summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2021-11-18 17:58:56 +0100
committerRemi Collet <remi@php.net>2021-11-18 17:58:56 +0100
commitcb327d4a0098b9e8d446451c60ad82ac43676b44 (patch)
tree9442b35121bbbcb225bc6e2a5accaf58b021ccff
parenta9f96552032a89c02e77e4a463b3fed1a73ae4b7 (diff)
add better workaround for OpenSSL 3.0 from
https://github.com/nginx/unit/pull/598
-rw-r--r--unit-openssl3.patch59
-rw-r--r--unit.spec13
2 files changed, 68 insertions, 4 deletions
diff --git a/unit-openssl3.patch b/unit-openssl3.patch
new file mode 100644
index 0000000..38f2587
--- /dev/null
+++ b/unit-openssl3.patch
@@ -0,0 +1,59 @@
+From 988aa2115ec67111e8a124d4d6c0abccb63db05f Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 18 Nov 2021 17:47:39 +0100
+Subject: [PATCH 1/2] use ERR_get_error_all with openssl 3
+
+---
+ src/nxt_openssl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 1e08015e..22242538 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -14,7 +14,6 @@
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+-
+ typedef struct {
+ SSL *session;
+ nxt_conn_t *conn;
+@@ -1781,7 +1780,11 @@ nxt_openssl_copy_error(u_char *p, u_char *end)
+ clear = 0;
+
+ for ( ;; ) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ err = ERR_get_error_all(NULL, NULL, NULL, &data, &flags);
++#else
+ err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
++#endif
+ if (err == 0) {
+ break;
+ }
+
+From 22ad9572ccb3b5f0d49219290e1f92911836cb8d Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 18 Nov 2021 17:48:19 +0100
+Subject: [PATCH 2/2] temporarily ignore openssl 3 deprecations
+
+---
+ src/nxt_openssl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 22242538..606cdadf 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -14,6 +14,11 @@
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++/* TODO removed when SSL_CTX_set_tlsext_ticket_key_cb updated to SSL_CTX_set_tlsext_ticket_key_evp_cb */
++# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
++#endif
++
+ typedef struct {
+ SSL *session;
+ nxt_conn_t *conn;
diff --git a/unit.spec b/unit.spec
index 120a570..ec529e2 100644
--- a/unit.spec
+++ b/unit.spec
@@ -17,7 +17,7 @@
Name: unit
Summary: NGINX Unit application server
Version: 1.26.0
-Release: 1%{?dist}
+Release: 2%{?dist}
License: ASL 2.0
URL: https://unit.nginx.org/
@@ -30,6 +30,9 @@ Source4: unit.logrotate
# Use system crypto policy
# https://github.com/nginx/unit/pull/215
Patch0: %{project}-syspol.patch
+# Workaround for OpenSSL 3.0
+# https://github.com/nginx/unit/pull/598
+Patch1: %{project}-openssl3.patch
BuildRequires: make
BuildRequires: gcc
@@ -64,12 +67,10 @@ Library and include files required for NGINX Unit modules development.
%prep
%setup -qn %{project}-%{gh_commit}
%patch0 -p1 -b .syspol
+%patch1 -p1 -b .openssl3
cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config
-# For OpenSSL 3.0 deprecations
-sed -e 's/-Werror//' -i ./auto/types ./auto/cc/test
-
%build
# see https://github.com/nginx/unit/issues/467
@@ -190,6 +191,10 @@ BANNER
%changelog
+* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-2
+- add better workaround for OpenSSL 3.0 from
+ https://github.com/nginx/unit/pull/598
+
* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-1
- update to 1.26.0