nginx: patch out ALPN checks

libressl-2.1.2 was released with the TLSEXT_TYPE_application_layer_protocol_negotiation define without an implementation of ALPN.
2015-01-03 14:56:34 +00:00 · 2015-01-03 14:56:34 +00:00 · dc301738b2
commit dc301738b2
parent 1388632bf7
2 changed files with 65 additions and 1 deletions
--- a/srcpkgs/nginx/patches/missing-libressl-alpn-impl.patch
+++ b/srcpkgs/nginx/patches/missing-libressl-alpn-impl.patch
@ -0,0 +1,65 @@
+diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
+index 206f58d2537b..7e1af83e345c 100644
+--- src/http/modules/ngx_http_ssl_module.c
+++ src/http/modules/ngx_http_ssl_module.c
+@@ -20,7 +20,7 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
+ #define NGX_HTTP_NPN_ADVERTISE  "\x08http/1.1"
+ 
+ 
+-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+#if 0
+ static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
+     const unsigned char **out, unsigned char *outlen,
+     const unsigned char *in, unsigned int inlen, void *arg);
+@@ -299,7 +299,7 @@ static ngx_http_variable_t  ngx_http_ssl_vars[] = {
+ static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
+ 
+ 
+-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+#if 0
+ 
+ static int
+ ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out,
+@@ -628,7 +628,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ 
+ #endif
+ 
+-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+#if 0
+     SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_http_ssl_alpn_select, NULL);
+ #endif
+ 
+diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c
+index ce5adb7374a3..24f94128044b 100644
+--- src/http/ngx_http.c
+++ src/http/ngx_http.c
+@@ -1350,7 +1350,7 @@ ngx_http_add_address(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
+     }
+ 
+ #if (NGX_HTTP_SPDY && NGX_HTTP_SSL                                            \
+-     && !defined TLSEXT_TYPE_application_layer_protocol_negotiation           \
+     && !0           \
+      && !defined TLSEXT_TYPE_next_proto_neg)
+     if (lsopt->spdy && lsopt->ssl) {
+         ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
+index 845ada322e32..f4a1862e85b5 100644
+--- src/http/ngx_http_request.c
+++ src/http/ngx_http_request.c
+@@ -764,14 +764,14 @@ ngx_http_ssl_handshake_handler(ngx_connection_t *c)
+         c->ssl->no_wait_shutdown = 1;
+ 
+ #if (NGX_HTTP_SPDY                                                            \
+-     && (defined TLSEXT_TYPE_application_layer_protocol_negotiation           \
+     && (0           \
+          || defined TLSEXT_TYPE_next_proto_neg))
+         {
+         unsigned int             len;
+         const unsigned char     *data;
+         static const ngx_str_t   spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED);
+ 
+-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+#if 0
+         SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
+ 
+ #ifdef TLSEXT_TYPE_next_proto_neg
--- a/srcpkgs/nginx/template
+++ b/srcpkgs/nginx/template
@ -30,7 +30,6 @@ homepage="http://nginx.org"
 update_ignore="*.[13579].*"
 distfiles="http://nginx.org/download/nginx-$version.tar.gz"
 checksum=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18
-broken=yes

 build_options="systemd"
 replaces="runit-void<20141013_2"