diff --git a/squid-5.2-openssl3.patch b/squid-5.2-openssl3.patch new file mode 100644 index 0000000..32ff6ee --- /dev/null +++ b/squid-5.2-openssl3.patch @@ -0,0 +1,185 @@ +diff --git a/src/ssl/support.cc b/src/ssl/support.cc +index 3ad135d..73912ce 100644 +--- a/src/ssl/support.cc ++++ b/src/ssl/support.cc +@@ -557,7 +557,11 @@ Ssl::VerifyCallbackParameters::At(Security::Connection &sconn) + } + + // "dup" function for SSL_get_ex_new_index("cert_err_check") +-#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP ++#if OPENSSL_VERSION_MAJOR >= 3 ++static int ++ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void **, ++ int, long, void *) ++#elif SQUID_USE_CONST_CRYPTO_EX_DATA_DUP + static int + ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, + int, long, void *) +diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc +index cf1d4ba..4346ba5 100644 +--- a/src/security/PeerOptions.cc ++++ b/src/security/PeerOptions.cc +@@ -297,130 +297,130 @@ static struct ssl_option { + + } ssl_options[] = { + +-#if SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG ++#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + { + "NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + }, + #endif +-#if SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ++#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + { + "SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + }, + #endif +-#if SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER ++#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + { + "MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + }, + #endif +-#if SSL_OP_SSLEAY_080_CLIENT_DH_BUG ++#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG + { + "SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG + }, + #endif +-#if SSL_OP_TLS_D5_BUG ++#ifdef SSL_OP_TLS_D5_BUG + { + "TLS_D5_BUG", SSL_OP_TLS_D5_BUG + }, + #endif +-#if SSL_OP_TLS_BLOCK_PADDING_BUG ++#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG + { + "TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG + }, + #endif +-#if SSL_OP_TLS_ROLLBACK_BUG ++#ifdef SSL_OP_TLS_ROLLBACK_BUG + { + "TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG + }, + #endif +-#if SSL_OP_ALL ++#ifdef SSL_OP_ALL + { + "ALL", (long)SSL_OP_ALL + }, + #endif +-#if SSL_OP_SINGLE_DH_USE ++#ifdef SSL_OP_SINGLE_DH_USE + { + "SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE + }, + #endif +-#if SSL_OP_EPHEMERAL_RSA ++#ifdef SSL_OP_EPHEMERAL_RSA + { + "EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA + }, + #endif +-#if SSL_OP_PKCS1_CHECK_1 ++#ifdef SSL_OP_PKCS1_CHECK_1 + { + "PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 + }, + #endif +-#if SSL_OP_PKCS1_CHECK_2 ++#ifdef SSL_OP_PKCS1_CHECK_2 + { + "PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2 + }, + #endif +-#if SSL_OP_NETSCAPE_CA_DN_BUG ++#ifdef SSL_OP_NETSCAPE_CA_DN_BUG + { + "NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG + }, + #endif +-#if SSL_OP_NON_EXPORT_FIRST ++#ifdef SSL_OP_NON_EXPORT_FIRST + { + "NON_EXPORT_FIRST", SSL_OP_NON_EXPORT_FIRST + }, + #endif +-#if SSL_OP_CIPHER_SERVER_PREFERENCE ++#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + { + "CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE + }, + #endif +-#if SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG ++#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + { + "NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + }, + #endif +-#if SSL_OP_NO_SSLv3 ++#ifdef SSL_OP_NO_SSLv3 + { + "NO_SSLv3", SSL_OP_NO_SSLv3 + }, + #endif +-#if SSL_OP_NO_TLSv1 ++#ifdef SSL_OP_NO_TLSv1 + { + "NO_TLSv1", SSL_OP_NO_TLSv1 + }, + #else + { "NO_TLSv1", 0 }, + #endif +-#if SSL_OP_NO_TLSv1_1 ++#ifdef SSL_OP_NO_TLSv1_1 + { + "NO_TLSv1_1", SSL_OP_NO_TLSv1_1 + }, + #else + { "NO_TLSv1_1", 0 }, + #endif +-#if SSL_OP_NO_TLSv1_2 ++#ifdef SSL_OP_NO_TLSv1_2 + { + "NO_TLSv1_2", SSL_OP_NO_TLSv1_2 + }, + #else + { "NO_TLSv1_2", 0 }, + #endif +-#if SSL_OP_NO_TLSv1_3 ++#ifdef SSL_OP_NO_TLSv1_3 + { + "NO_TLSv1_3", SSL_OP_NO_TLSv1_3 + }, + #else + { "NO_TLSv1_3", 0 }, + #endif +-#if SSL_OP_NO_COMPRESSION ++#ifdef SSL_OP_NO_COMPRESSION + { + "No_Compression", SSL_OP_NO_COMPRESSION + }, + #endif +-#if SSL_OP_NO_TICKET ++#ifdef SSL_OP_NO_TICKET + { + "NO_TICKET", SSL_OP_NO_TICKET + }, + #endif +-#if SSL_OP_SINGLE_ECDH_USE ++#ifdef SSL_OP_SINGLE_ECDH_USE + { + "SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE + }, +@@ -512,7 +512,7 @@ Security::PeerOptions::parseOptions() + + } + +-#if SSL_OP_NO_SSLv2 ++#ifdef SSL_OP_NO_SSLv2 + // compliance with RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0 + op = op | SSL_OP_NO_SSLv2; + #endif