You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Stefan Strogin <st...@gentoo.org> on 2019/08/28 16:19:04 UTC
[PATCH] mod_ssl: fix compilation with LibreSSL
LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
See also: https://bugs.gentoo.org/668060
---
modules/ssl/ssl_engine_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 73ab07d64b..63ecf4cc48 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
modssl_pk_proxy_t *pkp = mctx->pkp;
STACK_OF(X509) *chain;
X509_STORE_CTX *sctx;
X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
/* For OpenSSL >=1.1.1, turn on client cert support which is
* otherwise turned off by default (by design).
* https://github.com/openssl/openssl/issues/6933 */
SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
#endif
--
2.23.0
Re: [PATCH] mod_ssl: fix compilation with LibreSSL
Posted by Christophe JAILLET <ch...@wanadoo.fr>.
Le 28/08/2019 à 18:19, Stefan Strogin a écrit :
> LibreSSL does not provide SSL_CTX_set_post_handshake_auth.
> See also: https://bugs.gentoo.org/668060
> ---
> modules/ssl/ssl_engine_init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
> index 73ab07d64b..63ecf4cc48 100644
> --- a/modules/ssl/ssl_engine_init.c
> +++ b/modules/ssl/ssl_engine_init.c
> @@ -1579,11 +1579,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
> modssl_pk_proxy_t *pkp = mctx->pkp;
> STACK_OF(X509) *chain;
> X509_STORE_CTX *sctx;
> X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
>
> -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
> /* For OpenSSL >=1.1.1, turn on client cert support which is
> * otherwise turned off by default (by design).
> * https://github.com/openssl/openssl/issues/6933 */
> SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
> #endif
Hi Stefan,
Thanks for the patch.
in order to avoid loosing tracks of patches, our bugzilla is a much
better place for submitting patches? Otherwise, it is likely to get
forgotten in the mail flow of the list.
See [1].
Best regards.
CJ
[1]: https://httpd.apache.org/dev/patches.html#submitting-your-patch