From ce5b2e3773cc9f65eb489fe522d66be1694c125a Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 28 Jan 2023 15:36:38 +0100
Subject: [PATCH] apacheHttpd: add option to build experimental mod_tls

https://httpd.apache.org/docs/2.4/mod/mod_tls.html

Note: the attribute has been named `modTlsSupport` instead of
`tlsSupport` to try to limit the confusion with the existing
`sslSupport` attribute.
---
 pkgs/development/libraries/rustls-ffi/default.nix | 6 +++++-
 pkgs/servers/http/apache-httpd/2.4.nix            | 4 ++++
 pkgs/top-level/all-packages.nix                   | 4 +++-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/rustls-ffi/default.nix b/pkgs/development/libraries/rustls-ffi/default.nix
index 688754771dc..cf82505f714 100644
--- a/pkgs/development/libraries/rustls-ffi/default.nix
+++ b/pkgs/development/libraries/rustls-ffi/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, rustPlatform, Security }:
+{ lib, stdenv, fetchFromGitHub, rustPlatform, Security, apacheHttpd }:
 
 rustPlatform.buildRustPackage rec {
   pname = "rustls-ffi";
@@ -26,6 +26,10 @@ rustPlatform.buildRustPackage rec {
     runHook postInstall
   '';
 
+  passthru.tests = {
+    apacheHttpd = apacheHttpd.override { modTlsSupport = true; };
+  };
+
   meta = with lib; {
     description = "C-to-rustls bindings";
     homepage = "https://github.com/rustls/rustls-ffi/";
diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix
index fa20e460554..c16e9be80dc 100644
--- a/pkgs/servers/http/apache-httpd/2.4.nix
+++ b/pkgs/servers/http/apache-httpd/2.4.nix
@@ -2,6 +2,7 @@
 , nixosTests
 , proxySupport ? true
 , sslSupport ? true, openssl
+, modTlsSupport ? false, rustls-ffi, Foundation
 , http2Support ? true, nghttp2
 , ldapSupport ? true, openldap
 , libxml2Support ? true, libxml2
@@ -27,6 +28,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ perl libxcrypt ] ++
     lib.optional brotliSupport brotli ++
     lib.optional sslSupport openssl ++
+    lib.optional modTlsSupport rustls-ffi ++
+    lib.optional (modTlsSupport && stdenv.isDarwin) Foundation ++
     lib.optional ldapSupport openldap ++    # there is no --with-ldap flag
     lib.optional libxml2Support libxml2 ++
     lib.optional http2Support nghttp2 ++
@@ -55,6 +58,7 @@ stdenv.mkDerivation rec {
     "--includedir=${placeholder "dev"}/include"
     (lib.enableFeature proxySupport "proxy")
     (lib.enableFeature sslSupport "ssl")
+    (lib.enableFeature modTlsSupport "tls")
     (lib.withFeatureAs libxml2Support "libxml2" "${libxml2.dev}/include/libxml2")
     "--docdir=$(doc)/share/doc"
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 8f3c54fec6f..e9abfbaefde 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -24544,7 +24544,9 @@ with pkgs;
 
   apache-directory-server = callPackage ../servers/ldap/apache-directory-server { };
 
-  apacheHttpd_2_4 = callPackage ../servers/http/apache-httpd/2.4.nix { };
+  apacheHttpd_2_4 = callPackage ../servers/http/apache-httpd/2.4.nix {
+    inherit (darwin.apple_sdk.frameworks) Foundation;
+  };
   apacheHttpd = apacheHttpd_2_4;
 
   apacheHttpdPackagesFor = apacheHttpd: self: let callPackage = newScope self; in {