diff options
Diffstat (limited to 'main/haproxy/fix-libressl-1.8.5.patch')
-rw-r--r-- | main/haproxy/fix-libressl-1.8.5.patch | 134 |
1 files changed, 0 insertions, 134 deletions
diff --git a/main/haproxy/fix-libressl-1.8.5.patch b/main/haproxy/fix-libressl-1.8.5.patch deleted file mode 100644 index ebd9f29628..0000000000 --- a/main/haproxy/fix-libressl-1.8.5.patch +++ /dev/null @@ -1,134 +0,0 @@ ---- a/src/ssl_sock.c.orig -+++ b/src/ssl_sock.c -@@ -56,6 +56,15 @@ - #include <openssl/engine.h> - #endif - -+ -+#ifdef LIBRESSL_VERSION_NUMBER -+ -+#ifndef OPENSSL_NO_ASYNC -+#define OPENSSL_NO_ASYNC -+#endif -+ -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) - #include <openssl/async.h> - #endif -@@ -1126,8 +1135,11 @@ - ocsp = NULL; - - #ifndef SSL_CTX_get_tlsext_status_cb --# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ -- *cb = (void (*) (void))ctx->tlsext_status_cb; -+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB -+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 -+#endif -+#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ -+ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) - #endif - SSL_CTX_get_tlsext_status_cb(ctx, &callback); - -@@ -1155,7 +1167,10 @@ - int key_type; - EVP_PKEY *pkey; - --#ifdef SSL_CTX_get_tlsext_status_arg -+#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER) -+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG -+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 -+#endif - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); - #else - cb_arg = ctx->tlsext_status_arg; -@@ -2066,7 +2081,7 @@ - SSL_set_SSL_CTX(ssl, ctx); - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL) -+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) - - static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv) - { -@@ -2208,7 +2223,7 @@ - #else - cipher = SSL_CIPHER_find(ssl, cipher_suites); - #endif -- if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) { -+ if (cipher && SSL_CIPHER_is_ECDSA(cipher)) { - has_ecdsa = 1; - break; - } -@@ -2306,7 +2321,7 @@ - #ifdef OPENSSL_IS_BORINGSSL - if (allow_early) - SSL_set_early_data_enabled(ssl, 1); --#else -+#elif !defined LIBRESSL_VERSION_NUMBER - if (!allow_early) - SSL_set_max_early_data(ssl, 0); - #endif -@@ -3798,7 +3813,7 @@ - #ifdef OPENSSL_IS_BORINGSSL - SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); --#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER - SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); - #else -@@ -5052,7 +5067,7 @@ - if (!conn->xprt_ctx) - goto out_error; - --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined LIBRESSL_VERSION_NUMBER - /* - * Check if we have early data. If we do, we have to read them - * before SSL_do_handshake() is called, And there's no way to -@@ -5128,7 +5143,7 @@ - OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); - empty_handshake = state == TLS_ST_BEFORE; - #else -- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; -+ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; - #endif - if (empty_handshake) { - if (!errno) { -@@ -5212,7 +5227,7 @@ - OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); - empty_handshake = state == TLS_ST_BEFORE; - #else -- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; -+ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; - #endif - if (empty_handshake) { - if (!errno) { -@@ -5252,7 +5267,7 @@ - goto out_error; - } - } --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER - else { - /* - * If the server refused the early data, we have to send a -@@ -5375,7 +5390,7 @@ - continue; - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER - if (conn->flags & CO_FL_EARLY_SSL_HS) { - size_t read_length; - -@@ -5531,7 +5546,7 @@ - conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED; - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER - if (!SSL_is_init_finished(conn->xprt_ctx)) { - unsigned int max_early; - |