210 +0100
>@@ -109,6 +109,9 @@
> /* Define to 1 if you have the <pwd.h> header file. */
> #undef HAVE_PWD_H
> 
>+/* Define to 1 if you have the `RAND_egd' function. */
>+#undef HAVE_RAND_EGD
>+
> /* Define to 1 if you have the `setsid' function. */
> #undef HAVE_SETSID
> 
>@@ -127,6 +130,9 @@
> /* Define to 1 if you have the `SSL_CTX_new' function. */
> #undef HAVE_SSL_CTX_NEW
> 
>+/* Define to 1 if you have the `SSL_CTX_use_certificate_chain' function. */
>+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
>+
> /* Define to 1 if you have the `SSL_set_cert_store' function. */
> #undef HAVE_SSL_SET_CERT_STORE
> 
>--- modules/ssl/ssl_engine_init.c.orig	2014-07-16 08:04:38.000000000 +0200
>+++ modules/ssl/ssl_engine_init.c	2014-12-24 12:42:00.248249930 +0100
>@@ -406,9 +406,11 @@
>             ssl_die();
>         }
> 
>+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
>         if (strEQ(mc->szCryptoDevice, "chil")) {
>             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
>         }
>+#endif
> 
>         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
>             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
>@@ -583,6 +585,9 @@
>     }
> #endif
>
>+#ifdef SSL_NO_COMP
>+#define OPENSSL_NO_COMP
>+#endif
>
> #ifndef OPENSSL_NO_COMP
>     if (sc->compression != TRUE) {
>@@ -831,7 +833,11 @@
>         }
>     }
> 
>+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
>     n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
>+#else
>+    n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
>+#endif
>                                       (char *)chain,
>                                       skip_first, NULL);
>     if (n < 0) {
>--- modules/ssl/ssl_util_ssl.h.orig	2012-08-17 19:30:46.000000000 +0200
>+++ modules/ssl/ssl_util_ssl.h	2014-12-24 12:42:52.358238155 +0100
>@@ -89,7 +89,11 @@
> BOOL        SSL_X509_getCN(apr_pool_t *, X509 *, char **);
> BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
> BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
>+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
> int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
>+#else
>+int         _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
>+#endif
> char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
> 
> /** util functions for OpenSSL+sslc compat */
>--- modules/ssl/ssl_util_ssl.c.orig	2012-08-17 19:30:46.000000000 +0200
>+++ modules/ssl/ssl_util_ssl.c	2014-12-24 12:44:30.382233287 +0100
>@@ -492,7 +492,11 @@
>  * format, possibly followed by a sequence of CA certificates that
>  * should be sent to the peer in the SSL Certificate message.
>  */
>+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
> int SSL_CTX_use_certificate_chain(
>+#else
>+int _SSL_CTX_use_certificate_chain(
>+#endif
>     SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
> {
>     BIO *bio;
>--- modules/ssl/ssl_toolkit_compat.h.orig	2014-12-24 12:52:45.725199639 +0100
>+++ modules/ssl/ssl_toolkit_compat.h	2014-12-24 12:53:07.419197093 +0100
>@@ -143,7 +143,9 @@
> #define X509_reference_inc(cert) \
>    CRYPTO_add(&((cert)->references), +1, CRYPTO_LOCK_X509)
> 
>+#ifdef HAVE_RAND_EGD
> #define HAVE_SSL_RAND_EGD /* since 9.5.1 */
>+#endif
> 
> #define HAVE_SSL_X509V3_EXT_d2i
>
>--- modules/ssl/ssl_engine_vars.c.orig  2013-02-12 12:51:17.000000000 +0100
>+++ modules/ssl/ssl_engine_vars.c       2014-12-24 13:13:40.645111263 +0100
>@@ -834,7 +834,7 @@
> #ifdef OPENSSL_VERSION_NUMBER
> #if (OPENSSL_VERSION_NUMBER >= 0x00908000)
>     SSL_SESSION *pSession = SSL_get_session(ssl);
>-
>+#ifndef SSL_NO_COMP
>     if (pSession) {
>         switch (pSession->compress_meth) {
>         case 0:
>@@ -856,6 +856,10 @@
>             break;
>         }
>     }
>+#else
>+    /* default "NULL" already set */
>+   break;
>+#endif /* SSL_NO_COMP */
> #endif
> #endif
>     return result;
>

Actions: View | Diff

Attachments on bug 196256: 150943 | 153608 | 153609