Unbreak build with LibreSSL

PR: 196256
svn path=/head/; revision=380216
2024-11-27 00:57:50 +00:00 · 2015-03-01 17:41:42 +00:00 · 2015-03-01 17:41:42 +00:00 · f6f2f52ecb · 2021-03-31 03:12:20 +00:00
commit f6f2f52ecb
parent df5e983740
8 changed files with 185 additions and 0 deletions
--- a/www/apache22/files/patch-acinclude.m4
+++ b/www/apache22/files/patch-acinclude.m4
@ -0,0 +1,11 @@
+--- acinclude.m4.orig	2012-07-06 17:23:21.000000000 +0200
+++ acinclude.m4	2015-02-28 10:22:26.577650967 +0100
+@@ -455,6 +455,8 @@
+     AC_CHECK_HEADERS([openssl/engine.h])
+     AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
+     AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
+    AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain])
+    AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_SSL_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
+   else
+     AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"])
+     AC_CHECK_FUNCS(SSL_set_state)
--- a/www/apache22/files/patch-configure
+++ b/www/apache22/files/patch-configure
@ -0,0 +1,62 @@
+--- configure.orig	2014-08-22 19:54:19.000000000 +0200
+++ configure	2015-02-28 10:22:46.822052140 +0100
+@@ -13853,6 +13922,59 @@
+ fi
+ done
+ 
+    for ac_func in SSL_CTX_use_certificate_chain
+do :
+  ac_fn_c_check_func "$LINENO" "SSL_CTX_use_certificate_chain" "ac_cv_func_SSL_CTX_use_certificate_chain"
+if test "x$ac_cv_func_SSL_CTX_use_certificate_chain" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN 1
+_ACEOF
+
+fi
+done
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_egd ();
+int
+main ()
+{
+return RAND_egd ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_crypto_RAND_egd=yes
+else
+  ac_cv_lib_crypto_RAND_egd=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
+
+$as_echo "#define HAVE_SSL_RAND_EGD 1" >>confdefs.h
+
+fi
+
+   else
+     for ac_func in SSLC_library_version SSL_CTX_new
+ do :
--- a/www/apache22/files/patch-include__ap_config_auto.h.in
+++ b/www/apache22/files/patch-include__ap_config_auto.h.in
@ -0,0 +1,15 @@
+--- include/ap_config_auto.h.in.orig	2014-08-22 19:54:18.000000000 +0200
+++ include/ap_config_auto.h.in	2015-02-28 10:25:55.191842645 +0100
+@@ -127,6 +127,12 @@
+ /* Define to 1 if you have the `SSL_CTX_new' function. */
+ #undef HAVE_SSL_CTX_NEW
+ 
+/* Define to 1 if you run LibreSSL which defines SSL_CTX_use_certificate_chain as well */
+#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+
+/* Define to 1 if your OpenSSL library supports RAND_egd */
+#undef HAVE_SSL_RAND_EGD
+
+ /* Define to 1 if you have the `SSL_set_cert_store' function. */
+ #undef HAVE_SSL_SET_CERT_STORE
+ 
--- a/www/apache22/files/patch-modulessslssl_engine_init.c
+++ b/www/apache22/files/patch-modulessslssl_engine_init.c
@ -0,0 +1,38 @@
+--- modules/ssl/ssl_engine_init.c.orig	2014-07-16 08:04:38.000000000 +0200
+++ modules/ssl/ssl_engine_init.c	2015-02-28 10:52:11.571641334 +0100
+@@ -406,9 +406,11 @@
+             ssl_die();
+         }
+ 
+#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
+         if (strEQ(mc->szCryptoDevice, "chil")) {
+             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+         }
+#endif
+ 
+         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+@@ -584,6 +586,10 @@
+ #endif
+ 
+ 
+#ifdef SSL_NO_COMP
+#define OPENSSL_NO_COMP
+#endif
+
+ #ifndef OPENSSL_NO_COMP
+     if (sc->compression != TRUE) {
+ #ifdef SSL_OP_NO_COMPRESSION
+@@ -831,7 +837,11 @@
+         }
+     }
+ 
+-    n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+          n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+#else
+          n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+#endif
+                                       (char *)chain,
+                                       skip_first, NULL);
+     if (n < 0) {
--- a/www/apache22/files/patch-modulessslssl_engine_rand.c
+++ b/www/apache22/files/patch-modulessslssl_engine_rand.c
@ -0,0 +1,20 @@
+--- modules/ssl/ssl_engine_rand.c.orig	2006-07-12 05:38:44.000000000 +0200
+++ modules/ssl/ssl_engine_rand.c	2015-02-28 10:47:35.481607754 +0100
+@@ -83,17 +83,6 @@
+                 nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
+                 ssl_util_ppclose(s, p, fp);
+             }
+-#ifdef HAVE_SSL_RAND_EGD
+-            else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
+-                /*
+-                 * seed in contents provided by the external
+-                 * Entropy Gathering Daemon (EGD)
+-                 */
+-                if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
+-                    continue;
+-                nDone += n;
+-            }
+-#endif
+             else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
+                 struct {
+                     time_t t;
--- a/www/apache22/files/patch-modulessslssl_engine_vars.c
+++ b/www/apache22/files/patch-modulessslssl_engine_vars.c
@ -0,0 +1,11 @@
+--- modules/ssl/ssl_engine_vars.c.orig	2013-02-12 12:51:17.000000000 +0100
+++ modules/ssl/ssl_engine_vars.c	2015-02-28 10:54:21.257798164 +0100
+@@ -832,7 +832,7 @@
+ {
+     char *result = "NULL";
+ #ifdef OPENSSL_VERSION_NUMBER
+-#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
+     SSL_SESSION *pSession = SSL_get_session(ssl);
+ 
+     if (pSession) {
--- a/www/apache22/files/patch-modulessslssl_util_ssl.c
+++ b/www/apache22/files/patch-modulessslssl_util_ssl.c
@ -0,0 +1,14 @@
+--- modules/ssl/ssl_util_ssl.c.orig	2012-08-17 19:30:46.000000000 +0200
+++ modules/ssl/ssl_util_ssl.c	2015-02-28 10:30:48.557501618 +0100
+@@ -492,7 +492,11 @@
+  * format, possibly followed by a sequence of CA certificates that
+  * should be sent to the peer in the SSL Certificate message.
+  */
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+ int SSL_CTX_use_certificate_chain(
+#else
+int _SSL_CTX_use_certificate_chain(
+#endif
+     SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
+ {
+     BIO *bio;
--- a/www/apache22/files/patch-modulessslssl_util_ssl.h
+++ b/www/apache22/files/patch-modulessslssl_util_ssl.h
@ -0,0 +1,14 @@
+--- modules/ssl/ssl_util_ssl.h.orig	2012-08-17 19:30:46.000000000 +0200
+++ modules/ssl/ssl_util_ssl.h	2015-02-28 10:33:07.042671521 +0100
+@@ -89,7 +89,11 @@
+ BOOL        SSL_X509_getCN(apr_pool_t *, X509 *, char **);
+ BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
+ BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
+#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+ int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
+#else
+int         _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
+#endif
+ char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
+ 
+ /** util functions for OpenSSL+sslc compat */