From 0db4ebbf1f3187b12c44f78a363dff79ca344aad Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Tue, 7 Sep 2021 23:16:56 +0000
Subject: [PATCH] openssl3: disable build-time feature detection

This enables KTLS support on linux.

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
---
 .../openssl-disable-kernel-detection.patch    | 22 +++++++++++++++++++
 .../development/libraries/openssl/default.nix |  6 +++++
 2 files changed, 28 insertions(+)
 create mode 100644 pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch

diff --git a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
new file mode 100644
index 000000000000..baf162e88d09
--- /dev/null
+++ b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
@@ -0,0 +1,22 @@
+diff --git a/Configure b/Configure
+index f0ad787bc4..a48d2008c6 100755
+--- a/Configure
++++ b/Configure
+@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) {
+ unless ($disabled{ktls}) {
+     $config{ktls}="";
+     if ($target =~ m/^linux/) {
+-        my $usr = "/usr/$config{cross_compile_prefix}";
+-        chop($usr);
+-        if ($config{cross_compile_prefix} eq "") {
+-            $usr = "/usr";
+-        }
+-        my $minver = (4 << 16) + (13 << 8) + 0;
+-        my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
+-
+-        if ($verstr[2] < $minver) {
+-            disable('too-old-kernel', 'ktls');
+-        }
+     } elsif ($target =~ m/^BSD/) {
+         my $cc = $config{CROSS_COMPILE}.$config{CC};
+         system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 2a7e58639a1c..bdc7f17fcd7e 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -211,10 +211,16 @@ in {
     sha256 = "sha256-We7fy0bCUhTJvTftYHgpe03wHQEiZ/6enu4x9hvHBTY=";
     patches = [
       ./3.0/nix-ssl-cert-file.patch
+
+      # openssl will only compile in KTLS if the current kernel supports it.
+      # This patch disables build-time detection.
+      ./3.0/openssl-disable-kernel-detection.patch
+
       (if stdenv.hostPlatform.isDarwin
        then ./use-etc-ssl-certs-darwin.patch
        else ./use-etc-ssl-certs.patch)
     ];
+
     withDocs = true;
   };
 }