From: Arkadiusz Miśkiewicz <arekm@maven.pl>
Date: Sat, 23 Oct 2021 11:06:23 +0000 (+0200)
Subject: Fix  undefined symbol: ERR_GET_FUNC with openssl 3 and apply patch from
X-Git-Tag: auto/th/apache-2.4.51-2
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fapache.git;a=commitdiff_plain;h=83fe7f7a27a02d76d6ad1c20127be8227ed80d10

Fix  undefined symbol: ERR_GET_FUNC with openssl 3 and apply patch from
previous commit.
---

diff --git a/apache.spec b/apache.spec
index 24ab5ac..e8c6b24 100644
--- a/apache.spec
+++ b/apache.spec
@@ -35,7 +35,7 @@ Summary(ru.UTF-8):	Самый популярный веб-сервер
 Summary(tr.UTF-8):	Lider WWW tarayıcı
 Name:		apache
 Version:	2.4.51
-Release:	1
+Release:	2
 License:	Apache v2.0
 Group:		Networking/Daemons/HTTP
 Source0:	http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -79,7 +79,8 @@ Patch2:		%{name}-suexec.patch
 Patch3:		%{name}-branding.patch
 Patch4:		%{name}-apr.patch
 Patch7:		%{name}-syslibs.patch
-
+Patch8:		bug-65627.patch
+Patch9:		ssl.patch
 Patch10:	httpd-2.0.46-dav401dest.patch
 Patch14:	httpd-2.0.48-corelimit.patch
 Patch15:	httpd-2.0.48-debuglog.patch
@@ -2696,7 +2697,8 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 %patch4 -p1
 
 %patch7 -p1
-
+%patch8 -p1
+%patch9 -p3
 %patch10 -p1
 
 %patch14 -p1
diff --git a/ssl.patch b/ssl.patch
new file mode 100644
index 0000000..108bf89
--- /dev/null
+++ b/ssl.patch
@@ -0,0 +1,34 @@
+--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c	2021/06/29 09:30:24	1891137
++++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c	2021/06/29 11:24:17	1891138
+@@ -1378,5 +1378,21 @@
+ }
+ 
++/* SSL_CTX_use_PrivateKey_file() can fail either because the private
++ * key was encrypted, or due to a mismatch between an already-loaded
++ * cert and the key - a common misconfiguration - from calling
++ * X509_check_private_key().  This macro is passed the last error code
++ * off the OpenSSL stack and evaluates to true only for the first
++ * case.  With OpenSSL < 3 the second case is identifiable by the
++ * function code, but function codes are not used from 3.0. */
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_FUNC(ec) != X509_F_X509_CHECK_PRIVATE_KEY)
++#else
++#define CHECK_PRIVKEY_ERROR(ec) (ERR_GET_LIB != ERR_LIB_X509            \
++                                 || (ERR_GET_REASON(ec) != X509_R_KEY_TYPE_MISMATCH \
++                                     && ERR_GET_REASON(ec) != X509_R_KEY_VALUES_MISMATCH \
++                                     && ERR_GET_REASON(ec) != X509_R_UNKNOWN_KEY_TYPE))
++#endif
++
+ static apr_status_t ssl_init_server_certs(server_rec *s,
+                                           apr_pool_t *p,
+                                           apr_pool_t *ptemp,
+@@ -1483,8 +1499,7 @@
+         }
+         else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile,
+                                               SSL_FILETYPE_PEM) < 1)
+-                 && (ERR_GET_FUNC(ERR_peek_last_error())
+-                     != X509_F_X509_CHECK_PRIVATE_KEY)) {
++                 && CHECK_PRIVKEY_ERROR(ERR_peek_last_error())) {
+             ssl_asn1_t *asn1;
+             const unsigned char *ptr;
+