From 3e1b7be3abb5424a906d57fb4e5bcb64db5b4fda Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 7 Jan 2024 18:22:01 +0100
Subject: [PATCH] package/stunnel: fix build without psk

Fix the following build failure without psk raised since bump to version
5.71 in commit 059259eabbd8d15c1e60c0c3b8631d0c02b93898:

ocsp.c: In function 'ocsp_init':
ocsp.c:112:20: error: 'SERVICE_OPTIONS' {aka 'struct service_options_struct'} has no member named 'psk_keys'
  112 |         if(!section->psk_keys) {
      |                    ^~

Fixes:
 - http://autobuild.buildroot.org/results/1707beea413a8da8713ad2dc59db947329da45d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 ...ocsp.c-fix-build-with-OPENSSL_NO_PSK.patch | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 package/stunnel/0001-src-ocsp.c-fix-build-with-OPENSSL_NO_PSK.patch

diff --git a/package/stunnel/0001-src-ocsp.c-fix-build-with-OPENSSL_NO_PSK.patch b/package/stunnel/0001-src-ocsp.c-fix-build-with-OPENSSL_NO_PSK.patch
new file mode 100644
index 0000000000..a8edc1d465
--- /dev/null
+++ b/package/stunnel/0001-src-ocsp.c-fix-build-with-OPENSSL_NO_PSK.patch
@@ -0,0 +1,45 @@
+From 93e5cdd68b13cc3161d9b0094b0f331bdaf07cbc Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 6 Jan 2024 17:28:20 +0100
+Subject: [PATCH] src/ocsp.c: fix build with OPENSSL_NO_PSK
+
+Fix the following build failure with OPENSSL_NO_PSK:
+
+ocsp.c: In function 'ocsp_init':
+ocsp.c:112:20: error: 'SERVICE_OPTIONS' {aka 'struct service_options_struct'} has no member named 'psk_keys'
+  112 |         if(!section->psk_keys) {
+      |                    ^~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/1707beea413a8da8713ad2dc59db947329da45d2
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Upstream: https://github.com/mtrojnar/stunnel/pull/18
+---
+ src/ocsp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/ocsp.c b/src/ocsp.c
+index 5073ded..12792af 100644
+--- a/src/ocsp.c
++++ b/src/ocsp.c
+@@ -109,12 +109,16 @@ int ocsp_init(SERVICE_OPTIONS *section) {
+         s_log(LOG_DEBUG, "OCSP: Client OCSP stapling enabled");
+     } else {
+ #if OPENSSL_VERSION_NUMBER>=0x10002000L
++#ifndef OPENSSL_NO_PSK
+         if(!section->psk_keys) {
++#endif
+             if(SSL_CTX_set_tlsext_status_cb(section->ctx, ocsp_server_cb)==TLSEXT_STATUSTYPE_ocsp)
+                 s_log(LOG_DEBUG, "OCSP: Server OCSP stapling enabled");
++#ifndef OPENSSL_NO_PSK
+         } else {
+             s_log(LOG_NOTICE, "OCSP: Server OCSP stapling is incompatible with PSK");
+         }
++#endif
+ #else /* OpenSSL version 1.0.2 or later */
+         s_log(LOG_NOTICE, "OCSP: Server OCSP stapling not supported");
+ #endif /* OpenSSL version 1.0.2 or later */
+-- 
+2.43.0
+