From 732d873372c74e5918877e8ec21ba6944a884229 Mon Sep 17 00:00:00 2001
From: John <me@johnnynator.dev>
Date: Wed, 3 Feb 2021 17:25:34 +0100
Subject: [PATCH] vpn-ws: add OpenSSL patch

---
 srcpkgs/vpn-ws/patches/openssl.patch | 52 ++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 srcpkgs/vpn-ws/patches/openssl.patch

diff --git a/srcpkgs/vpn-ws/patches/openssl.patch b/srcpkgs/vpn-ws/patches/openssl.patch
new file mode 100644
index 00000000000..65c421a2f00
--- /dev/null
+++ b/srcpkgs/vpn-ws/patches/openssl.patch
@@ -0,0 +1,52 @@
+From a9d297969457e4f1a835e7481ddcbb4a2241692b Mon Sep 17 00:00:00 2001
+From: Peter Nikolow <peter@mobiliodevelopment.com>
+Date: Fri, 29 Jan 2021 13:24:58 +0200
+Subject: [PATCH 2/3] Update ssl.c
+
+Fixing OpenSSL 1.1 deprecation of OPENSSL_config
+---
+ src/ssl.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/ssl.c b/src/ssl.c
+index 4f0405c..996e9b0 100644
+--- src/ssl.c
++++ src/ssl.c
+@@ -225,7 +225,11 @@ static SSL_CTX *ssl_ctx = NULL;
+ 
+ void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
+ 	if (!ssl_initialized) {
+-		OPENSSL_config(NULL);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++               OPENSSL_config(NULL);
++#else
++               OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG,NULL);
++#endif
+         	SSL_library_init();
+         	SSL_load_error_strings();
+         	OpenSSL_add_all_algorithms();
+
+From ec10c3526b115ea32775f495abd449948cc1d807 Mon Sep 17 00:00:00 2001
+From: Peter Nikolow <peter@mobiliodevelopment.com>
+Date: Fri, 29 Jan 2021 13:30:22 +0200
+Subject: [PATCH 3/3] Update ssl.c
+
+Adding default locations for trusted CA certificates.
+
+This helps is your server uses 3rd party certificate like Let's Encrypt.
+---
+ src/ssl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/ssl.c b/src/ssl.c
+index 996e9b0..3759d5b 100644
+--- src/ssl.c
++++ src/ssl.c
+@@ -254,6 +254,7 @@ void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
+ 			SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
+ 		}
+ 		else {
++			SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/certs/ca-certificates.crt", "/etc/ssl/certs/");
+ 			SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+ 		}
+ 		ssl_peer_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);