nginx: add patch to fix OCSP stapling with libressl.

2019-07-06 20:10:11 +02:00 · 2019-07-06 20:10:11 +02:00 · 5ed7ef5070
commit 5ed7ef5070
parent bfe41358e7
2 changed files with 28 additions and 1 deletions
--- a/srcpkgs/nginx/patches/fix-libressl-stapling-issues.patch
+++ b/srcpkgs/nginx/patches/fix-libressl-stapling-issues.patch
@ -0,0 +1,27 @@
+ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237757#c5
+--- src/event/ngx_event_openssl_stapling.c.org  2019-05-12 23:56:58.526833000 +0200
+++ src/event/ngx_event_openssl_stapling.c      2019-05-13 01:31:53.737800000 +0200
+@@ -298,7 +298,10 @@
+     SSL_CTX_select_current_cert(ssl->ctx, cert);
+ #endif
+
+-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+#ifdef SSL_CTX_get0_chain_certs
+    /* OpenSSL 1.0.2+ */
+    SSL_CTX_get0_chain_certs(ssl->ctx, &chain);
+#elif SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+     /* OpenSSL 1.0.1+ */
+     SSL_CTX_get_extra_chain_certs(ssl->ctx, &chain);
+ #else
+@@ -655,7 +658,10 @@
+     SSL_CTX_select_current_cert(staple->ssl_ctx, ctx->cert);
+ #endif
+
+-#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+#ifdef SSL_CTX_get0_chain_certs
+    /* OpenSSL 1.0.2+ */
+    SSL_CTX_get0_chain_certs(staple->ssl_ctx, &chain);
+#elif SSL_CTRL_GET_EXTRA_CHAIN_CERTS
+     /* OpenSSL 1.0.1+ */
+     SSL_CTX_get_extra_chain_certs(staple->ssl_ctx, &chain);
+ #else
--- a/srcpkgs/nginx/template
+++ b/srcpkgs/nginx/template
@ -1,7 +1,7 @@
 # Template file for 'nginx'
 pkgname=nginx
 version=1.16.0
-revision=2
+revision=3
 build_style=gnu-makefile
 makedepends="libressl-devel pcre-devel $(vopt_if geoip 'geoip-devel')"
 short_desc="High performance web and reverse proxy server"