From cb327d4a0098b9e8d446451c60ad82ac43676b44 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 18 Nov 2021 17:58:56 +0100
Subject: add better workaround for OpenSSL 3.0 from

  https://github.com/nginx/unit/pull/598
---
 unit-openssl3.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 unit-openssl3.patch

(limited to 'unit-openssl3.patch')

diff --git a/unit-openssl3.patch b/unit-openssl3.patch
new file mode 100644
index 0000000..38f2587
--- /dev/null
+++ b/unit-openssl3.patch
@@ -0,0 +1,59 @@
+From 988aa2115ec67111e8a124d4d6c0abccb63db05f Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 18 Nov 2021 17:47:39 +0100
+Subject: [PATCH 1/2] use ERR_get_error_all with openssl 3
+
+---
+ src/nxt_openssl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 1e08015e..22242538 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -14,7 +14,6 @@
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+ 
+-
+ typedef struct {
+     SSL               *session;
+     nxt_conn_t        *conn;
+@@ -1781,7 +1780,11 @@ nxt_openssl_copy_error(u_char *p, u_char *end)
+     clear = 0;
+ 
+     for ( ;; ) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++        err = ERR_get_error_all(NULL, NULL, NULL, &data, &flags);
++#else
+         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
++#endif
+         if (err == 0) {
+             break;
+         }
+
+From 22ad9572ccb3b5f0d49219290e1f92911836cb8d Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 18 Nov 2021 17:48:19 +0100
+Subject: [PATCH 2/2] temporarily ignore openssl 3 deprecations
+
+---
+ src/nxt_openssl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 22242538..606cdadf 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -14,6 +14,11 @@
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++/* TODO removed when SSL_CTX_set_tlsext_ticket_key_cb updated to SSL_CTX_set_tlsext_ticket_key_evp_cb */
++# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
++#endif
++
+ typedef struct {
+     SSL               *session;
+     nxt_conn_t        *conn;
-- 
cgit