From 367e8ff5cc7da436c293897e745f582d015a8ded Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Sat, 27 Oct 2018 14:36:41 +0000 Subject: www/apache24: Update to 2.4.37 - Adds TLSv1.3 support with security/openssl111 PR: 232687 Submitted by: Pascal Christen Reported by: Markus Kohlmeyer Reviewed by: ohauer Approved by: joneum Differential Revision: https://reviews.freebsd.org/D17668 --- www/apache24/files/patch-modules_ssl_mod__ssl.c | 11 ----------- www/apache24/files/patch-modules_ssl_ssl__engine__init.c | 10 +++++++++- 2 files changed, 9 insertions(+), 12 deletions(-) delete mode 100644 www/apache24/files/patch-modules_ssl_mod__ssl.c (limited to 'www/apache24/files') diff --git a/www/apache24/files/patch-modules_ssl_mod__ssl.c b/www/apache24/files/patch-modules_ssl_mod__ssl.c deleted file mode 100644 index 42e793e9b5a0..000000000000 --- a/www/apache24/files/patch-modules_ssl_mod__ssl.c +++ /dev/null @@ -1,11 +0,0 @@ ---- modules/ssl/mod_ssl.c.orig 2018-02-13 23:43:36 UTC -+++ modules/ssl/mod_ssl.c -@@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_ - /* We must register the library in full, to ensure our configuration - * code can successfully test the SSL environment. - */ --#if MODSSL_USE_OPENSSL_PRE_1_1_API -+#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER) - (void)CRYPTO_malloc_init(); - #else - OPENSSL_malloc_init(); diff --git a/www/apache24/files/patch-modules_ssl_ssl__engine__init.c b/www/apache24/files/patch-modules_ssl_ssl__engine__init.c index 1341e4d5eb7d..01515de6a969 100644 --- a/www/apache24/files/patch-modules_ssl_ssl__engine__init.c +++ b/www/apache24/files/patch-modules_ssl_ssl__engine__init.c @@ -1,6 +1,6 @@ --- modules/ssl/ssl_engine_init.c.orig 2018-02-13 23:43:36 UTC +++ modules/ssl/ssl_engine_init.c -@@ -546,7 +546,7 @@ static apr_status_t ssl_init_ctx_protoco +@@ -547,7 +547,7 @@ static apr_status_t ssl_init_ctx_protoco char *cp; int protocol = mctx->protocol; SSLSrvConfigRec *sc = mySrvConfig(s); @@ -9,4 +9,12 @@ int prot; #endif +@@ -1492,7 +1492,7 @@ static apr_status_t ssl_init_proxy_certs + X509_STORE_CTX *sctx; + X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx); +-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL ++#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) + /* For OpenSSL >=1.1.1, turn on client cert support which is + * otherwise turned off by default (by design). + * https://github.com/openssl/openssl/issues/6933 */ -- cgit v1.2.3