View | Details | Raw Unified | Return to bug 196256 | Differences between
and this patch

Collapse All | Expand All

(-)files/patch-acinclude.m4 (+11 lines)
Line 0 Link Here
1 
--- acinclude.m4.orig	2012-07-06 17:23:21.000000000 +0200
2 
+++ acinclude.m4	2015-02-28 10:22:26.577650967 +0100
3 
@@ -455,6 +455,8 @@
4 
     AC_CHECK_HEADERS([openssl/engine.h])
5 
     AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
6 
     AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
7 
+    AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain])
8 
+    AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_SSL_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
9 
   else
10 
     AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"])
11 
     AC_CHECK_FUNCS(SSL_set_state)
(-)files/patch-configure (+62 lines)
Line 0 Link Here
1 
--- configure.orig	2014-08-22 19:54:19.000000000 +0200
2 
+++ configure	2015-02-28 10:22:46.822052140 +0100
3 
@@ -13853,6 +13922,59 @@
4 
 fi
5 
 done
6
7 
+    for ac_func in SSL_CTX_use_certificate_chain
8 
+do :
9 
+  ac_fn_c_check_func "$LINENO" "SSL_CTX_use_certificate_chain" "ac_cv_func_SSL_CTX_use_certificate_chain"
10 
+if test "x$ac_cv_func_SSL_CTX_use_certificate_chain" = xyes; then :
11 
+  cat >>confdefs.h <<_ACEOF
12 
+#define HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN 1
13 
+_ACEOF
14 
+
15 
+fi
16 
+done
17 
+
18 
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
19 
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
20 
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
21 
+  $as_echo_n "(cached) " >&6
22 
+else
23 
+  ac_check_lib_save_LIBS=$LIBS
24 
+LIBS="-lcrypto  $LIBS"
25 
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
26 
+/* end confdefs.h.  */
27 
+
28 
+/* Override any GCC internal prototype to avoid an error.
29 
+   Use char because int might match the return type of a GCC
30 
+   builtin and then its argument prototype would still apply.  */
31 
+#ifdef __cplusplus
32 
+extern "C"
33 
+#endif
34 
+char RAND_egd ();
35 
+int
36 
+main ()
37 
+{
38 
+return RAND_egd ();
39 
+  ;
40 
+  return 0;
41 
+}
42 
+_ACEOF
43 
+if ac_fn_c_try_link "$LINENO"; then :
44 
+  ac_cv_lib_crypto_RAND_egd=yes
45 
+else
46 
+  ac_cv_lib_crypto_RAND_egd=no
47 
+fi
48 
+rm -f core conftest.err conftest.$ac_objext \
49 
+    conftest$ac_exeext conftest.$ac_ext
50 
+LIBS=$ac_check_lib_save_LIBS
51 
+fi
52 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
53 
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
54 
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
55 
+
56 
+$as_echo "#define HAVE_SSL_RAND_EGD 1" >>confdefs.h
57 
+
58 
+fi
59 
+
60 
   else
61 
     for ac_func in SSLC_library_version SSL_CTX_new
62 
 do :
(-)files/patch-include__ap_config_auto.h.in (+15 lines)
Line 0 Link Here
1 
--- include/ap_config_auto.h.in.orig	2014-08-22 19:54:18.000000000 +0200
2 
+++ include/ap_config_auto.h.in	2015-02-28 10:25:55.191842645 +0100
3 
@@ -127,6 +127,12 @@
4 
 /* Define to 1 if you have the `SSL_CTX_new' function. */
5 
 #undef HAVE_SSL_CTX_NEW
6
7 
+/* Define to 1 if you run LibreSSL which defines SSL_CTX_use_certificate_chain as well */
8 
+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
9 
+
10 
+/* Define to 1 if your OpenSSL library supports RAND_egd */
11 
+#undef HAVE_SSL_RAND_EGD
12 
+
13 
 /* Define to 1 if you have the `SSL_set_cert_store' function. */
14 
 #undef HAVE_SSL_SET_CERT_STORE
15
(-)files/patch-modules__ssl__ssl_engine_init.c (+38 lines)
Line 0 Link Here
1 
--- modules/ssl/ssl_engine_init.c.orig	2014-07-16 08:04:38.000000000 +0200
2 
+++ modules/ssl/ssl_engine_init.c	2015-02-28 10:52:11.571641334 +0100
3 
@@ -406,9 +406,11 @@
4 
             ssl_die();
5 
         }
6
7 
+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
8 
         if (strEQ(mc->szCryptoDevice, "chil")) {
