From 97082f12a6de70625e21bc22fe2d0c1f65797f52 Mon Sep 17 00:00:00 2001 From: Sean Khan Date: Wed, 24 Apr 2024 18:02:02 -0400 Subject: [PATCH] nginx: QUIC: Fix SSL 3.0 deprecated function `EVP_CIPHER_CTX_cipher()` function was deprecated in OpenSSL 3.0. As per OpenSSL's recommendation (https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_get0_cipher.html) switch to using `EVP_CIPHER_CTX_get0_cipher()` instead. With this change and recent commit to nginx-util #23935. We should now be able to build nginx + modules with fully compliant calls to OpenSSL 3.0+ with legacy features disabled. Signed-off-by: Sean Khan Link: https://github.com/openwrt/packages/pull/24005 Signed-off-by: Christian Marangi --- net/nginx/Makefile | 2 +- .../nginx/300-fix-deprecated-openssl-3_0.patch | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 9c7c36b8c4..3135fab7e6 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.25.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ diff --git a/net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch b/net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch new file mode 100644 index 0000000000..6055df490a --- /dev/null +++ b/net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch @@ -0,0 +1,12 @@ +--- a/src/event/quic/ngx_event_quic_protection.c ++++ b/src/event/quic/ngx_event_quic_protection.c +@@ -510,7 +510,7 @@ ngx_quic_crypto_common(ngx_quic_secret_t + } + } + +- if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE ++ if (EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(ctx)) == EVP_CIPH_CCM_MODE + && EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1) + { + ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed"); +