rpm/haproxy
SHA256
1
0
Fork 0
forked from pool/haproxy
Code Pull Requests Activity

- add haproxy-1.6.0-ssl-098.patch:

Browse Source 
fix building on openssl 0.9.8

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=120
This commit is contained in:
Marcus Rückert 2015-10-19 16:16:21 +00:00 committed by Git OBS Bridge
parent e8450b8cfb
commit 4ee640c9c5
3 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
haproxy-1.6.0-ssl-098.patch Normal file
View File

@ -0,0 +1,52 @@
From 76e79a8c8a98474f3caf701b75370f50729516b2 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@qualys.com>
Date: Mon, 19 Oct 2015 13:59:24 +0200
Subject: [PATCH 2/2] BUILD: ssl: fix build error introduced in commit 7969a3
with OpenSSL < 1.0.0
The function 'EVP_PKEY_get_default_digest_nid()' was introduced in OpenSSL
1.0.0. So for older version of OpenSSL, compiled with the SNI support, the
HAProxy compilation fails with the following error:
src/ssl_sock.c: In function 'ssl_sock_do_create_cert':
src/ssl_sock.c:1096:7: warning: implicit declaration of function 'EVP_PKEY_get_default_digest_nid'
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
[...]
src/ssl_sock.c:1096: undefined reference to `EVP_PKEY_get_default_digest_nid'
collect2: error: ld returned 1 exit status
Makefile:760: recipe for target 'haproxy' failed
make: *** [haproxy] Error 1
So we must add a #ifdef to check the OpenSSL version (>= 1.0.0) to use this
function. It is used to get default signature digest associated to the private
key used to sign generated X509 certificates. It is called when the private key
differs than EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. It should be enough for
most of cases.
---
src/ssl_sock.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 35a3edf..7c82464 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1091,12 +1091,16 @@ ssl_sock_do_create_cert(const char *servername, unsigned int serial,
else if (EVP_PKEY_type (capkey->type) == EVP_PKEY_EC)
digest = EVP_sha256();
else {
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
int nid;
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
goto mkcert_error;
if (!(digest = EVP_get_digestbynid(nid)))
goto mkcert_error;
+#else
+ goto mkcert_error;
+#endif
}
if (!(X509_sign(newcrt, capkey, digest)))
--
2.4.3

6
haproxy.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de
- add haproxy-1.6.0-ssl-098.patch:
fix building on openssl 0.9.8
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 16 17:16:40 UTC 2015 - mrueckert@suse.de Fri Oct 16 17:16:40 UTC 2015 - mrueckert@suse.de

2
haproxy.spec
View File

@ -72,6 +72,7 @@ Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch Patch3: haproxy-1.6.0-sec-options.patch
Patch4: haproxy-1.6.0-ssl.crash.patch Patch4: haproxy-1.6.0-ssl.crash.patch
Patch5: haproxy-1.6.0-ssl-098.patch
# #
Source99: haproxy-rpmlintrc Source99: haproxy-rpmlintrc
# #
@ -106,6 +107,7 @@ the most work done from every CPU cycle.
%patch2 %patch2
%patch3 %patch3
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
%{__make} \ %{__make} \