3 files changed, 171 insertions, 9 deletions

diff --git a/community/lua-turbo/APKBUILD b/community/lua-turbo/APKBUILD
index 92031440fd..22656d4d79 100644
--- a/community/lua-turbo/APKBUILD
+++ b/community/lua-turbo/APKBUILD
@@ -4,21 +4,23 @@
 pkgname=lua-turbo
 _jitver=2.1.0_beta3
 pkgver=2.1.3
-pkgrel=2
+pkgrel=3
 pkgdesc="a framework built for LuaJIT 2 and Linux"
 url="https://github.com/kernelsauce/turbo"
 # luajit is not available for disabled arches
 arch="all !s390x"
 license="Apache-2.0"
-depends="luajit lua5.1-cjson ca-certificates"
+depends="luajit lua5.1-cjson lua5.1-sec ca-certificates"
 subpackages="$pkgname-openrc"
 # https://github.com/kernelsauce/turbo/issues/343 (libressl-dev)
-makedepends="libressl-dev" 
+makedepends="openssl-dev"
 options="!check" # bundled tests dont work
 source="$pkgname-$pkgver.tar.gz::https://github.com/kernelsauce/turbo/archive/v$pkgver.tar.gz
 	$pkgname.initd
 	$pkgname.confd
 	0001-use-cjson-instead-of-JSON.lua.patch
+	default-luasocket.patch
+	openssl-1.1.patch
 	"
 
 builddir="$srcdir/turbo-$pkgver"
@@ -36,12 +38,10 @@ prepare() {
 		die "cannot locate luajit APKBUILD!"
 	fi
 	# we need to fix the loading of libssl.
+	local _soname=$(scanelf --nobanner --soname /usr/lib/libssl.so | awk '{print $2}')
 	sed -i -e \
-		's|"ssl")$|"/lib/libssl.so.47")|' \
-		turbo/hash.lua
-	sed -i -e \
-		's|"ssl")$|"/lib/libssl.so.47")|' \
-		turbo/crypto_linux.lua
+		"/ffi.load/s|\"ssl\")$|\"/usr/lib/$_soname\")|" \
+		turbo/hash.lua turbo/crypto_linux.lua
 }
 
 build() {
@@ -67,4 +67,6 @@ package() {
 sha512sums="c553478f3985d2b462a81a6a9555b911d50dab8fe790aa4185fc1fbc2b4af7e85418dc874d91a85fa38d57f2057acefb7d91996ae250a9a794d0d61055f95326  lua-turbo-2.1.3.tar.gz
 2e91d5dda33b4bf09667fd23c80a471e93605125a820c440c2b1b022b8bce6ab065493473b153f1fa1863e9655f6413dbe42dc983260da4ed8bee3b2e3743ec2  lua-turbo.initd
 3d2816738a2ee615bb6523b6b0aff12a51062e56ade5dbaa4b1b63afda8dce0a532c099b8a03fe67d589058ac8a7d49434a68fb28d93b167a56c56acc7596fdb  lua-turbo.confd
-b3579e2a90dd0a50701f06f07de88e2398145c12df41c07c87a22e78bd159280b7e445b51c3a37f8314695abdcdc6f2045433a84d5c84be795d1bcbbbd6c8f97  0001-use-cjson-instead-of-JSON.lua.patch"
+b3579e2a90dd0a50701f06f07de88e2398145c12df41c07c87a22e78bd159280b7e445b51c3a37f8314695abdcdc6f2045433a84d5c84be795d1bcbbbd6c8f97  0001-use-cjson-instead-of-JSON.lua.patch
+724e78556296e58f4df8e089f782dba7d4387a26e6ab80f5585b65c35b97c460edf3fe2e6b33bc817fdb5eb5923fd0ae39054060c238dbd41a185b52a70b3949  default-luasocket.patch
+6cc7c511f66f5d28b0a0799b22e6545dc2dce975539a446eff56ea0016f28116f6c777536b3d1a9e9c076e6db7b4ed75d7caa8a201efdd467b857a7342a6c2c0  openssl-1.1.patch"
diff --git a/community/lua-turbo/default-luasocket.patch b/community/lua-turbo/default-luasocket.patch
new file mode 100644
index 0000000000..ca5d877397
--- /dev/null
+++ b/community/lua-turbo/default-luasocket.patch
@@ -0,0 +1,14 @@
+diff --git a/turbo.lua b/turbo.lua
+index 543cce4..e03f8ce 100644
+--- a/turbo.lua
++++ b/turbo.lua
+@@ -88,6 +88,9 @@ assert(pcall(require, "bit") or pcall(require, "bit32"),
+     "No bit or compatible library available")
+ turbo.platform =        require "turbo.platform"
+ turbo.log =             require "turbo.log"
++if _G.__TURBO_USE_LUASOCKET__ == nil then
++    _G.__TURBO_USE_LUASOCKET__ = true
++end
+ if not turbo.platform.__LINUX__ then
+     if not pcall(require, "socket") then
+         turbo.log.error("Could not load LuaSocket. Aborting.")
