From 0bd1f7a9a97e013bcdd91803ea8aac32f2efa023 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Thu, 13 Dec 2018 14:03:07 -0800 Subject: [PATCH] haproxy: Update deprecated API patch Signed-off-by: Rosen Penev --- net/haproxy/Makefile | 2 +- .../patches/001-deprecated-openssl.patch | 93 ++++++++----------- 2 files changed, 40 insertions(+), 55 deletions(-) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 1328136a1..622667988 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=1.8.15 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/ diff --git a/net/haproxy/patches/001-deprecated-openssl.patch b/net/haproxy/patches/001-deprecated-openssl.patch index cd1950c66..2a7b1bbc0 100644 --- a/net/haproxy/patches/001-deprecated-openssl.patch +++ b/net/haproxy/patches/001-deprecated-openssl.patch @@ -1,5 +1,3 @@ -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index cfbc38b..025a144 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -39,6 +39,7 @@ @@ -10,106 +8,93 @@ index cfbc38b..025a144 100644 #include #include #include -@@ -229,6 +230,7 @@ unsigned long ssl_id_function(void) +@@ -60,6 +61,17 @@ + #include + #endif - void ssl_locking_function(int mode, int n, const char * file, int line) - { ++#ifndef OPENSSL_VERSION ++#define OPENSSL_VERSION SSLEAY_VERSION ++#define OpenSSL_version(x) SSLeay_version(x) ++#define OpenSSL_version_num SSLeay ++#endif ++ +#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (mode & CRYPTO_LOCK) { - if (mode & CRYPTO_READ) - HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]); -@@ -241,10 +243,12 @@ void ssl_locking_function(int mode, int n, const char * file, int line) - else - HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]); - } ++#define X509_getm_notBefore X509_get_notBefore ++#define X509_getm_notAfter X509_get_notAfter +#endif - } ++ + #include + #include - static int ssl_locking_init(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int i; +@@ -217,7 +229,7 @@ static struct { + .capture_cipherlist = 0, + }; - ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks()); -@@ -256,7 +260,7 @@ static int ssl_locking_init(void) +-#ifdef USE_THREAD ++#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L) - CRYPTO_set_id_callback(ssl_id_function); - CRYPTO_set_locking_callback(ssl_locking_function); -- -+#endif - return 0; - } + static HA_RWLOCK_T *ssl_rwlocks; -@@ -1711,8 +1715,13 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL +@@ -1711,8 +1723,8 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1)); /* Set duration for the certificate */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) || - !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365)) -+#else +- if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) || +- !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365)) + if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) || + !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365)) -+#endif goto mkcert_error; /* set public key in the certificate */ -@@ -6285,7 +6294,11 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char +@@ -6285,7 +6297,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char goto out; smp_trash = get_trash_chunk(); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0) -+#else +- if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0) + if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0) -+#endif goto out; smp->data.u.str = *smp_trash; -@@ -6385,7 +6398,11 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char +@@ -6385,7 +6397,7 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char goto out; smp_trash = get_trash_chunk(); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0) -+#else +- if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0) + if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0) -+#endif goto out; smp->data.u.str = *smp_trash; -@@ -8935,7 +8952,11 @@ static void __ssl_sock_init(void) +@@ -8935,10 +8947,12 @@ static void __ssl_sock_init(void) #endif xprt_register(XPRT_SSL, &ssl_sock); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); -+#else -+ OPENSSL_init_ssl(0, NULL); +#endif cm = SSL_COMP_get_compression_methods(); sk_SSL_COMP_zero(cm); - #ifdef USE_THREAD -@@ -8967,8 +8988,13 @@ static void __ssl_sock_init(void) +-#ifdef USE_THREAD ++#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L) + ssl_locking_init(); + #endif + #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER) +@@ -8967,8 +8981,8 @@ static void __ssl_sock_init(void) #else /* OPENSSL_IS_BORINGSSL */ OPENSSL_VERSION_TEXT "\nRunning on OpenSSL version : %s%s", -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSLeay_version(SSLEAY_VERSION), - ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : ""); -+#else +- SSLeay_version(SSLEAY_VERSION), +- ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : ""); + OpenSSL_version(OPENSSL_VERSION), + ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : ""); -+#endif #endif memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : " #if OPENSSL_VERSION_NUMBER < 0x00907000L -@@ -9060,11 +9086,14 @@ static void __ssl_sock_deinit(void) +@@ -9059,12 +9073,14 @@ static void __ssl_sock_deinit(void) + } #endif - ERR_remove_state(0); -+ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_state(0); ERR_free_strings(); EVP_cleanup();