You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Stefan Strogin <st...@gentoo.org> on 2019/08/28 16:19:04 UTC

[PATCH] mod_ssl: fix compilation with LibreSSL

LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
See also: https://bugs.gentoo.org/668060
---
 modules/ssl/ssl_engine_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 73ab07d64b..63ecf4cc48 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
     modssl_pk_proxy_t *pkp = mctx->pkp;
     STACK_OF(X509) *chain;
     X509_STORE_CTX *sctx;
     X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
     /* For OpenSSL >=1.1.1, turn on client cert support which is
      * otherwise turned off by default (by design).
      * https://github.com/openssl/openssl/issues/6933 */
     SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
 #endif
-- 
2.23.0

Re: [PATCH] mod_ssl: fix compilation with LibreSSL

Posted by Christophe JAILLET <ch...@wanadoo.fr>.

Le 28/08/2019 à 18:19, Stefan Strogin a écrit :
> LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
> See also: https://bugs.gentoo.org/668060
> ---
>   modules/ssl/ssl_engine_init.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
> index 73ab07d64b..63ecf4cc48 100644
> --- a/modules/ssl/ssl_engine_init.c
> +++ b/modules/ssl/ssl_engine_init.c
> @@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
>       modssl_pk_proxy_t *pkp = mctx->pkp;
>       STACK_OF(X509) *chain;
>       X509_STORE_CTX *sctx;
>       X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
>   
> -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
>       /* For OpenSSL >=1.1.1, turn on client cert support which is
>        * otherwise turned off by default (by design).
>        * https://github.com/openssl/openssl/issues/6933 */
>       SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
>   #endif

Hi Stefan,

Thanks for the patch.

in order to avoid loosing tracks of patches, our bugzilla is a much 
better place for submitting patches? Otherwise, it is likely to get 
forgotten in the mail flow of the list.
See [1].

Best regards.

CJ


[1]: https://httpd.apache.org/dev/patches.html#submitting-your-patch