From cb327d4a0098b9e8d446451c60ad82ac43676b44 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 18 Nov 2021 17:58:56 +0100
Subject: add better workaround for OpenSSL 3.0 from

  https://github.com/nginx/unit/pull/598
---
 unit-openssl3.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 unit.spec           | 13 ++++++++----
 2 files changed, 68 insertions(+), 4 deletions(-)
 create mode 100644 unit-openssl3.patch

diff --git a/unit-openssl3.patch b/unit-openssl3.patch
new file mode 100644
index 0000000..38f2587
--- /dev/null
+++ b/unit-openssl3.patch
@@ -0,0 +1,59 @@
+From 988aa2115ec67111e8a124d4d6c0abccb63db05f Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 18 Nov 2021 17:47:39 +0100
+Subject: [PATCH 1/2] use ERR_get_error_all with openssl 3
+
+---
+ src/nxt_openssl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 1e08015e..22242538 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -14,7 +14,6 @@
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+ 
+-
+ typedef struct {
+     SSL               *session;
+     nxt_conn_t        *conn;
+@@ -1781,7 +1780,11 @@ nxt_openssl_copy_error(u_char *p, u_char *end)
+     clear = 0;
+ 
+     for ( ;; ) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++        err = ERR_get_error_all(NULL, NULL, NULL, &data, &flags);
++#else
+         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
++#endif
+         if (err == 0) {
+             break;
+         }
+
+From 22ad9572ccb3b5f0d49219290e1f92911836cb8d Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 18 Nov 2021 17:48:19 +0100
+Subject: [PATCH 2/2] temporarily ignore openssl 3 deprecations
+
+---
+ src/nxt_openssl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 22242538..606cdadf 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -14,6 +14,11 @@
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++/* TODO removed when SSL_CTX_set_tlsext_ticket_key_cb updated to SSL_CTX_set_tlsext_ticket_key_evp_cb */
++# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
++#endif
++
+ typedef struct {
+     SSL               *session;
+     nxt_conn_t        *conn;
diff --git a/unit.spec b/unit.spec
index 120a570..ec529e2 100644
--- a/unit.spec
+++ b/unit.spec
@@ -17,7 +17,7 @@
 Name:              unit
 Summary:           NGINX Unit application server
 Version:           1.26.0
-Release:           1%{?dist}
+Release:           2%{?dist}
 License:           ASL 2.0
 URL:               https://unit.nginx.org/
 
@@ -30,6 +30,9 @@ Source4:           unit.logrotate
 # Use system crypto policy
 # https://github.com/nginx/unit/pull/215
 Patch0:            %{project}-syspol.patch
+# Workaround for OpenSSL 3.0
+# https://github.com/nginx/unit/pull/598
+Patch1:            %{project}-openssl3.patch
 
 BuildRequires:     make
 BuildRequires:     gcc
@@ -64,12 +67,10 @@ Library and include files required for NGINX Unit modules development.
 %prep
 %setup -qn %{project}-%{gh_commit}
 %patch0 -p1 -b .syspol
+%patch1 -p1 -b .openssl3
 
 cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config
 
-# For OpenSSL 3.0 deprecations
-sed -e 's/-Werror//' -i ./auto/types ./auto/cc/test
-
 
 %build
 # see https://github.com/nginx/unit/issues/467
@@ -190,6 +191,10 @@ BANNER
 
 
 %changelog
+* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-2
+- add better workaround for OpenSSL 3.0 from
+  https://github.com/nginx/unit/pull/598
+
 * Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-1
 - update to 1.26.0
 
-- 
cgit