diff --git a/community/lua-turbo/openssl-1.1.patch b/community/lua-turbo/openssl-1.1.patch
new file mode 100644
index 0000000000..1b33ea8bcd
--- /dev/null
+++ b/community/lua-turbo/openssl-1.1.patch
@@ -0,0 +1,146 @@
+diff --git a/turbo/cdef.lua b/turbo/cdef.lua
+index 62895de..62830e7 100755
+--- a/turbo/cdef.lua
++++ b/turbo/cdef.lua
+@@ -611,6 +611,7 @@ if _G.TURBO_SSL then
+         typedef void ASN1_STRING;
+         typedef unsigned int SHA_LONG;
+         typedef void EVP_MD;
++	typedef void OPENSSL_INIT_SETTINGS;
+         typedef struct SHAstate_st{
+             SHA_LONG h0,h1,h2,h3,h4;
+             SHA_LONG Nl,Nh;
+@@ -618,11 +619,9 @@ if _G.TURBO_SSL then
+             unsigned int num;
+         } SHA_CTX;
+ 
+-        const SSL_METHOD *SSLv3_server_method(void);
+-        const SSL_METHOD *SSLv3_client_method(void);
+-        const SSL_METHOD *SSLv23_method(void);
+-        const SSL_METHOD *SSLv23_server_method(void);
+-        const SSL_METHOD *SSLv23_client_method(void);
++        const SSL_METHOD *TLS_method(void);
++        const SSL_METHOD *TLS_server_method(void);
++        const SSL_METHOD *TLS_client_method(void);
+         const SSL_METHOD *TLSv1_method(void);
+         const SSL_METHOD *TLSv1_server_method(void);
+         const SSL_METHOD *TLSv1_client_method(void);
+@@ -632,10 +631,8 @@ if _G.TURBO_SSL then
+         const SSL_METHOD *TLSv1_2_method(void);
+         const SSL_METHOD *TLSv1_2_server_method(void);
+         const SSL_METHOD *TLSv1_2_client_method(void);
+-        void OPENSSL_add_all_algorithms_noconf(void);
+-        void SSL_load_error_strings(void);
+         void ERR_free_strings(void);
+-        int SSL_library_init(void);
++	int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+         void EVP_cleanup(void);
+         SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+         void SSL_CTX_free(SSL_CTX *);
+@@ -656,8 +653,13 @@ if _G.TURBO_SSL then
+             const char *CApath);
+         int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+         SSL *SSL_new(SSL_CTX *ctx);
++	int SSL_set1_host(SSL *s, const char *hostname);
++	int SSL_add1_host(SSL *s, const char *hostname);
++	void SSL_set_hostflags(SSL *s, unsigned int flags);
++	const char *SSL_get0_peername(SSL *s);
+         void SSL_set_connect_state(SSL *s);
+         void SSL_set_accept_state(SSL *s);
++	long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+         int SSL_do_handshake(SSL *s);
+         int SSL_set_fd(SSL *s, int fd);
+         int SSL_accept(SSL *ssl);
+diff --git a/turbo/crypto_linux.lua b/turbo/crypto_linux.lua
+index 1473022..54c07a9 100644
+--- a/turbo/crypto_linux.lua
++++ b/turbo/crypto_linux.lua
+@@ -23,7 +23,7 @@ require "turbo.cdef"
+ 
+ local crypto = {} -- crypto namespace
+ 
+-local lssl = ffi.load(os.getenv("TURBO_LIBSSL") or "ssl")
++local lssl = ffi.load(os.getenv("TURBO_LIBSSL") or "/usr/lib/libssl.so.1.1")
+ local libtffi = util.load_libtffi()
+ 
+ local EWOULDBLOCK, EINPROGRESS, ECONNRESET =
+@@ -32,6 +32,7 @@ local EWOULDBLOCK, EINPROGRESS, ECONNRESET =
+ crypto.X509_FILETYPE_PEM =          1
+ crypto.X509_FILETYPE_ASN1 =         2
+ crypto.X509_FILETYPE_DEFAULT =      3
++crypto.X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS = 0x4
