Fix undefined symbol: ERR_GET_FUNC with openssl 3 and apply patch from

previous commit.

diff --git a/apache.spec b/apache.spec
index 24ab5ac1e983e212e1ceb3244c905bbaafcf646e..e8c6b2479cd5ada47abd1688dd53543b9d7c0eb1 100644 (file)
--- a/apache.spec
+++ b/apache.spec
@@ -35,7 +35,7 @@ Summary(ru.UTF-8):    Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
 Version:       2.4.51
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
 Version:       2.4.51

-Release:       1
+Release:       2

 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2


@@ -79,7 +79,8 @@ Patch2:               %{name}-suexec.patch
 Patch3:                %{name}-branding.patch
 Patch4:                %{name}-apr.patch
 Patch7:                %{name}-syslibs.patch
 Patch3:                %{name}-branding.patch
 Patch4:                %{name}-apr.patch
 Patch7:                %{name}-syslibs.patch

-
+Patch8:                bug-65627.patch
+Patch9:                ssl.patch

 Patch10:       httpd-2.0.46-dav401dest.patch
 Patch14:       httpd-2.0.48-corelimit.patch
 Patch15:       httpd-2.0.48-debuglog.patch
 Patch10:       httpd-2.0.46-dav401dest.patch
 Patch14:       httpd-2.0.48-corelimit.patch
 Patch15:       httpd-2.0.48-debuglog.patch


@@ -2696,7 +2697,8 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 %patch4 -p1
 
 %patch7 -p1
 %patch4 -p1
 
 %patch7 -p1

-
+%patch8 -p1
+%patch9 -p3

 %patch10 -p1
 
 %patch14 -p1
 %patch10 -p1
 
 %patch14 -p1

diff --git a/ssl.patch b/ssl.patch
new file mode 100644 (file)
index 0000000..108bf89
--- /dev/null
+++ b/ssl.patch
@@ -0,0 +1,34 @@
+--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c    2021/06/29 09:30:24     1891137
++++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c    2021/06/29 11:24:17     1891138
+@@ -1378,5 +1378,21 @@
+ }
+ 
++/* SSL_CTX_use_PrivateKey_file() can fail either because the private
++ * key was encrypted, or due to a mismatch between an already-loaded
++ * cert and the key - a common misconfiguration - from calling
++ * X509_check_private_key().  This macro is passed the last error code
++ * off the OpenSSL stack and evaluates to true only for the first
++ * case.  With OpenSSL < 3 the second case is identifiable by the
++ * function code, but function codes are not used from 3.0. */
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_FUNC(ec) != X509_F_X509_CHECK_PRIVATE_KEY)
++#else
++#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_LIB != ERR_LIB_X509            \
++                                 || (ERR_GET_REASON(ec) != X509_R_KEY_TYPE_MISMATCH \
++                                     && ERR_GET_REASON(ec) != X509_R_KEY_VALUES_MISMATCH \
++                                     && ERR_GET_REASON(ec) != X509_R_UNKNOWN_KEY_TYPE))
++#endif
++
+ static apr_status_t ssl_init_server_certs(server_rec *s,
+                                           apr_pool_t *p,
+                                           apr_pool_t *ptemp,
+@@ -1483,8 +1499,7 @@
+         }
+         else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile,
+                                               SSL_FILETYPE_PEM) < 1)
+-                 && (ERR_GET_FUNC(ERR_peek_last_error())
+-                     != X509_F_X509_CHECK_PRIVATE_KEY)) {
++                 && CHECK_PRIVKEY_ERROR(ERR_peek_last_error())) {
+             ssl_asn1_t *asn1;
+             const unsigned char *ptr;
+