Unbreak build with LibreSSL

PR:		196256

8 files changed, 185 insertions, 0 deletions

diff --git a/www/apache22/files/patch-acinclude.m4 b/www/apache22/files/patch-acinclude.m4
new file mode 100644
index 000000000000..29c527eb3de4
--- /dev/null
+++ b/www/apache22/files/patch-acinclude.m4
@@ -0,0 +1,11 @@
+--- acinclude.m4.orig	2012-07-06 17:23:21.000000000 +0200
++++ acinclude.m4	2015-02-28 10:22:26.577650967 +0100
+@@ -455,6 +455,8 @@
+     AC_CHECK_HEADERS([openssl/engine.h])
+     AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
+     AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
++    AC_CHECK_FUNCS([SSL_CTX_use_certificate_chain])
++    AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_SSL_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
+   else
+     AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"])
+     AC_CHECK_FUNCS(SSL_set_state)
diff --git a/www/apache22/files/patch-configure b/www/apache22/files/patch-configure
new file mode 100644
index 000000000000..e3d58e7d032e
--- /dev/null
+++ b/www/apache22/files/patch-configure
@@ -0,0 +1,62 @@
+--- configure.orig	2014-08-22 19:54:19.000000000 +0200
++++ configure	2015-02-28 10:22:46.822052140 +0100
+@@ -13853,6 +13922,59 @@
+ fi
+ done
+ 
++    for ac_func in SSL_CTX_use_certificate_chain
++do :
++  ac_fn_c_check_func "$LINENO" "SSL_CTX_use_certificate_chain" "ac_cv_func_SSL_CTX_use_certificate_chain"
++if test "x$ac_cv_func_SSL_CTX_use_certificate_chain" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN 1
++_ACEOF
++
++fi
++done
++
++    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
++$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
++if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-lcrypto  $LIBS"
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char RAND_egd ();
++int
++main ()
++{
++return RAND_egd ();
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_lib_crypto_RAND_egd=yes
++else
++  ac_cv_lib_crypto_RAND_egd=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
++$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
++if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
++
++$as_echo "#define HAVE_SSL_RAND_EGD 1" >>confdefs.h
++
++fi
++
+   else
+     for ac_func in SSLC_library_version SSL_CTX_new
+ do :
diff --git a/www/apache22/files/patch-include__ap_config_auto.h.in b/www/apache22/files/patch-include__ap_config_auto.h.in
new file mode 100644
index 000000000000..446378218dd9
--- /dev/null
+++ b/www/apache22/files/patch-include__ap_config_auto.h.in
@@ -0,0 +1,15 @@
+--- include/ap_config_auto.h.in.orig	2014-08-22 19:54:18.000000000 +0200
++++ include/ap_config_auto.h.in	2015-02-28 10:25:55.191842645 +0100
+@@ -127,6 +127,12 @@
+ /* Define to 1 if you have the `SSL_CTX_new' function. */
+ #undef HAVE_SSL_CTX_NEW
+ 
++/* Define to 1 if you run LibreSSL which defines SSL_CTX_use_certificate_chain as well */
++#undef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
++
++/* Define to 1 if your OpenSSL library supports RAND_egd */
++#undef HAVE_SSL_RAND_EGD
++
+ /* Define to 1 if you have the `SSL_set_cert_store' function. */
+ #undef HAVE_SSL_SET_CERT_STORE
+ 
diff --git a/www/apache22/files/patch-modules__ssl__ssl_engine_init.c b/www/apache22/files/patch-modules__ssl__ssl_engine_init.c
new file mode 100644
index 000000000000..43454717f1ba
--- /dev/null
+++ b/www/apache22/files/patch-modules__ssl__ssl_engine_init.c
@@ -0,0 +1,38 @@
+--- modules/ssl/ssl_engine_init.c.orig	2014-07-16 08:04:38.000000000 +0200
++++ modules/ssl/ssl_engine_init.c	2015-02-28 10:52:11.571641334 +0100
+@@ -406,9 +406,11 @@
+             ssl_die();
+         }
+ 
++#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK
+         if (strEQ(mc->szCryptoDevice, "chil")) {
+             ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+         }
++#endif
+ 
+         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+@@ -584,6 +586,10 @@
+ #endif
+ 
+ 
++#ifdef SSL_NO_COMP
++#define OPENSSL_NO_COMP
++#endif
++
+ #ifndef OPENSSL_NO_COMP
