apache: fix compilation without deprecated OpenSSL APIs

Signed-off-by: Rosen Penev <rosenp@gmail.com>

net/apache/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=apache
 PKG_VERSION:=2.4.46
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE_NAME:=httpd
 
 PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.bz2

net/apache/patches/020-openssl-deprecated.patch

@@ -0,0 +1,129 @@
+--- a/modules/md/md_crypt.c
++++ b/modules/md/md_crypt.c
+@@ -708,23 +708,23 @@ const char *md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p)
+ 
+ int md_cert_is_valid_now(const md_cert_t *cert)
+ {
+-    return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
+-            && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));
++    return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)
++            && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));
+ }
+ 
+ int md_cert_has_expired(const md_cert_t *cert)
+ {
+-    return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);
++    return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);
+ }
+ 
+ apr_time_t md_cert_get_not_after(const md_cert_t *cert)
+ {
+-    return md_asn1_time_get(X509_get_notAfter(cert->x509));
++    return md_asn1_time_get(X509_get0_notAfter(cert->x509));
+ }
+ 
+ apr_time_t md_cert_get_not_before(const md_cert_t *cert)
+ {
+-    return md_asn1_time_get(X509_get_notBefore(cert->x509));
++    return md_asn1_time_get(X509_get0_notBefore(cert->x509));
+ }
+ 
+ int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -226,7 +226,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
+     apr_status_t rv;
+     apr_array_header_t *pphrases;
+ 
+-    if (SSLeay() < MODSSL_LIBRARY_VERSION) {
++    if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {
+         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
+                      "Init: this version of mod_ssl was compiled against "
+                      "a newer library (%s, version currently loaded is %s)"
+--- a/modules/ssl/ssl_engine_io.c
++++ b/modules/ssl/ssl_engine_io.c
+@@ -1255,9 +1255,9 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
+         if (dc->proxy->ssl_check_peer_expire != FALSE) {
+             if (!cert
+                 || (X509_cmp_current_time(
+-                     X509_get_notBefore(cert)) >= 0)
++                     X509_get0_notBefore(cert)) >= 0)
+                 || (X509_cmp_current_time(
+-                     X509_get_notAfter(cert)) <= 0)) {
++                     X509_get0_notAfter(cert)) <= 0)) {
+                 proxy_ssl_check_peer_ok = FALSE;
+                 ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)
+                               "SSL Proxy: Peer certificate is expired");
+--- a/modules/ssl/ssl_engine_log.c
++++ b/modules/ssl/ssl_engine_log.c
+@@ -161,10 +161,10 @@ static void ssl_log_cert_error(const char *file, int line, int level,
+                 BIO_puts(bio, "(ERROR)");
+ 
+             BIO_puts(bio, " / notbefore: ");
+-            ASN1_TIME_print(bio, X509_get_notBefore(cert));
++            ASN1_TIME_print(bio, X509_get0_notBefore(cert));
+ 
+             BIO_puts(bio, " / notafter: ");
+-            ASN1_TIME_print(bio, X509_get_notAfter(cert));
++            ASN1_TIME_print(bio, X509_get0_notAfter(cert));
+ 
+             BIO_puts(bio, "]");
+ 
+--- a/modules/ssl/ssl_engine_vars.c
++++ b/modules/ssl/ssl_engine_vars.c
+@@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs,
+         result = ssl_var_lookup_ssl_cert_serial(p, xs);
+     }
+     else if (strcEQ(var, "V_START")) {
+-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
++        result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
+     }
+     else if (strcEQ(var, "V_END")) {
+-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
++        result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
+     }
+     else if (strcEQ(var, "V_REMAIN")) {
+-        result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
++        result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
+         resdup = FALSE;
+     }
+     else if (*var && strcEQ(var+1, "_DN")) {
+--- a/modules/ssl/ssl_private.h
++++ b/modules/ssl/ssl_private.h
+@@ -98,6 +98,9 @@
+ #include <openssl/x509v3.h>
+ #include <openssl/x509_vfy.h>
+ #include <openssl/ocsp.h>
++#include <openssl/dh.h>
++#include <openssl/bn.h>
++#include <openssl/ui.h>
+ 
+ /* Avoid tripping over an engine build installed globally and detected
+  * when the user points at an explicit non-engine flavor of OpenSSL
+--- a/support/ab.c
++++ b/support/ab.c
+@@ -652,11 +652,11 @@ static void ssl_print_cert_info(BIO *bio, X509 *cert)
+ 
+     BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
+     BIO_printf(bio,"Valid from: ");
+-    ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
++    ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));
+     BIO_printf(bio,"\n");
+ 
+     BIO_printf(bio,"Valid to  : ");
+-    ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
++    ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));
+     BIO_printf(bio,"\n");
+ 
+     pk = X509_get_pubkey(cert);
+@@ -2634,8 +2634,10 @@ int main(int argc, const char * const argv[])
+     CRYPTO_malloc_init();
+ #endif
+ #endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     SSL_load_error_strings();
+     SSL_library_init();
++#endif
+     bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+     bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+