diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-04-01 15:50:50 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-04-01 15:50:50 +0000 |
commit | 75eafe97f7df0d653bec67f3962214d7c357831f (patch) | |
tree | 09f2cc901e0e637876cbb78d192dfe2fcfef8156 /nixpkgs/pkgs/servers/http/apache-modules/mod_csr | |
parent | a53b121bf4331497da63df3b1b7f1a7897dad146 (diff) | |
parent | a2e06fc3423c4be53181b15c28dfbe0bcf67dd73 (diff) | |
download | nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.gz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.bz2 nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.lz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.xz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.zst nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.zip |
Merge commit 'a2e06fc3423c4be53181b15c28dfbe0bcf67dd73'
Diffstat (limited to 'nixpkgs/pkgs/servers/http/apache-modules/mod_csr')
-rw-r--r-- | nixpkgs/pkgs/servers/http/apache-modules/mod_csr/default.nix | 22 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h | 66 |
2 files changed, 3 insertions, 85 deletions
diff --git a/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/default.nix b/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/default.nix index 60f97d2f3615..6547d3aa2b5c 100644 --- a/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/default.nix +++ b/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/default.nix @@ -1,35 +1,19 @@ { stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + stdenv.mkDerivation rec { pname = "mod_csr"; - version = "0.2.1"; + version = "0.2.3"; src = fetchurl { url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; - sha256 = "01sdvv07kchdd6ssrmd2cbhj50qh2ibp5g5h6jy1jqbzp0b3j9ja"; + sha256 = "1p4jc0q40453wpvwqgnr1n007b4jxpkizzy3r4jygsxxgg4x9w7x"; }; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ mod_ca apr aprutil ]; inherit (mod_ca) configureFlags installFlags; - # After openssl-1.0.2t, starting in openssl-1.1.0l - # parts of the OpenSSL struct API was replaced by - # getters - but some setters where forgotten. - # - # It is expected that these are back/retrofitted in version - # openssl-1.1.1d -- but while fixing this it was found - # that there were quite a few other setters missing and - # that some of the memory management needed was at odds - # with the principles used sofar. - # - # See https://github.com/openssl/openssl/pull/10563 - # - # So as a stopgap - use a minimalist compat. layer - # https://source.redwax.eu/projects/RS/repos/mod_csr/browse/openssl_setter_compat.h - # - preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h"; - meta = with stdenv.lib; { description = "RedWax CA service module to handle Certificate Signing Requests"; diff --git a/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h b/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h deleted file mode 100644 index a2a9e0f7a18d..000000000000 --- a/nixpkgs/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Licensed to Stichting The Commons Conservancy (TCC) under one or more - * contributor license agreements. See the AUTHORS file distributed with - * this work for additional information regarding copyright ownership. - * TCC licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c -// and the private header files for that. They are needed as -// starting with OpenSSL 1.1.0 the X509_req structure became -// private; and got some get0 functions to access its internals. -// But no getter's until post 1.1.1 (PR#10563). So this is a -// stopgap for these lacking releases. -// -// Testest against: -// openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile) -// openssl-1.1.0l 0x0101000cfL (needs it) -// openssl-1.1.1d 0x01010104fL (last version that needs it) -// openssl-1.1.1-dev (should not need it - post PR#10563). -// -/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L && OPENSSL_VERSION_NUMBER <= 0x01010104fL */ -#if OPENSSL_VERSION_NUMBER >= 0x010100000L -#include "openssl/x509.h" - -#define HAS_OPENSSL_PR10563_WORK_AROUND - -struct X509_req_info_st { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -typedef _Atomic int CRYPTO_REF_COUNT; - -struct X509_req_st { - X509_REQ_INFO req_info; - X509_ALGOR sig_alg; - ASN1_BIT_STRING *signature; /* signature */ - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -# ifndef OPENSSL_NO_SM2 - ASN1_OCTET_STRING *sm2_id; -# endif -}; - - -static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg) -{ - if (req->sig_alg.algorithm) - ASN1_OBJECT_free(req->sig_alg.algorithm); - if (req->sig_alg.parameter) - ASN1_TYPE_free(req->sig_alg.parameter); - req->sig_alg = *palg; -} -#endif |