From 09e3b0fa356c087b27ca7197024bf0210455a73c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 16 May 2014 17:13:19 +0200
Subject: [PATCH] pound: Allow to use legacy renegotiation.

---
 lfs/pound                                     |  3 ++-
 .../pound-2.7-legacy-regnegotiation.patch     | 25 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 src/patches/pound-2.7-legacy-regnegotiation.patch

diff --git a/lfs/pound b/lfs/pound
index a0f6f29065..52fb293228 100644
--- a/lfs/pound
+++ b/lfs/pound
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = pound
-PAK_VER    = 7
+PAK_VER    = 8
 
 DEPS       = ""
 
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/pound-2.7-legacy-regnegotiation.patch
 	cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
diff --git a/src/patches/pound-2.7-legacy-regnegotiation.patch b/src/patches/pound-2.7-legacy-regnegotiation.patch
new file mode 100644
index 0000000000..eb1d772016
--- /dev/null
+++ b/src/patches/pound-2.7-legacy-regnegotiation.patch
@@ -0,0 +1,25 @@
+diff -Nur Pound-2.7c-vanilla/config.c Pound-2.7c/config.c
+--- Pound-2.7c-vanilla/config.c	2014-04-21 13:16:08.000000000 +0200
++++ Pound-2.7c/config.c	2014-05-16 12:57:33.273583192 +0200
+@@ -345,8 +345,10 @@
+ #ifdef  SSL_OP_NO_COMPRESSION
+             SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);
+ #endif
++#if 0
+             SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+             SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
++#endif
+             sprintf(lin, "%d-Pound-%ld", getpid(), random());
+             SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
+             SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);
+@@ -368,8 +370,10 @@
+ #ifdef  SSL_OP_NO_COMPRESSION
+             SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);
+ #endif
++#if 0
+             SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+             SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
++#endif
+             sprintf(lin, "%d-Pound-%ld", getpid(), random());
+             SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
+             SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);
-- 
2.39.2