From 51341ea75bbf58b667ee596d0d11c16f3ed6ebda619d505784d6ec4c626887b3 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Tue, 15 Jan 2019 09:41:44 +0000
Subject: [PATCH] Accepting request 666145 from
 home:vitezslav_cizek:branches:devel:languages:perl

- Expose SSL_CTX_set_post_handshake_auth
  * https://github.com/radiator-software/p5-net-ssleay/pull/68
- add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
- Fix build on SLE-12
  * apparently %autopatch needs to be followed by an empty line there

OBS-URL: https://build.opensuse.org/request/show/666145
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=42
---
 ...pose_SSL_CTX_set_post_handshake_auth.patch | 42 +++++++++++++++++++
 perl-Net-SSLeay.changes                       |  9 ++++
 perl-Net-SSLeay.spec                          |  7 +++-
 3 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch

diff --git a/Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch b/Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
new file mode 100644
index 0000000..9ab1f33
--- /dev/null
+++ b/Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
@@ -0,0 +1,42 @@
+commit 6a6bcf3d96115a6ef62289838cea418c185d8c88
+Author: Paul Howarth <paul@city-fan.org>
+Date:   Wed Sep 19 09:38:40 2018 +0100
+
+    Expose SSL_CTX_set_post_handshake_auth
+    
+    TLS 1.3 removed renegotiation in favor of rekeying and post handshake
+    authentication (PHA). With PHA, a server can request a client certificate from
+    a client at some point after the handshake. The feature is commonly used by
+    HTTP servers for conditional and path specific TLS client auth. For example, a
+    server can decide to require a cert based on HTTP method and/or path. A client
+    must announce support for PHA during the handshake.
+    
+    Apache mod_ssl uses PHA:
+    https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_kernel.c#L1207
+    
+    As of OpenSSL ticket https://github.com/openssl/openssl/issues/6933, TLS 1.3
+    clients no longer send the PHA TLS extension by default. For on-demand auth,
+    PHA extension must be enabled with SSL_CTX_set_post_handshake_auth(),
+    https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html .
+    
+    This function is needed for the Apache httpd upstream test suite:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1630391 .
+
+diff --git a/SSLeay.xs b/SSLeay.xs
+index a4dcb0a..5777ffc 100644
+--- a/SSLeay.xs
++++ b/SSLeay.xs
+@@ -7291,4 +7291,13 @@ SSL_export_keying_material(ssl, outlen, label, p)
+ 
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
++
++void
++SSL_CTX_set_post_handshake_auth(s,val)
++    SSL_CTX * s
++    int val
++
++#endif
++
+ #define REM_EOF "/* EOF - SSLeay.xs */"
diff --git a/perl-Net-SSLeay.changes b/perl-Net-SSLeay.changes
index 9a78d1e..c9d08a2 100644
--- a/perl-Net-SSLeay.changes
+++ b/perl-Net-SSLeay.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Jan 14 15:55:27 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Expose SSL_CTX_set_post_handshake_auth
+  * https://github.com/radiator-software/p5-net-ssleay/pull/68
+- add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
+- Fix build on SLE-12
+  * apparently %autopatch needs to be followed by an empty line there
+
 -------------------------------------------------------------------
 Tue Sep  4 14:44:25 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
 
diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec
index 843ee00..f33ede9 100644
--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-Net-SSLeay
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -33,6 +33,8 @@ Patch2:         Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
 Patch3:         Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
 # Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218
 Patch4:         Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
+# PATCH-FIX-UPSTREAM https://github.com/radiator-software/p5-net-ssleay/pull/68
+Patch5:         Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
 BuildRequires:  libopenssl-devel
 BuildRequires:  openssl
 BuildRequires:  perl
@@ -55,6 +57,7 @@ Net::SSLeay module basically comprise of:
 %prep
 %setup -q -n %{cpan_name}-%{version}
 %autopatch -p1
+
 # replace rest of /usr/local/bin/perl with /usr/bin/perl
 for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do
   sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f