diff options
| author | Andy Postnikov <apostnikov@gmail.com> | 2017-11-30 15:12:12 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-04-06 05:19:22 +0000 |
| commit | 783811d1ac952d97d9b086d252456f27832ef3c4 (patch) | |
| tree | 811cd6bef11106f0a1705308ce9475cfdaa23f1f /main/haproxy/fix-libressl-1.8.5.patch | |
| parent | d1d940636b26b200f991e48525737fd511f271d3 (diff) | |
| download | aports-783811d1ac952d97d9b086d252456f27832ef3c4.tar.bz2 aports-783811d1ac952d97d9b086d252456f27832ef3c4.tar.xz | |
main/haproxy: upgrade to 1.8.5
Diffstat (limited to 'main/haproxy/fix-libressl-1.8.5.patch')
| -rw-r--r-- | main/haproxy/fix-libressl-1.8.5.patch | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/main/haproxy/fix-libressl-1.8.5.patch b/main/haproxy/fix-libressl-1.8.5.patch new file mode 100644 index 0000000000..ebd9f29628 --- /dev/null +++ b/main/haproxy/fix-libressl-1.8.5.patch @@ -0,0 +1,134 @@ +--- a/src/ssl_sock.c.orig ++++ b/src/ssl_sock.c +@@ -56,6 +56,15 @@ + #include <openssl/engine.h> + #endif + ++ ++#ifdef LIBRESSL_VERSION_NUMBER ++ ++#ifndef OPENSSL_NO_ASYNC ++#define OPENSSL_NO_ASYNC ++#endif ++ ++#endif ++ + #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) + #include <openssl/async.h> + #endif +@@ -1126,8 +1135,11 @@ + ocsp = NULL; + + #ifndef SSL_CTX_get_tlsext_status_cb +-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ +- *cb = (void (*) (void))ctx->tlsext_status_cb; ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 ++#endif ++#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ ++ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) + #endif + SSL_CTX_get_tlsext_status_cb(ctx, &callback); + +@@ -1155,7 +1167,10 @@ + int key_type; + EVP_PKEY *pkey; + +-#ifdef SSL_CTX_get_tlsext_status_arg ++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER) ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 ++#endif + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); + #else + cb_arg = ctx->tlsext_status_arg; +@@ -2066,7 +2081,7 @@ + SSL_set_SSL_CTX(ssl, ctx); + } + +-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL) ++#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) + + static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv) + { +@@ -2208,7 +2223,7 @@ + #else + cipher = SSL_CIPHER_find(ssl, cipher_suites); + #endif +- if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) { ++ if (cipher && SSL_CIPHER_is_ECDSA(cipher)) { + has_ecdsa = 1; + break; + } +@@ -2306,7 +2321,7 @@ + #ifdef OPENSSL_IS_BORINGSSL + if (allow_early) + SSL_set_early_data_enabled(ssl, 1); +-#else ++#elif !defined LIBRESSL_VERSION_NUMBER + if (!allow_early) + SSL_set_max_early_data(ssl, 0); + #endif +@@ -3798,7 +3813,7 @@ + #ifdef OPENSSL_IS_BORINGSSL + SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); +-#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) ++#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER + SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL); + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); + #else +@@ -5052,7 +5067,7 @@ + if (!conn->xprt_ctx) + goto out_error; + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined LIBRESSL_VERSION_NUMBER + /* + * Check if we have early data. If we do, we have to read them + * before SSL_do_handshake() is called, And there's no way to +@@ -5128,7 +5143,7 @@ + OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + if (empty_handshake) { + if (!errno) { +@@ -5212,7 +5227,7 @@ + OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + if (empty_handshake) { + if (!errno) { +@@ -5252,7 +5267,7 @@ + goto out_error; + } + } +-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER + else { + /* + * If the server refused the early data, we have to send a +@@ -5375,7 +5390,7 @@ + continue; + } + +-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER + if (conn->flags & CO_FL_EARLY_SSL_HS) { + size_t read_length; + +@@ -5531,7 +5546,7 @@ + conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED; + } + +-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) ++#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined LIBRESSL_VERSION_NUMBER + if (!SSL_is_init_finished(conn->xprt_ctx)) { + unsigned int max_early; + |