From 2d05bee32fe8e187581280a7046c076f605b2121 Mon Sep 17 00:00:00 2001 From: Ryan O'Hara Date: Tue, 16 Nov 2021 12:01:43 -0600 Subject: [PATCH] Fix OpenSSL 3.0 build (#2022031) --- bz2022031-fix-openssl-build.patch | 45 +++++++++++++++++++++++++++++++ haproxy.spec | 8 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 bz2022031-fix-openssl-build.patch diff --git a/bz2022031-fix-openssl-build.patch b/bz2022031-fix-openssl-build.patch new file mode 100644 index 0000000..bac19bd --- /dev/null +++ b/bz2022031-fix-openssl-build.patch @@ -0,0 +1,45 @@ +From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001 +From: William Lallemand +Date: Wed, 2 Jun 2021 16:09:11 +0200 +Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17 + +Some changes in the OpenSSL syntax API broke this syntax: + #if SSL_OP_NO_TLSv1_3 + +OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852: + +-# define SSL_OP_NO_TLSv1_3 (uint64_t)0x20000000 ++#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) ++# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) + +Which can't be evaluated by the preprocessor anymore. +This patch replace the test by an openssl version test. + +This fix part of #1276 issue. +--- + src/ssl_sock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/ssl_sock.c b/src/ssl_sock.c +index f596a831d..27a4c3531 100644 +--- a/src/ssl_sock.c ++++ b/src/ssl_sock.c +@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) { + : SSL_set_min_proto_version(ssl, TLS1_2_VERSION); + } + static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) { +-#if SSL_OP_NO_TLSv1_3 ++#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) + c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION) + : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); + #endif + } + static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) { +-#if SSL_OP_NO_TLSv1_3 ++#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) + c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION) + : SSL_set_min_proto_version(ssl, TLS1_3_VERSION); + #endif +-- +2.31.1 + diff --git a/haproxy.spec b/haproxy.spec index 5d3c4d9..2e2e5e9 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -8,7 +8,7 @@ Name: haproxy Version: 2.4.8 -Release: 2%{?dist} +Release: 3%{?dist} Summary: HAProxy reverse proxy for high availability environments License: GPLv2+ @@ -21,6 +21,8 @@ Source3: %{name}.logrotate Source4: %{name}.sysconfig Source5: halog.1 +Patch0: bz2022031-fix-openssl-build.patch + BuildRequires: gcc BuildRequires: lua-devel BuildRequires: pcre2-devel @@ -48,6 +50,7 @@ availability environments. Indeed, it can: %prep %setup -q +%patch0 -p1 %build regparm_opts= @@ -131,6 +134,9 @@ exit 0 %{_mandir}/man1/* %changelog +* Mon Nov 16 2021 Ryan O'Hara - 2.4.8-3 +- Fix OpenSSL 3.0 build (#2022031) + * Thu Nov 04 2021 Matt Raffert - 2.4.8-2 - Increase available sticky counters (#2012912)