1 files changed, 22 insertions, 1 deletions

diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
index 48c02be9c38..b47ad4815b5 100644
--- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
+++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pam, openssl, perl }:
+{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }:
 
 stdenv.mkDerivation rec {
   name = "pam_ssh_agent_auth-0.10.3";
@@ -12,10 +12,31 @@ stdenv.mkDerivation rec {
     [ # Allow multiple colon-separated authorized keys files to be
       # specified in the file= option.
       ./multiple-key-files.patch
+      (fetchpatch {
+        name = "openssl-1.1.1-1.patch";
+        url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch";
+        sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf";
+      })
+      (fetchpatch {
+        name = "openssl-1.1.1-2.patch";
+        url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch";
+        sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww";
+      })
     ];
 
   buildInputs = [ pam openssl perl ];
 
+  # It's not clear to me why this is necessary, but without it, you see:
+  #
+  # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d  10 Sep 2019)
+  # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d  10 Sep 2019)
+  # checking whether OpenSSL's headers match the library... no
+  # configure: WARNING: Your OpenSSL headers do not match your
+  # library. Check config.log for details.
+  #
+  # ...despite the fact that clearly the values match
+  configureFlags = [ "--without-openssl-header-check" ];
+
   enableParallelBuilding = true;
 
   meta = {