From 5ed7ef50708d5d2ab7785edbc62998cd149192ce Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Sat, 6 Jul 2019 20:10:11 +0200 Subject: [PATCH] nginx: add patch to fix OCSP stapling with libressl. --- .../fix-libressl-stapling-issues.patch | 27 +++++++++++++++++++ srcpkgs/nginx/template | 2 +- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/nginx/patches/fix-libressl-stapling-issues.patch diff --git a/srcpkgs/nginx/patches/fix-libressl-stapling-issues.patch b/srcpkgs/nginx/patches/fix-libressl-stapling-issues.patch new file mode 100644 index 00000000000..f91962c54ce --- /dev/null +++ b/srcpkgs/nginx/patches/fix-libressl-stapling-issues.patch @@ -0,0 +1,27 @@ +ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237757#c5 +--- src/event/ngx_event_openssl_stapling.c.org 2019-05-12 23:56:58.526833000 +0200 ++++ src/event/ngx_event_openssl_stapling.c 2019-05-13 01:31:53.737800000 +0200 +@@ -298,7 +298,10 @@ + SSL_CTX_select_current_cert(ssl->ctx, cert); + #endif + +-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS ++#ifdef SSL_CTX_get0_chain_certs ++ /* OpenSSL 1.0.2+ */ ++ SSL_CTX_get0_chain_certs(ssl->ctx, &chain); ++#elif SSL_CTRL_GET_EXTRA_CHAIN_CERTS + /* OpenSSL 1.0.1+ */ + SSL_CTX_get_extra_chain_certs(ssl->ctx, &chain); + #else +@@ -655,7 +658,10 @@ + SSL_CTX_select_current_cert(staple->ssl_ctx, ctx->cert); + #endif + +-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS ++#ifdef SSL_CTX_get0_chain_certs ++ /* OpenSSL 1.0.2+ */ ++ SSL_CTX_get0_chain_certs(staple->ssl_ctx, &chain); ++#elif SSL_CTRL_GET_EXTRA_CHAIN_CERTS + /* OpenSSL 1.0.1+ */ + SSL_CTX_get_extra_chain_certs(staple->ssl_ctx, &chain); + #else diff --git a/srcpkgs/nginx/template b/srcpkgs/nginx/template index 3b89955b633..1d73f6a2b75 100644 --- a/srcpkgs/nginx/template +++ b/srcpkgs/nginx/template @@ -1,7 +1,7 @@ # Template file for 'nginx' pkgname=nginx version=1.16.0 -revision=2 +revision=3 build_style=gnu-makefile makedepends="libressl-devel pcre-devel $(vopt_if geoip 'geoip-devel')" short_desc="High performance web and reverse proxy server"