From edb8438befbfbb64a666ca7f85889303f2191e9a Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Tue, 12 Sep 2023 14:35:31 +0200
Subject: [PATCH] Ease OpenSSL version check requirement

FreeRADIUS includes an OpenSSL version check that compares built vs linked version,
and fails to start if this check fails. We can ease this requirement in Fedora/RHEL as
ABI changes are tracked and soname is changed accordingly, as discussed in previous
Bugzilla for this issue [1].

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1299388

Resolves: #2238511
Signed-off-by: Antonio Torres <antorres@redhat.com>
---
 freeradius-ease-openssl-version-check.patch | 35 +++++++++++++++++++++
 freeradius.spec                             |  8 ++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 freeradius-ease-openssl-version-check.patch

diff --git a/freeradius-ease-openssl-version-check.patch b/freeradius-ease-openssl-version-check.patch
new file mode 100644
index 0000000..23f1df7
--- /dev/null
+++ b/freeradius-ease-openssl-version-check.patch
@@ -0,0 +1,35 @@
+From: Antonio Torres <antorres@redhat.com>
+Date: Tue, 12 Sep 2023
+Subject: Ease OpenSSL version check requirement
+
+FreeRADIUS includes an OpenSSL version check that compares built vs linked version,
+and fails to start if this check fails. We can ease this requirement in Fedora/RHEL as 
+ABI changes are tracked and soname is changed accordingly, as discussed in previous 
+Bugzilla for this issue [1].
+
+[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1299388
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2238511
+Signed-off-by: Antonio Torres <antorres@redhat.com>
+---
+ src/main/version.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/version.c b/src/main/version.c
+index c190337c1d..fee2150eb2 100644
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -79,11 +79,11 @@ int ssl_check_consistency(void)
+ 	 */
+ 	if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) {
+ 	mismatch:
+-		ERROR("libssl version mismatch.  built: %lx linked: %lx",
++		DEBUG2("libssl version mismatch.  built: %lx linked: %lx",
+ 		      (unsigned long) ssl_built,
+ 		      (unsigned long) ssl_linked);
+ 
+-		return -1;
++		return 0;
+ 	}
+ 
+ 	/*
diff --git a/freeradius.spec b/freeradius.spec
index d3d9b15..a9798eb 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.2.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: http://www.freeradius.org/
 
@@ -27,6 +27,7 @@ Patch3: freeradius-bootstrap-create-only.patch
 Patch4: freeradius-no-buildtime-cert-gen.patch
 Patch5: freeradius-bootstrap-make-permissions.patch
 Patch6: freeradius-ldap-infinite-timeout-on-starttls.patch
+Patch7: freeradius-ease-openssl-version-check.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -209,6 +210,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon
@@ -892,6 +894,10 @@ EOF
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 
 %changelog
+* Tue Sep 12 2023 Antonio Torres <antorres@redhat.com> - 3.2.2-5
+- Ease OpenSSL version check requirement
+  Resolves #2238511
+
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild