Enno Boland
parent
f295abed03
commit
463ac9e516
3 changed files with 75 additions and 13 deletions
|
|
@ -1,12 +0,0 @@
|
||||||
LibreSSL 2.7 supports newer OpenSSL APIs. Remove special handling for libreSSL.
|
|
||||||
--- modules/ssl/ssl_private.h.orig 2018-04-23 11:51:35.849536609 +0200
|
|
||||||
+++ modules/ssl/ssl_private.h 2018-04-23 11:51:49.578557354 +0200
|
|
||||||
@@ -123,7 +123,7 @@
|
|
||||||
#define MODSSL_SSL_METHOD_CONST
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#if defined(LIBRESSL_VERSION_NUMBER)
|
|
||||||
+#if 0
|
|
||||||
/* Missing from LibreSSL */
|
|
||||||
#if LIBRESSL_VERSION_NUMBER < 0x2060000f
|
|
||||||
#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
|
|
||||||
74
srcpkgs/apache/patches/libressl-2.7.patch
Normal file
74
srcpkgs/apache/patches/libressl-2.7.patch
Normal file
|
|
@ -0,0 +1,74 @@
|
||||||
|
diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
|
||||||
|
index 66682ea..9cc7862 100644
|
||||||
|
--- ./modules/md/md_crypt.c
|
||||||
|
+++ ./modules/md/md_crypt.c
|
||||||
|
@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
|
||||||
|
|
||||||
|
#ifndef NID_tlsfeature
|
||||||
|
#define NID_tlsfeature 1020
|
||||||
|
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
|
||||||
|
index 48d64cb..2392019 100644
|
||||||
|
--- ./modules/ssl/mod_ssl.c
|
||||||
|
+++ ./modules/ssl/mod_ssl.c
|
||||||
|
@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
|
||||||
|
/* We must register the library in full, to ensure our configuration
|
||||||
|
* code can successfully test the SSL environment.
|
||||||
|
*/
|
||||||
|
-#if MODSSL_USE_OPENSSL_PRE_1_1_API
|
||||||
|
+#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
(void)CRYPTO_malloc_init();
|
||||||
|
#else
|
||||||
|
OPENSSL_malloc_init();
|
||||||
|
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
||||||
|
index a3a74f4..33ea494 100644
|
||||||
|
--- ./modules/ssl/ssl_engine_init.c
|
||||||
|
+++ ./modules/ssl/ssl_engine_init.c
|
||||||
|
@@ -616,7 +616,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
|
||||||
|
|
||||||
|
SSL_CTX_set_options(ctx, SSL_OP_ALL);
|
||||||
|
|
||||||
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||||
|
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
|
||||||
|
/* always disable SSLv2, as per RFC 6176 */
|
||||||
|
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
|
||||||
|
|
||||||
|
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
|
||||||
|
index a39569c..e0e1b37 100644
|
||||||
|
--- ./modules/ssl/ssl_private.h
|
||||||
|
+++ ./modules/ssl/ssl_private.h
|
||||||
|
@@ -132,13 +132,14 @@
|
||||||
|
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
|
||||||
|
#define SSL_CTX_set_max_proto_version(ctx, version) \
|
||||||
|
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
|
||||||
|
-#endif
|
||||||
|
-/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
|
||||||
|
- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
|
||||||
|
- * we have to work around this...
|
||||||
|
+#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
|
||||||
|
+/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
|
||||||
|
+ * include most changes from OpenSSL >= 1.1 (new functions, macros,
|
||||||
|
+ * deprecations, ...), so we have to work around this...
|
||||||
|
*/
|
||||||
|
#define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
|
||||||
|
-#else
|
||||||
|
+#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
|
||||||
|
+#else /* defined(LIBRESSL_VERSION_NUMBER) */
|
||||||
|
#define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
@@ -238,7 +239,8 @@ void init_bio_methods(void);
|
||||||
|
void free_bio_methods(void);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || \
|
||||||
|
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
|
||||||
|
#define X509_STORE_CTX_get0_store(x) (x->ctx)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'apache'
|
# Template file for 'apache'
|
||||||
pkgname=apache
|
pkgname=apache
|
||||||
version=2.4.29
|
version=2.4.29
|
||||||
revision=3
|
revision=4
|
||||||
wrksrc=httpd-${version}
|
wrksrc=httpd-${version}
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--prefix= --sbindir=/usr/bin --enable-pie --enable-modules=all
|
configure_args="--prefix= --sbindir=/usr/bin --enable-pie --enable-modules=all
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue