Update to haproxy-2.0.8
Enable zlib From Matthieu Guegan (matthieu dot guegan at deindeal dot ch)
This commit is contained in:
danj
parent
0e8a70731e
commit
b5cb592a59
@ -1,8 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.59 2019/08/13 00:34:03 danj Exp $
|
||||
# $OpenBSD: Makefile,v 1.60 2019/11/09 15:52:53 danj Exp $
|
||||
|
||||
COMMENT = reliable, high performance TCP/HTTP load balancer
|
||||
|
||||
DISTNAME = haproxy-1.9.10
|
||||
DISTNAME = haproxy-2.0.8
|
||||
CATEGORIES = net www
|
||||
HOMEPAGE = http://www.haproxy.org/
|
||||
MAINTAINER = Daniel Jakots <obsd@chown.me>
|
||||
@ -10,9 +10,9 @@ MAINTAINER = Daniel Jakots <obsd@chown.me>
|
||||
# GPLv2
|
||||
PERMIT_PACKAGE = Yes
|
||||
|
||||
WANTLIB += c crypto pcre pcreposix pthread ssl
|
||||
WANTLIB += c crypto pcre pcreposix pthread ssl z
|
||||
|
||||
MASTER_SITES = ${HOMEPAGE}/download/1.9/src/
|
||||
MASTER_SITES = ${HOMEPAGE}/download/2.0/src/
|
||||
|
||||
HAPROXYCONF = ${SYSCONFDIR}/haproxy
|
||||
HAPROXYSTATE = /var/haproxy
|
||||
@ -24,7 +24,7 @@ SUBST_VARS = HAPROXYCONF HAPROXYSTATE \
|
||||
USE_GMAKE = Yes
|
||||
MAKE_FLAGS += CFLAGS="${CFLAGS} -fno-strict-aliasing" LDFLAGS="${LDFLAGS}"
|
||||
MAKE_FLAGS += CC="${CC}" LD="${CC}" TARGET="openbsd"
|
||||
MAKE_FLAGS += USE_OPENSSL=1 USE_PCRE=1
|
||||
MAKE_FLAGS += USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1
|
||||
|
||||
COMPILER = base-clang ports-gcc
|
||||
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (haproxy-1.9.10.tar.gz) = jsLVP+J5Vjo+oI9HLtNJVGjCGmR3QVYBr59oLn+eVjo=
|
||||
SIZE (haproxy-1.9.10.tar.gz) = 2386066
|
||||
SHA256 (haproxy-2.0.8.tar.gz) = w34ehRWtb5eBoKwzbKiHh/O7UiUvsr2tmRm6FjI8KAo=
|
||||
SIZE (haproxy-2.0.8.tar.gz) = 2546661
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
$OpenBSD: patch-doc_haproxy_1,v 1.6 2019/08/13 00:34:03 danj Exp $
|
||||
$OpenBSD: patch-doc_haproxy_1,v 1.7 2019/11/09 15:52:53 danj Exp $
|
||||
Index: doc/haproxy.1
|
||||
--- doc/haproxy.1.orig
|
||||
+++ doc/haproxy.1
|
||||
@@ -212,8 +212,7 @@ This signal is intercepted and ignored on systems with
|
||||
@@ -217,8 +217,7 @@ This signal is intercepted and ignored on systems with
|
||||
|
||||
.SH SEE ALSO
|
||||
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-include_proto_openssl-compat_h,v 1.8 2019/06/10 23:01:13 danj Exp $
|
||||
|
||||
Index: include/proto/openssl-compat.h
|
||||
--- include/proto/openssl-compat.h.orig
|
||||
+++ include/proto/openssl-compat.h
|
||||
@@ -89,7 +89,7 @@ static inline int SSL_SESSION_set1_id_context(SSL_SESS
|
||||
}
|
||||
#endif
|
||||
|
||||
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
|
||||
/*
|
||||
* Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
|
||||
*/
|
||||
@ -1,96 +0,0 @@
|
||||
$OpenBSD: patch-src_ssl_sock_c,v 1.12 2019/08/13 00:34:03 danj Exp $
|
||||
|
||||
Index: src/ssl_sock.c
|
||||
--- src/ssl_sock.c.orig
|
||||
+++ src/ssl_sock.c
|
||||
@@ -2175,7 +2175,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *
|
||||
SSL_set_SSL_CTX(ssl, ctx);
|
||||
}
|
||||
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)) || defined(OPENSSL_IS_BORINGSSL)
|
||||
|
||||
static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
|
||||
{
|
||||
@@ -3919,7 +3919,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
|
||||
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
|
||||
-#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (bind_conf->ssl_conf.early_data) {
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
|
||||
SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
|
||||
@@ -5216,7 +5216,7 @@ int ssl_sock_handshake(struct connection *conn, unsign
|
||||
if (!conn->xprt_ctx)
|
||||
goto out_error;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
/*
|
||||
* Check if we have early data. If we do, we have to read them
|
||||
* before SSL_do_handshake() is called, And there's no way to
|
||||
@@ -5284,11 +5284,11 @@ int ssl_sock_handshake(struct connection *conn, unsign
|
||||
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
|
||||
conn->flags &= ~CO_FL_WAIT_L4_CONN;
|
||||
if (!conn->err_code) {
|
||||
-#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
|
||||
+#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
conn->err_code = CO_ER_SSL_HANDSHAKE;
|
||||
#else
|
||||
int empty_handshake;
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
||||
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
|
||||
empty_handshake = state == TLS_ST_BEFORE;
|
||||
#else
|
||||
@@ -5368,11 +5368,11 @@ check_error:
|
||||
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
|
||||
conn->flags &= ~CO_FL_WAIT_L4_CONN;
|
||||
if (!conn->err_code) {
|
||||
-#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
|
||||
+#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
conn->err_code = CO_ER_SSL_HANDSHAKE;
|
||||
#else
|
||||
int empty_handshake;
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
||||
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
|
||||
empty_handshake = state == TLS_ST_BEFORE;
|
||||
#else
|
||||
@@ -5416,7 +5416,7 @@ check_error:
|
||||
goto out_error;
|
||||
}
|
||||
}
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
else {
|
||||
/*
|
||||
* If the server refused the early data, we have to send a
|
||||
@@ -5527,7 +5527,7 @@ static size_t ssl_sock_to_buf(struct connection *conn,
|
||||
continue;
|
||||
}
|
||||
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (conn->flags & CO_FL_EARLY_SSL_HS) {
|
||||
size_t read_length;
|
||||
|
||||
@@ -5658,7 +5658,7 @@ static size_t ssl_sock_from_buf(struct connection *con
|
||||
* in which case we accept to do it once again.
|
||||
*/
|
||||
while (count) {
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
size_t written_data;
|
||||
#endif
|
||||
|
||||
@@ -5679,7 +5679,7 @@ static size_t ssl_sock_from_buf(struct connection *con
|
||||
conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
|
||||
}
|
||||
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (!SSL_is_init_finished(conn->xprt_ctx) && conn_is_back(conn)) {
|
||||
unsigned int max_early;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user