9 
             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
10 
         }
11 
+#endif
12
13 
         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
14 
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
15 
@@ -584,6 +586,10 @@
16 
 #endif
17
18
19 
+#ifdef SSL_NO_COMP
20 
+#define OPENSSL_NO_COMP
21 
+#endif
22 
+
23 
 #ifndef OPENSSL_NO_COMP
24 
     if (sc->compression != TRUE) {
25 
 #ifdef SSL_OP_NO_COMPRESSION
26 
@@ -831,7 +837,11 @@
27 
         }
28 
     }
29
30 
-    n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
31 
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
32 
+          n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
33 
+#else
34 
+          n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
35 
+#endif
36 
                                       (char *)chain,
37 
                                       skip_first, NULL);
38 
     if (n < 0) {
(-)files/patch-modules__ssl__ssl_engine_rand.c (+20 lines)
Line 0 Link Here
1 
--- modules/ssl/ssl_engine_rand.c.orig	2006-07-12 05:38:44.000000000 +0200
2 
+++ modules/ssl/ssl_engine_rand.c	2015-02-28 10:47:35.481607754 +0100
3 
@@ -83,17 +83,6 @@
4 
                 nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
5 
                 ssl_util_ppclose(s, p, fp);
6 
             }
7 
-#ifdef HAVE_SSL_RAND_EGD
8 
-            else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
9 
-                /*
10 
-                 * seed in contents provided by the external
11 
-                 * Entropy Gathering Daemon (EGD)
12 
-                 */
13 
-                if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
14 
-                    continue;
15 
-                nDone += n;
16 
-            }
17 
-#endif
18 
             else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
19 
                 struct {
20 
                     time_t t;
(-)files/patch-modules__ssl__ssl_engine_vars.c (+11 lines)
Line 0 Link Here
1 
--- modules/ssl/ssl_engine_vars.c.orig	2013-02-12 12:51:17.000000000 +0100
2 
+++ modules/ssl/ssl_engine_vars.c	2015-02-28 10:54:21.257798164 +0100
3 
@@ -832,7 +832,7 @@
4 
 {
5 
     char *result = "NULL";
6 
 #ifdef OPENSSL_VERSION_NUMBER
7 
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
8 
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
9 
     SSL_SESSION *pSession = SSL_get_session(ssl);
10
11 
     if (pSession) {
(-)files/patch-modules__ssl__ssl_util_ssl.c (+14 lines)
Line 0 Link Here
1 
--- modules/ssl/ssl_util_ssl.c.orig	2012-08-17 19:30:46.000000000 +0200
2 
+++ modules/ssl/ssl_util_ssl.c	2015-02-28 10:30:48.557501618 +0100
3 
@@ -492,7 +492,11 @@
4 
  * format, possibly followed by a sequence of CA certificates that
5 
  * should be sent to the peer in the SSL Certificate message.
6 
  */
7 
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
8 
 int SSL_CTX_use_certificate_chain(
9 
+#else
10 
+int _SSL_CTX_use_certificate_chain(
11 
+#endif
12 
     SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
13 
 {
14 
     BIO *bio;
(-)files/patch-modules__ssl__ssl_util_ssl.h (+14 lines)
Line 0 Link Here
1 
--- modules/ssl/ssl_util_ssl.h.orig	2012-08-17 19:30:46.000000000 +0200
2 
+++ modules/ssl/ssl_util_ssl.h	2015-02-28 10:33:07.042671521 +0100
3 
@@ -89,7 +89,11 @@
4 
 BOOL        SSL_X509_getCN(apr_pool_t *, X509 *, char **);
5 
 BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
6 
 BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
7 
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
8 
 int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
9 
+#else
10 
+int         _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
11 
+#endif
12 
 char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
13
14 
 /** util functions for OpenSSL+sslc compat */

Return to bug 196256