From a4a0fecb8a3e183d1c3bfa7bd2fffbab7cdfa654 Mon Sep 17 00:00:00 2001
From: Ryan O'Hara <rohara@redhat.com>
Date: Tue, 3 Aug 2021 12:06:41 -0500
Subject: [PATCH] Fix OpenSSL 3.0 build Resolves: #1984786

---
 bz1984786-fix-openssl-build.patch | 45 +++++++++++++++++++++++++++++++
 haproxy.spec                      |  7 ++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 bz1984786-fix-openssl-build.patch

diff --git a/bz1984786-fix-openssl-build.patch b/bz1984786-fix-openssl-build.patch
new file mode 100644
index 0000000..bac19bd
--- /dev/null
+++ b/bz1984786-fix-openssl-build.patch
@@ -0,0 +1,45 @@
+From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001
+From: William Lallemand <wlallemand@haproxy.org>
+Date: Wed, 2 Jun 2021 16:09:11 +0200
+Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17
+
+Some changes in the OpenSSL syntax API broke this syntax:
+  #if SSL_OP_NO_TLSv1_3
+
+OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852:
+
+-# define SSL_OP_NO_TLSv1_3                               (uint64_t)0x20000000
++#define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
++# define SSL_OP_NO_TLSv1_3                               SSL_OP_BIT(29)
+
+Which can't be evaluated by the preprocessor anymore.
+This patch replace the test by an openssl version test.
+
+This fix part of #1276 issue.
+---
+ src/ssl_sock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index f596a831d..27a4c3531 100644
+--- a/src/ssl_sock.c
++++ b/src/ssl_sock.c
+@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
+ 		: SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
+ }
+ static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
+-#if SSL_OP_NO_TLSv1_3
++#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+ 	c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
+ 		: SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
+ #endif
+ }
+ static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
+-#if SSL_OP_NO_TLSv1_3
++#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+ 	c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
+ 		: SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
+ #endif
+-- 
+2.31.1
+
diff --git a/haproxy.spec b/haproxy.spec
index b7b6f1c..d64e1a1 100644
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -8,7 +8,7 @@
 
 Name:           haproxy
 Version:        2.4.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        HAProxy reverse proxy for high availability environments
 
 License:        GPLv2+
@@ -21,6 +21,8 @@ Source3:        %{name}.logrotate
 Source4:        %{name}.sysconfig
 Source5:        halog.1
 
+Patch0:         bz1984786-fix-openssl-build.patch
+
 BuildRequires:  gcc
 BuildRequires:  lua-devel
 BuildRequires:  pcre2-devel
@@ -131,6 +133,9 @@ exit 0
 %{_mandir}/man1/*
 
 %changelog
+* Mon Aug 02 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.2-3
+- Fix OpenSSL 3.0 build (#1984786)
+
 * Wed Jul 28 2021 Lukas Javorsky <ljavorsk@redhat.com> - 2.4.2-2
 - Rebuild against pcre2-10.37 (bug #1970765)