Fix OpenSSL 3.0 build (#2022031)

2021-11-16 12:01:43 -06:00 · 2021-11-16 12:01:43 -06:00 · 2d05bee32f
commit 2d05bee32f
parent 3f647ab7e1
2 changed files with 52 additions and 1 deletions
--- a/bz2022031-fix-openssl-build.patch
+++ b/bz2022031-fix-openssl-build.patch
@ -0,0 +1,45 @@
+From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001
+From: William Lallemand <wlallemand@haproxy.org>
+Date: Wed, 2 Jun 2021 16:09:11 +0200
+Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17
+
+Some changes in the OpenSSL syntax API broke this syntax:
+  #if SSL_OP_NO_TLSv1_3
+
+OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852:
+
+-# define SSL_OP_NO_TLSv1_3                               (uint64_t)0x20000000
+#define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
+# define SSL_OP_NO_TLSv1_3                               SSL_OP_BIT(29)
+
+Which can't be evaluated by the preprocessor anymore.
+This patch replace the test by an openssl version test.
+
+This fix part of #1276 issue.
+---
+ src/ssl_sock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index f596a831d..27a4c3531 100644
+--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
+@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
+ 		: SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
+ }
+ static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
+-#if SSL_OP_NO_TLSv1_3
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+ 	c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
+ 		: SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
+ #endif
+ }
+ static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
+-#if SSL_OP_NO_TLSv1_3
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+ 	c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
+ 		: SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
+ #endif
+-- 
+2.31.1
+
--- a/haproxy.spec
+++ b/haproxy.spec
@ -8,7 +8,7 @@

 Name:           haproxy
 Version:        2.4.8
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        HAProxy reverse proxy for high availability environments

 License:        GPLv2+
@ -21,6 +21,8 @@ Source3:        %{name}.logrotate
 Source4:        %{name}.sysconfig
 Source5:        halog.1

+Patch0:         bz2022031-fix-openssl-build.patch
+
 BuildRequires:  gcc
 BuildRequires:  lua-devel
 BuildRequires:  pcre2-devel
@ -48,6 +50,7 @@ availability environments. Indeed, it can:

 %prep
 %setup -q
+%patch0 -p1

 %build
 regparm_opts=
@ -131,6 +134,9 @@ exit 0
 %{_mandir}/man1/*

 %changelog
+* Mon Nov 16 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.8-3
+- Fix OpenSSL 3.0 build (#2022031)
+
 * Thu Nov 04 2021 Matt Raffert <mjrafferty0@gmail.com> - 2.4.8-2
 - Increase available sticky counters (#2012912)