Bug 196256 - www/apache22: Unbreak build with LibreSSL
Summary: www/apache22: Unbreak build with LibreSSL
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-apache mailing list
URL:
Keywords: needs-qa, patch
Depends on:
Blocks:
 
Reported: 2014-12-24 17:55 UTC by Bernard Spil
Modified: 2015-03-01 17:43 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback? (apache)


Attachments
Patch for apache22 to build cleanly with LibreSSL (4.82 KB, patch)
2014-12-24 17:55 UTC, Bernard Spil
no flags Details | Diff
svn diff www/apache22 (11.12 KB, patch)
2015-02-28 10:09 UTC, Bernard Spil
no flags Details | Diff
Poudriere build log with latest patch (227.79 KB, text/plain)
2015-02-28 10:09 UTC, Bernard Spil
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2014-12-24 17:55:41 UTC
Created attachment 150943 [details]
Patch for apache22 to build cleanly with LibreSSL

Apache 2.2 (and 2.4) can not be built when LibreSSL is used as SSL library.
LibreSSL has (amongst others)
  - removed RAND_egd
  - removed CHIL engine
  - added SSL_CTX_use_certificate_chain
  - removed compression for SSL and TLS
this leads to build failures for missing and redefining functions. This patch fixes these errors by
  - adding a check for RAND_egd and SSL_CTX_use_certificate_chain
  - make Apache pick up the SSL_NO_COMP define (OpenSSL sets OPENSSL_NO_COMP)
  - using an already available define for CHIL
  - using defines for the added checks

See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196139 for the Apache24 patch
Comment 1 Mark Felder freebsd_committer 2015-02-26 20:48:15 UTC
Are there any concerns about this patch? It appears to do everything that #196139 did for Apache 2.4, which was already committed.

Any objections to committing this?
Comment 2 Mark Felder freebsd_committer 2015-02-27 19:20:49 UTC
This patch is for apache directly -- not the port. It also doesn't apply cleanly:

root@skeletor:/usr/ports/www/apache22/work/httpd-2.2.29 # patch -p0 < ../../patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- acinclude.m4       2012-07-06 17:23:21.000000000 +0200
|+++ acinclude.m4       2014-12-24 12:14:22.207357460 +0100
--------------------------
Patching file acinclude.m4 using Plan A...
Hunk #1 succeeded at 454.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- configure  2014-08-22 19:54:19.000000000 +0200
|+++ configure  2014-12-24 12:20:30.867335396 +0100
--------------------------
Patching file configure using Plan A...
Hunk #1 succeeded at 13841.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- include/ap_config_auto.h.in        2014-08-22 19:54:18.000000000 +0200
|+++ include/ap_config_auto.h.in        2014-12-24 12:38:06.864258210 +0100
--------------------------
Patching file include/ap_config_auto.h.in using Plan A...
Hunk #1 succeeded at 109.
Hunk #2 succeeded at 130.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- modules/ssl/ssl_engine_init.c      2014-07-16 08:04:38.000000000 +0200
|+++ modules/ssl/ssl_engine_init.c      2014-12-24 12:42:00.248249930 +0100
--------------------------
Patching file modules/ssl/ssl_engine_init.c using Plan A...
Hunk #1 succeeded at 406.



Can we get an updated patch ?


Thanks!
Comment 3 Bernard Spil freebsd_committer 2015-02-28 10:09:21 UTC
Created attachment 153608 [details]
svn diff  www/apache22

Re-rolled the patch
Comment 4 Bernard Spil freebsd_committer 2015-02-28 10:09:48 UTC
Created attachment 153609 [details]
Poudriere build log with latest patch
Comment 5 Mark Felder freebsd_committer 2015-02-28 14:18:28 UTC
I can successfully serve SSL with both OpenSSL and LibreSSL builds. Looks good.
Comment 6 commit-hook freebsd_committer 2015-03-01 17:42:10 UTC
A commit references this bug:

Author: feld
Date: Sun Mar  1 17:41:45 UTC 2015
New revision: 380216
URL: https://svnweb.freebsd.org/changeset/ports/380216

Log:
  Unbreak build with LibreSSL

  PR:		196256

Changes:
  head/www/apache22/files/patch-acinclude.m4
  head/www/apache22/files/patch-configure
  head/www/apache22/files/patch-include__ap_config_auto.h.in
  head/www/apache22/files/patch-modules__ssl__ssl_engine_init.c
  head/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c
  head/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c
  head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c
  head/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h