+ crypto.SSL_FILETYPE_ASN1 =          crypto.X509_FILETYPE_ASN1
+ crypto.SSL_FILETYPE_PEM =           crypto.X509_FILETYPE_PEM
+ crypto.SSL_ERROR_NONE =             0
+@@ -77,9 +78,7 @@ end
+ function crypto.ssl_init()
+     if not _G._TURBO_SSL_INITED then
+        _TURBO_SSL_INITED = true
+-        lssl.SSL_load_error_strings()
+-        lssl.SSL_library_init()
+-        lssl.OPENSSL_add_all_algorithms_noconf()
++       lssl.OPENSSL_init_ssl(0, nil)
+     end
+ end
+ if _G.TURBO_SSL then
+@@ -107,7 +106,7 @@ function crypto.ssl_create_client_context(
+     -- Use standardish path to ca-certificates if not specified by user.
+     -- May not be present on all Unix systems.
+     ca_cert_path = ca_cert_path or "/etc/ssl/certs/ca-certificates.crt"
+-    meth = sslv or lssl.SSLv23_client_method()
++    meth = sslv or lssl.TLS_client_method()
+     if meth == nil then
+         err = lssl.ERR_peek_error()
+         lssl.ERR_clear_error()
+@@ -142,7 +141,7 @@ function crypto.ssl_create_client_context(
+     end
+     if verify == true then
+         if lssl.SSL_CTX_load_verify_locations(ctx,
+-                ca_cert_path, nil) ~= 1 then
++                ca_cert_path, "/etc/ssl/certs/") ~= 1 then
+             err = lssl.ERR_peek_error()
+             lssl.ERR_clear_error()
+             return err, crypto.ERR_error_string(err)
+@@ -172,7 +171,7 @@ function crypto.ssl_create_server_context(cert_file, prv_file, ca_cert_path, ssl
+     elseif not prv_file then
+         return -1, "No priv file given in arguments";
+     end
+-    meth = sslv or lssl.SSLv23_server_method()
++    meth = sslv or lssl.TLS_server_method()
+     if meth == nil then
+         err = lssl.ERR_peek_error()
+         lssl.ERR_clear_error()
+@@ -249,6 +248,18 @@ function crypto.ssl_do_handshake(SSLIOStream)
+     -- EINPROGRESS or equaivalent on prior calls. The OpenSSL
+     -- documentation states that SSL_do_handshake should be called again
+     -- when its needs are satisfied.
++    if SSLIOStream._ssl_verify then
++        lssl.SSL_set_hostflags(ssl, crypto.X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
++	if lssl.SSL_set1_host(ssl, SSLIOStream._ssl_hostname) <= 0 then
++            err = crypto.lib.ERR_peek_error()
++            crypto.lib.ERR_clear_error()
++            error(string.format(
++                "Could not do SSL handshake. \
++                     Failed to set SSL hostname: %s",
++                crypto.ERR_error_string(err)))
++	end
++	print("DEBUG!!!: set ssl hostname", SSLIOStream._ssl_hostname)
++    end
+     rc = crypto.lib.SSL_do_handshake(ssl)
+     if rc <= 0 then
+         if client and SSLIOStream._ssl_verify then
+@@ -308,14 +319,6 @@ function crypto.ssl_do_handshake(SSLIOStream)
+                 "Could not do SSL handshake. SSL_do_hanshake returned %d",
+                 err))
+         end
+-    else
+-        if client and SSLIOStream._ssl_verify then
+-            rc = libtffi.validate_hostname(SSLIOStream._ssl_hostname, ssl)
+-            if rc ~= crypto.validate.MatchFound then
+-                error("SSL certficate hostname validation failed, rc " ..
+-                tonumber(rc))
+-            end
+-        end
+     end
+     return true
+ end