aboutsummaryrefslogtreecommitdiffstats
path: root/main/haproxy/fix-libressl-1.8.5.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/haproxy/fix-libressl-1.8.5.patch')
-rw-r--r--main/haproxy/fix-libressl-1.8.5.patch134
1 files changed, 0 insertions, 134 deletions
diff --git a/main/haproxy/fix-libressl-1.8.5.patch b/main/haproxy/fix-libressl-1.8.5.patch
deleted file mode 100644
index ebd9f29628..0000000000
--- a/main/haproxy/fix-libressl-1.8.5.patch
+++ /dev/null
@@ -1,134 +0,0 @@
---- a/src/ssl_sock.c.orig
-+++ b/src/ssl_sock.c
-@@ -56,6 +56,15 @@
- #include <openssl/engine.h>
- #endif
-
-+
-+#ifdef LIBRESSL_VERSION_NUMBER
-+
-+#ifndef OPENSSL_NO_ASYNC
-+#define OPENSSL_NO_ASYNC
-+#endif
-+
-+#endif
-+
- #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
- #include <openssl/async.h>
- #endif
-@@ -1126,8 +1135,11 @@
- ocsp = NULL;
-
- #ifndef SSL_CTX_get_tlsext_status_cb
--# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
-- *cb = (void (*) (void))ctx->tlsext_status_cb;
-+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
-+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
-+#endif
-+#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
-+ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
- #endif
- SSL_CTX_get_tlsext_status_cb(ctx, &callback);
-
-@@ -1155,7 +1167,10 @@
- int key_type;
- EVP_PKEY *pkey;
-
--#ifdef SSL_CTX_get_tlsext_status_arg
-+#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER)
-+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
-+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
-+#endif
- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
- #else
- cb_arg = ctx->tlsext_status_arg;
-@@ -2066,7 +2081,7 @@
- SSL_set_SSL_CTX(ssl, ctx);
- }
-
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
-
- static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
- {
-@@ -2208,7 +2223,7 @@
- #else
- cipher = SSL_CIPHER_find(ssl, cipher_suites);
- #endif
-- if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
-+ if (cipher && SSL_CIPHER_is_ECDSA(cipher)) {
- has_ecdsa = 1;
- break;
- }
-@@ -2306,7 +2321,7 @@
- #ifdef OPENSSL_IS_BORINGSSL
- if (allow_early)
- SSL_set_early_data_enabled(ssl, 1);
--#else
-+#elif !defined LIBRESSL_VERSION_NUMBER
- if (!allow_early)
- SSL_set_max_early_data(ssl, 0);
- #endif
-@@ -3798,7 +3813,7 @@
- #ifdef OPENSSL_IS_BORINGSSL
- SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
- SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
--#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER
- SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
- SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
- #else
-@@ -5052,7 +5067,7 @@
- if (!conn->xprt_ctx)
- goto out_error;
-
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined LIBRESSL_VERSION_NUMBER
- /*
- * Check if we have early data. If we do, we have to read them
- * before SSL_do_handshake() is called, And there's no way to
-@@ -5128,7 +5143,7 @@
- OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
- empty_handshake = state == TLS_ST_BEFORE;
- #else
-- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
-+ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
- #endif
- if (empty_handshake) {
- if (!errno) {
-@@ -5212,7 +5227,7 @@
- OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
- empty_handshake = state == TLS_ST_BEFORE;
- #else
-- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
-+ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
- #endif
- if (empty_handshake) {
- if (!errno) {
-@@ -5252,7 +5267,7 @@
- goto out_error;
- }
- }
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER
- else {
- /*
- * If the server refused the early data, we have to send a
-@@ -5375,7 +5390,7 @@
- continue;
- }
-
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER
- if (conn->flags & CO_FL_EARLY_SSL_HS) {
- size_t read_length;
-
-@@ -5531,7 +5546,7 @@
- conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
- }
-
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER
- if (!SSL_is_init_finished(conn->xprt_ctx)) {
- unsigned int max_early;
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 20:10:20 +0000