Accepting request 666145 from home:vitezslav_cizek:branches:devel:languages:perl

- Expose SSL_CTX_set_post_handshake_auth * https://github.com/radiator-software/p5-net-ssleay/pull/68 - add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch - Fix build on SLE-12 * apparently %autopatch needs to be followed by an empty line there OBS-URL: https://build.opensuse.org/request/show/666145 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=42
2019-01-15 09:41:44 +00:00 · 2019-01-15 09:41:44 +00:00 · 51341ea75b
commit 51341ea75b
parent f7b5300fb7
3 changed files with 56 additions and 2 deletions
--- a/Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
+++ b/Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
@ -0,0 +1,42 @@
+commit 6a6bcf3d96115a6ef62289838cea418c185d8c88
+Author: Paul Howarth <paul@city-fan.org>
+Date:   Wed Sep 19 09:38:40 2018 +0100
+
+    Expose SSL_CTX_set_post_handshake_auth
+    
+    TLS 1.3 removed renegotiation in favor of rekeying and post handshake
+    authentication (PHA). With PHA, a server can request a client certificate from
+    a client at some point after the handshake. The feature is commonly used by
+    HTTP servers for conditional and path specific TLS client auth. For example, a
+    server can decide to require a cert based on HTTP method and/or path. A client
+    must announce support for PHA during the handshake.
+    
+    Apache mod_ssl uses PHA:
+    https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_kernel.c#L1207
+    
+    As of OpenSSL ticket https://github.com/openssl/openssl/issues/6933, TLS 1.3
+    clients no longer send the PHA TLS extension by default. For on-demand auth,
+    PHA extension must be enabled with SSL_CTX_set_post_handshake_auth(),
+    https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html .
+    
+    This function is needed for the Apache httpd upstream test suite:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1630391 .
+
+diff --git a/SSLeay.xs b/SSLeay.xs
+index a4dcb0a..5777ffc 100644
+--- a/SSLeay.xs
+++ b/SSLeay.xs
+@@ -7291,4 +7291,13 @@ SSL_export_keying_material(ssl, outlen, label, p)
+ 
+ #endif
+ 
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
+
+void
+SSL_CTX_set_post_handshake_auth(s,val)
+    SSL_CTX * s
+    int val
+
+#endif
+
+ #define REM_EOF "/* EOF - SSLeay.xs */"
--- a/perl-Net-SSLeay.changes
+++ b/perl-Net-SSLeay.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Jan 14 15:55:27 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Expose SSL_CTX_set_post_handshake_auth
+  * https://github.com/radiator-software/p5-net-ssleay/pull/68
+- add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
+- Fix build on SLE-12
+  * apparently %autopatch needs to be followed by an empty line there
+
 -------------------------------------------------------------------
 Tue Sep  4 14:44:25 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>

--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@ -1,7 +1,7 @@
 #
 # spec file for package perl-Net-SSLeay
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -33,6 +33,8 @@ Patch2:         Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
 Patch3:         Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
 # Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218
 Patch4:         Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
+# PATCH-FIX-UPSTREAM https://github.com/radiator-software/p5-net-ssleay/pull/68
+Patch5:         Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
 BuildRequires:  libopenssl-devel
 BuildRequires:  openssl
 BuildRequires:  perl
@ -55,6 +57,7 @@ Net::SSLeay module basically comprise of:
 %prep
 %setup -q -n %{cpan_name}-%{version}
 %autopatch -p1
+
 # replace rest of /usr/local/bin/perl with /usr/bin/perl
 for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do
  sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f