diff options
| author | Janne Heß <janne@hess.ooo> | 2021-11-05 13:02:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-05 13:02:47 +0100 |
| commit | 83ab81ae89265e3051c34e86299df69a57d2362a (patch) | |
| tree | 4b97a4ec2a13ad2cbd3864e2aeb9db534a5ca28c /pkgs/development/libraries/openssl | |
| parent | 6d6ab8e9ce9764b44a6324965927e81eaef49436 (diff) | |
| parent | 613a0bffcdc5189ef53ef2c4ed5550d9ac362f48 (diff) | |
| download | nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.tar nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.tar.gz nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.tar.bz2 nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.tar.lz nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.tar.xz nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.tar.zst nixpkgs-83ab81ae89265e3051c34e86299df69a57d2362a.zip | |
Merge pull request #137004 from baloo/baloo/openssl/3.0.0-init
openssl3: init at 3.0.0
Diffstat (limited to 'pkgs/development/libraries/openssl')
| -rw-r--r-- | pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch | 15 | ||||
| -rw-r--r-- | pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch | 22 | ||||
| -rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 26 | ||||
| -rw-r--r-- | pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch (renamed from pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch) | 0 | ||||
| -rw-r--r-- | pkgs/development/libraries/openssl/use-etc-ssl-certs.patch (renamed from pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch) | 0 |
5 files changed, 61 insertions, 2 deletions
diff --git a/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch new file mode 100644 index 00000000000..e7090f49db6 --- /dev/null +++ b/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch @@ -0,0 +1,15 @@ +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index 37d73ca84c..e328896234 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -54,7 +54,9 @@ static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = ossl_safe_getenv(X509_get_default_cert_file_env()); ++ file = ossl_safe_getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = ossl_safe_getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file_ex(ctx, file, X509_FILETYPE_PEM, + libctx, propq) != 0); diff --git a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch new file mode 100644 index 00000000000..baf162e88d0 --- /dev/null +++ b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch @@ -0,0 +1,22 @@ +diff --git a/Configure b/Configure +index f0ad787bc4..a48d2008c6 100755 +--- a/Configure ++++ b/Configure +@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) { + unless ($disabled{ktls}) { + $config{ktls}=""; + if ($target =~ m/^linux/) { +- my $usr = "/usr/$config{cross_compile_prefix}"; +- chop($usr); +- if ($config{cross_compile_prefix} eq "") { +- $usr = "/usr"; +- } +- my $minver = (4 << 16) + (13 << 8) + 0; +- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`); +- +- if ($verstr[2] < $minver) { +- disable('too-old-kernel', 'ktls'); +- } + } elsif ($target =~ m/^BSD/) { + my $cc = $config{CROSS_COMPILE}.$config{CC}; + system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1"); diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index ca44788a289..ca2e240dd86 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -198,11 +198,33 @@ in { ./1.1/nix-ssl-cert-file.patch (if stdenv.hostPlatform.isDarwin - then ./1.1/use-etc-ssl-certs-darwin.patch - else ./1.1/use-etc-ssl-certs.patch) + then ./use-etc-ssl-certs-darwin.patch + else ./use-etc-ssl-certs.patch) ] ++ lib.optionals (stdenv.isDarwin) [ ./1.1/macos-yosemite-compat.patch ]; withDocs = true; }; + + openssl_3_0 = common { + version = "3.0.0"; + sha256 = "sha256-We7fy0bCUhTJvTftYHgpe03wHQEiZ/6enu4x9hvHBTY="; + patches = [ + ./3.0/nix-ssl-cert-file.patch + + # openssl will only compile in KTLS if the current kernel supports it. + # This patch disables build-time detection. + ./3.0/openssl-disable-kernel-detection.patch + + (if stdenv.hostPlatform.isDarwin + then ./use-etc-ssl-certs-darwin.patch + else ./use-etc-ssl-certs.patch) + ]; + + withDocs = true; + + extraMeta = with lib; { + license = licenses.asl20; + }; + }; } diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch index 2c98ccfa7ed..2c98ccfa7ed 100644 --- a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch +++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch index 67d199681f9..67d199681f9 100644 --- a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch +++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch |