diff options
| -rw-r--r-- | main/haproxy/APKBUILD | 6 | ||||
| -rw-r--r-- | main/haproxy/libressl-2.7.patch | 104 |
2 files changed, 2 insertions, 108 deletions
diff --git a/main/haproxy/APKBUILD b/main/haproxy/APKBUILD index da99a2c815..84644fc13b 100644 --- a/main/haproxy/APKBUILD +++ b/main/haproxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=haproxy pkgver=1.8.12 _pkgmajorver=${pkgver%.*} -pkgrel=0 +pkgrel=1 pkgdesc="A TCP/HTTP reverse proxy for high availability environments" url="http://haproxy.1wt.eu" arch="all" @@ -11,11 +11,10 @@ license="GPL" _luaver="5.3" options="!check" # FIXME: no idea how to run tests depends="" -makedepends="pcre-dev libressl-dev linux-headers lua${_luaver}-dev zlib-dev" +makedepends="pcre-dev openssl-dev linux-headers lua${_luaver}-dev zlib-dev" install="haproxy.pre-install haproxy.pre-upgrade" subpackages="$pkgname-doc" source="http://haproxy.1wt.eu/download/${_pkgmajorver}/src/$pkgname-$pkgver.tar.gz - libressl-2.7.patch haproxy.initd haproxy.cfg" @@ -50,6 +49,5 @@ package() { } sha512sums="2b782a54988cc88d1af0e5f011af062910e8fac28eab13db7e05a58d0d23961f827da47e3871e8d081f5a2d222588480d81dec2e9f14ec9f54a1c3cb5bf3d56a haproxy-1.8.12.tar.gz -636bb2b18ad1de7f9cf97f69c8a911aae6575787eac999d1c419bf22989a3a36a7de14d21620a9919ae717be807518c9db0e20c46ca5788a3f9a5857ceb0bfee libressl-2.7.patch 3ab277bf77fe864ec6c927118dcd70bdec0eb3c54535812d1c3c0995fa66a3ea91a73c342edeb8944caeb097d2dd1a7761099182df44af5e3ef42de6e2176d26 haproxy.initd 26bc8f8ac504fcbaec113ecbb9bb59b9da47dc8834779ebbb2870a8cadf2ee7561b3a811f01e619358a98c6c7768e8fdd90ab447098c05b82e788c8212c4c41f haproxy.cfg" diff --git a/main/haproxy/libressl-2.7.patch b/main/haproxy/libressl-2.7.patch deleted file mode 100644 index 8a3dc82507..0000000000 --- a/main/haproxy/libressl-2.7.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h -index b6fe1d2..551cae2 100644 ---- a/include/proto/openssl-compat.h -+++ b/include/proto/openssl-compat.h -@@ -89,7 +89,7 @@ static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned cha - } - #endif - --#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) -+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L)) || defined(OPENSSL_IS_BORINGSSL) - /* - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL - */ -@@ -121,7 +121,7 @@ static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP * - - #endif - --#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) -+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L)) - /* - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL - */ -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index c2b5bf6..ebde76d 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -56,6 +56,14 @@ - #include <openssl/engine.h> - #endif - -+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ASYNC) -+#define OPENSSL_NO_ASYNC -+#endif -+ -+#if defined(SSL_READ_EARLY_DATA_ERROR) && defined(SSL_READ_EARLY_DATA_SUCCESS) -+#define HAVE_SSL_READ_EARLY -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) - #include <openssl/async.h> - #endif -@@ -2066,7 +2074,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx) - SSL_set_SSL_CTX(ssl, ctx); - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL) -+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER) - - static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv) - { -@@ -3798,7 +3806,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf) - #ifdef OPENSSL_IS_BORINGSSL - SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); --#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); - #else -@@ -5052,7 +5060,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) - if (!conn->xprt_ctx) - goto out_error; - --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if HAVE_SSL_READ_EARLY - /* - * Check if we have early data. If we do, we have to read them - * before SSL_do_handshake() is called, And there's no way to -@@ -5252,7 +5260,7 @@ check_error: - goto out_error; - } - } --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_READ_EARLY - else { - /* - * If the server refused the early data, we have to send a -@@ -5375,7 +5383,7 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun - continue; - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if OPENSSL_READ_EARLY - if (conn->flags & CO_FL_EARLY_SSL_HS) { - size_t read_length; - -@@ -5512,7 +5520,7 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl - * in which case we accept to do it once again. - */ - while (buf->o) { --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_EARLY_DATA - size_t written_data; - #endif - -@@ -5531,7 +5539,7 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl - conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED; - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_EARLY_DATA - if (!SSL_is_init_finished(conn->xprt_ctx)) { - unsigned int max_early; - |