www-servers/apache/files/apache-2.4.33-libressl-compatibility.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 # based on upstream commit from:
 # https://github.com/apache/httpd/commit/8134addfabf2685e08da6d51167775b628fda0dc
 # this should be included in the next release (2.4.34?)

 diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
 index 66682eaf4d..8f0def2805 100644
 --- a/modules/md/md_crypt.c
 +++ b/modules/md/md_crypt.c
 @@ -190,7 +190,7 @@ static int pem_passwd(char *buf, int size, int rwflag, void *baton)
   */
  static apr_time_t md_asn1_time_get(const ASN1_TIME* time)
  {
 -#ifdef LIBRESSL_VERSION_NUMBER
 +#ifdef LIBRESSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
      /* courtesy: https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731
       * all bugs are mine */
      apr_time_exp_t t;
 @@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec)
      }
  }

 -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)

  #ifndef NID_tlsfeature
  #define NID_tlsfeature          1020
 diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
 index 48d64cb624..2392019aed 100644
 --- a/modules/ssl/mod_ssl.c
 +++ b/modules/ssl/mod_ssl.c
 @@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
      /* We must register the library in full, to ensure our configuration
       * code can successfully test the SSL environment.
       */
 -#if MODSSL_USE_OPENSSL_PRE_1_1_API
 +#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
      (void)CRYPTO_malloc_init();
  #else
      OPENSSL_malloc_init();
 diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
 index a3a74f474c..88c0939cab 100644
 --- a/modules/ssl/ssl_engine_init.c
 +++ b/modules/ssl/ssl_engine_init.c
 @@ -546,7 +546,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
      char *cp;
      int protocol = mctx->protocol;
      SSLSrvConfigRec *sc = mySrvConfig(s);
 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \
 +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
      int prot;
  #endif

 @@ -616,7 +617,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,

      SSL_CTX_set_options(ctx, SSL_OP_ALL);

 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
 +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
      /* always disable SSLv2, as per RFC 6176 */
      SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);

 diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
 index a39569cbf7..e0e1b37087 100644
 --- a/modules/ssl/ssl_private.h
 +++ b/modules/ssl/ssl_private.h
 @@ -132,13 +132,14 @@
          SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
  #define SSL_CTX_set_max_proto_version(ctx, version) \
          SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
 -#endif
 -/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
 - * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
 - * we have to work around this...
 +#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
 +/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
 + * include most changes from OpenSSL >= 1.1 (new functions, macros,
 + * deprecations, ...), so we have to work around this...
   */
  #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
 -#else
 +#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
 +#else /* defined(LIBRESSL_VERSION_NUMBER) */
  #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
  #endif

 @@ -238,7 +239,8 @@ void init_bio_methods(void);
  void free_bio_methods(void);
  #endif

 -#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
 +#if OPENSSL_VERSION_NUMBER < 0x10002000L || \
 +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
  #define X509_STORE_CTX_get0_store(x) (x->ctx)
  #endif
	# based on upstream commit from:
	# https://github.com/apache/httpd/commit/8134addfabf2685e08da6d51167775b628fda0dc
	# this should be included in the next release (2.4.34?)

	diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
	index 66682eaf4d..8f0def2805 100644
	--- a/modules/md/md_crypt.c
	+++ b/modules/md/md_crypt.c
	@@ -190,7 +190,7 @@ static int pem_passwd(char buf, int size, int rwflag, void baton)
	*/
	static apr_time_t md_asn1_time_get(const ASN1_TIME* time)
	{
	-#ifdef LIBRESSL_VERSION_NUMBER
	+#ifdef LIBRESSL_VERSION_NUMBER < 0x10002000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	/* courtesy: https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731
	* all bugs are mine */
	apr_time_exp_t t;
	@@ -471,7 +471,7 @@ apr_status_t md_pkey_gen(md_pkey_t *ppkey, apr_pool_t p, md_pkey_spec_t *spec)
	}
	}

	-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)

	#ifndef NID_tlsfeature
	#define NID_tlsfeature 1020
	diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
	index 48d64cb624..2392019aed 100644
	--- a/modules/ssl/mod_ssl.c
	+++ b/modules/ssl/mod_ssl.c
	@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
	/* We must register the library in full, to ensure our configuration
	* code can successfully test the SSL environment.
	*/
	-#if MODSSL_USE_OPENSSL_PRE_1_1_API
	+#if MODSSL_USE_OPENSSL_PRE_1_1_API \|\| defined(LIBRESSL_VERSION_NUMBER)
	(void)CRYPTO_malloc_init();
	#else
	OPENSSL_malloc_init();
	diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
	index a3a74f474c..88c0939cab 100644
	--- a/modules/ssl/ssl_engine_init.c
	+++ b/modules/ssl/ssl_engine_init.c
	@@ -546,7 +546,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
	char *cp;
	int protocol = mctx->protocol;
	SSLSrvConfigRec *sc = mySrvConfig(s);
	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L \|\| \
	+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
	int prot;
	#endif

	@@ -616,7 +617,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,

	SSL_CTX_set_options(ctx, SSL_OP_ALL);

	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| \
	+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
	/* always disable SSLv2, as per RFC 6176 */
	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);

	diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
	index a39569cbf7..e0e1b37087 100644
	--- a/modules/ssl/ssl_private.h
	+++ b/modules/ssl/ssl_private.h
	@@ -132,13 +132,14 @@
	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
	#define SSL_CTX_set_max_proto_version(ctx, version) \
	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
	-#endif
	-/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
	- * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
	- * we have to work around this...
	+#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
	+/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
	+ * include most changes from OpenSSL >= 1.1 (new functions, macros,
	+ * deprecations, ...), so we have to work around this...
	*/
	#define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
	-#else
	+#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
	+#else /* defined(LIBRESSL_VERSION_NUMBER) */
	#define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
	#endif

	@@ -238,7 +239,8 @@ void init_bio_methods(void);
	void free_bio_methods(void);
	#endif

	-#if OPENSSL_VERSION_NUMBER < 0x10002000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	+#if OPENSSL_VERSION_NUMBER < 0x10002000L \|\| \
	+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
	#define X509_STORE_CTX_get0_store(x) (x->ctx)
	#endif