forked from pool/haproxy
- update to 1.6.2
- BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0 - DOC: fix a typo for a "deviceatlas" keyword - FIX: small typo in an example using the "Referer" header - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 - BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop - BUG/MINOR: dns: unable to parse CNAMEs response - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check() - DOC: deviceatlas: more example use cases. - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin. - BUG/MAJOR: http: don't requeue an idle connection that is already queued - DOC: typo on capture.res.hdr and capture.req.hdr - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing - CLEANUP: use direction names in place of numeric values - BUG/MEDIUM: lua: sample fetches based on response doesn't work - drop haproxy-1.6.0-ssl-098.patch: included upstream OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=122
This commit is contained in:
parent
a0ac0e2dfc
commit
873fbe6a22
@ -1,52 +0,0 @@
|
||||
From 76e79a8c8a98474f3caf701b75370f50729516b2 Mon Sep 17 00:00:00 2001
|
||||
From: Christopher Faulet <cfaulet@qualys.com>
|
||||
Date: Mon, 19 Oct 2015 13:59:24 +0200
|
||||
Subject: [PATCH 2/2] BUILD: ssl: fix build error introduced in commit 7969a3
|
||||
with OpenSSL < 1.0.0
|
||||
|
||||
The function 'EVP_PKEY_get_default_digest_nid()' was introduced in OpenSSL
|
||||
1.0.0. So for older version of OpenSSL, compiled with the SNI support, the
|
||||
HAProxy compilation fails with the following error:
|
||||
|
||||
src/ssl_sock.c: In function 'ssl_sock_do_create_cert':
|
||||
src/ssl_sock.c:1096:7: warning: implicit declaration of function 'EVP_PKEY_get_default_digest_nid'
|
||||
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
|
||||
[...]
|
||||
src/ssl_sock.c:1096: undefined reference to `EVP_PKEY_get_default_digest_nid'
|
||||
collect2: error: ld returned 1 exit status
|
||||
Makefile:760: recipe for target 'haproxy' failed
|
||||
make: *** [haproxy] Error 1
|
||||
|
||||
So we must add a #ifdef to check the OpenSSL version (>= 1.0.0) to use this
|
||||
function. It is used to get default signature digest associated to the private
|
||||
key used to sign generated X509 certificates. It is called when the private key
|
||||
differs than EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. It should be enough for
|
||||
most of cases.
|
||||
---
|
||||
src/ssl_sock.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index 35a3edf..7c82464 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -1091,12 +1091,16 @@ ssl_sock_do_create_cert(const char *servername, unsigned int serial,
|
||||
else if (EVP_PKEY_type (capkey->type) == EVP_PKEY_EC)
|
||||
digest = EVP_sha256();
|
||||
else {
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
|
||||
int nid;
|
||||
|
||||
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
|
||||
goto mkcert_error;
|
||||
if (!(digest = EVP_get_digestbynid(nid)))
|
||||
goto mkcert_error;
|
||||
+#else
|
||||
+ goto mkcert_error;
|
||||
+#endif
|
||||
}
|
||||
|
||||
if (!(X509_sign(newcrt, capkey, digest)))
|
||||
--
|
||||
2.4.3
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:71da2abe610ed42afd6678c2e95321db5f3c416fe2803235f75fc459d8246289
|
||||
size 1538337
|
3
haproxy-1.6.2.tar.gz
Normal file
3
haproxy-1.6.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bd4a7eee79e1bfd25af59d956bb60e82acbb6f146f3fb3b30636036f4c9548d3
|
||||
size 1538976
|
@ -1,3 +1,29 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 3 12:02:19 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- update to 1.6.2
|
||||
- BUILD: ssl: fix build error introduced in commit 7969a3 with
|
||||
OpenSSL < 1.0.0
|
||||
- DOC: fix a typo for a "deviceatlas" keyword
|
||||
- FIX: small typo in an example using the "Referer" header
|
||||
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
|
||||
- BUG/MAJOR: dns: first DNS response packet not matching queried
|
||||
hostname may lead to a loop
|
||||
- BUG/MINOR: dns: unable to parse CNAMEs response
|
||||
- BUG/MINOR: examples/haproxy.init: missing brace in
|
||||
quiet_check()
|
||||
- DOC: deviceatlas: more example use cases.
|
||||
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
|
||||
install-bin.
|
||||
- BUG/MAJOR: http: don't requeue an idle connection that is
|
||||
already queued
|
||||
- DOC: typo on capture.res.hdr and capture.req.hdr
|
||||
- BUG/MINOR: dns: check for duplicate nameserver id in a
|
||||
resolvers section was missing
|
||||
- CLEANUP: use direction names in place of numeric values
|
||||
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
|
||||
- drop haproxy-1.6.0-ssl-098.patch: included upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
|
@ -41,7 +41,7 @@
|
||||
%bcond_without apparmor
|
||||
|
||||
Name: haproxy
|
||||
Version: 1.6.1
|
||||
Version: 1.6.2
|
||||
Release: 0
|
||||
#
|
||||
#
|
||||
@ -71,7 +71,6 @@ Source4: haproxy.cfg
|
||||
Patch1: haproxy-1.6.0_config_haproxy_user.patch
|
||||
Patch2: haproxy-1.6.0-makefile_lib.patch
|
||||
Patch3: haproxy-1.6.0-sec-options.patch
|
||||
Patch4: haproxy-1.6.0-ssl-098.patch
|
||||
#
|
||||
Source99: haproxy-rpmlintrc
|
||||
#
|
||||
@ -105,7 +104,6 @@ the most work done from every CPU cycle.
|
||||
%patch1 -p1
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
%{__make} \
|
||||
|
Loading…
Reference in New Issue
Block a user