From 1f748ace31801b5aad9f970bd913474f4b059c58 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Tue, 25 Sep 2018 09:43:59 +0100 Subject: [PATCH] fix build if OpenSSL built w/o SSLv3 support --- httpd-2.4.34-enable-sslv3.patch | 25 +++++++++++++------------ httpd.spec | 7 +++++-- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/httpd-2.4.34-enable-sslv3.patch b/httpd-2.4.34-enable-sslv3.patch index f559bf9..a2eba80 100644 --- a/httpd-2.4.34-enable-sslv3.patch +++ b/httpd-2.4.34-enable-sslv3.patch @@ -1,21 +1,22 @@ -diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c -index 517ce30..075f7e1 100644 ---- a/modules/ssl/ssl_engine_config.c -+++ b/modules/ssl/ssl_engine_config.c -@@ -1474,6 +1474,8 @@ static const char *ssl_cmd_protocol_parse(cmd_parms *parms, + +https://bugzilla.redhat.com/show_bug.cgi?id=1623165 + +--- httpd-2.4.34/modules/ssl/ssl_engine_config.c.enable-sslv3 ++++ httpd-2.4.34/modules/ssl/ssl_engine_config.c +@@ -1474,6 +1474,10 @@ #endif else if (strcEQ(w, "all")) { thisopt = SSL_PROTOCOL_ALL; -+ // by default, ALL kw doesn't turn on SSLv3 ++#ifndef OPENSSL_NO_SSL3 ++ /* by default, ALL kw doesn't turn on SSLv3 */ + thisopt &= ~SSL_PROTOCOL_SSLV3; ++#endif } else { return apr_pstrcat(parms->temp_pool, -diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c -index 60df45f..f6645c2 100644 ---- a/modules/ssl/ssl_engine_init.c -+++ b/modules/ssl/ssl_engine_init.c -@@ -537,6 +537,28 @@ static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s, +--- httpd-2.4.34/modules/ssl/ssl_engine_init.c.enable-sslv3 ++++ httpd-2.4.34/modules/ssl/ssl_engine_init.c +@@ -537,6 +537,28 @@ } #endif @@ -44,7 +45,7 @@ index 60df45f..f6645c2 100644 static apr_status_t ssl_init_ctx_protocol(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, -@@ -695,9 +719,13 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, +@@ -687,9 +709,13 @@ } if (prot == TLS1_1_VERSION && protocol & SSL_PROTOCOL_TLSV1) { prot = TLS1_VERSION; diff --git a/httpd.spec b/httpd.spec index 6ee6bea..5d42dca 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.34 -Release: 8%{?dist} +Release: 9%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -244,7 +244,7 @@ interface for storing and accessing per-user session data. %patch58 -p1 -b .r1738878 %patch59 -p1 -b .r1555631 -%patch60 -p1 -b .enablesslv3 +%patch60 -p1 -b .enable-sslv3 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -733,6 +733,9 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Tue Sep 25 2018 Joe Orton - 2.4.34-9 +- fix build if OpenSSL built w/o SSLv3 support + * Fri Sep 21 2018 Joe Orton - 2.4.34-8 - comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in default configuration; now follow OpenSSL system default (#1468322)