1 files changed, 46 insertions, 0 deletions

diff --git a/main/haproxy/fix-libressl-2.5.patch b/main/haproxy/fix-libressl-2.5.patch
new file mode 100644
index 0000000000..fbf61507e2
--- /dev/null
+++ b/main/haproxy/fix-libressl-2.5.patch
@@ -0,0 +1,46 @@
+--- a/src/ssl_sock.c.orig	2017-01-13 09:03:00 UTC
++++ b/src/ssl_sock.c
+@@ -792,8 +792,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
+ 		ocsp = NULL;
+ 
+ #ifndef SSL_CTX_get_tlsext_status_cb
+-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
+-	*cb = (void (*) (void))ctx->tlsext_status_cb;
++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
++#endif
++#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
++	*cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
+ #endif
+ 	SSL_CTX_get_tlsext_status_cb(ctx, &callback);
+ 
+@@ -821,7 +824,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
+ 		int key_type;
+ 		EVP_PKEY *pkey;
+ 
+-#ifdef SSL_CTX_get_tlsext_status_arg
++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER)
++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
++#endif
+ 		SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
+ #else
+ 		cb_arg = ctx->tlsext_status_arg;
+@@ -3537,7 +3543,7 @@ int ssl_sock_handshake(struct connection
+ 					OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
+ 					empty_handshake = state == TLS_ST_BEFORE;
+ #else
+-					empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
++					empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
+ #endif
+ 
+ 					if (empty_handshake) {
+@@ -3615,7 +3621,7 @@ int ssl_sock_handshake(struct connection
+ 			state = SSL_get_state((SSL *)conn->xprt_ctx);
+ 			empty_handshake = state == TLS_ST_BEFORE;
+ #else
+-			empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
++			empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
+ #endif
+ 			if (empty_handshake) {
+ 				if (!errno) {