+     if (sc->compression != TRUE) {
+ #ifdef SSL_OP_NO_COMPRESSION
+@@ -831,7 +837,11 @@
+         }
+     }
+ 
+-    n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
++          n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
++#else
++          n = _SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
++#endif
+                                       (char *)chain,
+                                       skip_first, NULL);
+     if (n < 0) {
diff --git a/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c b/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c
new file mode 100644
index 000000000000..f48b674d03c8
--- /dev/null
+++ b/www/apache22/files/patch-modules__ssl__ssl_engine_rand.c
@@ -0,0 +1,20 @@
+--- modules/ssl/ssl_engine_rand.c.orig	2006-07-12 05:38:44.000000000 +0200
++++ modules/ssl/ssl_engine_rand.c	2015-02-28 10:47:35.481607754 +0100
+@@ -83,17 +83,6 @@
+                 nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
+                 ssl_util_ppclose(s, p, fp);
+             }
+-#ifdef HAVE_SSL_RAND_EGD
+-            else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
+-                /*
+-                 * seed in contents provided by the external
+-                 * Entropy Gathering Daemon (EGD)
+-                 */
+-                if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
+-                    continue;
+-                nDone += n;
+-            }
+-#endif
+             else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
+                 struct {
+                     time_t t;
diff --git a/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c b/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c
new file mode 100644
index 000000000000..fe1621c81f2d
--- /dev/null
+++ b/www/apache22/files/patch-modules__ssl__ssl_engine_vars.c
@@ -0,0 +1,11 @@
+--- modules/ssl/ssl_engine_vars.c.orig	2013-02-12 12:51:17.000000000 +0100
++++ modules/ssl/ssl_engine_vars.c	2015-02-28 10:54:21.257798164 +0100
+@@ -832,7 +832,7 @@
+ {
+     char *result = "NULL";
+ #ifdef OPENSSL_VERSION_NUMBER
+-#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
++#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
+     SSL_SESSION *pSession = SSL_get_session(ssl);
+ 
+     if (pSession) {
diff --git a/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c b/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c
new file mode 100644
index 000000000000..cf0888f0ee21
--- /dev/null
+++ b/www/apache22/files/patch-modules__ssl__ssl_util_ssl.c
@@ -0,0 +1,14 @@
+--- modules/ssl/ssl_util_ssl.c.orig	2012-08-17 19:30:46.000000000 +0200
++++ modules/ssl/ssl_util_ssl.c	2015-02-28 10:30:48.557501618 +0100
+@@ -492,7 +492,11 @@
+  * format, possibly followed by a sequence of CA certificates that
+  * should be sent to the peer in the SSL Certificate message.
+  */
++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+ int SSL_CTX_use_certificate_chain(
++#else
++int _SSL_CTX_use_certificate_chain(
++#endif
+     SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
+ {
+     BIO *bio;
diff --git a/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h b/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h
new file mode 100644
index 000000000000..99d0e50e2183
--- /dev/null
+++ b/www/apache22/files/patch-modules__ssl__ssl_util_ssl.h
@@ -0,0 +1,14 @@
+--- modules/ssl/ssl_util_ssl.h.orig	2012-08-17 19:30:46.000000000 +0200
++++ modules/ssl/ssl_util_ssl.h	2015-02-28 10:33:07.042671521 +0100
+@@ -89,7 +89,11 @@
+ BOOL        SSL_X509_getCN(apr_pool_t *, X509 *, char **);
+ BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
+ BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
++#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN
+ int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
++#else
++int         _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
++#endif
+ char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
+ 
+ /** util functions for OpenSSL+sslc compat */