186526/openresty
1
0
Fork 0
mirror of https://github.com/openresty/openresty.git synced 2024-10-13 00:29:41 +00:00
Code Issues Projects Releases Wiki Activity

Revert "feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1."

Browse Source 
This reverts commit 9e834398de906bea23c8668bd8d78c36c453224a.

Support for OpenSSL 1.1.1 will come with the 1.17.1 series of NGINX
patches. Since no other 1.15.8.* releases are planned, we are reverting
the state of the 1.15.8 patches to that of the 1.15.8.1 release.
This commit is contained in:
Thibault Charbonnier 2019-07-02 11:55:50 -07:00
parent b04577cd47
commit 08e9e50782
2 changed files with 4 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
patches/nginx-1.15.8-ssl_sess_cb_yield.patch → patches/nginx-1.15.8-ssl_pending_session.patch
View File

@ -1,6 +1,6 @@
--- nginx-1.15.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700 --- nginx-1.15.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700
+++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700 +++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700
@@ -1581,7 +1581,15 @@ ngx_ssl_try_early_data(ngx_connection_t *c) @@ -1307,7 +1307,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
} }
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
@ -8,27 +8,9 @@
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP + if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
+# ifdef SSL_ERROR_PENDING_SESSION +# ifdef SSL_ERROR_PENDING_SESSION
+ || sslerr == SSL_ERROR_PENDING_SESSION + || sslerr == SSL_ERROR_PENDING_SESSION
+
+# elif defined(SSL_ERROR_WANT_CLIENT_HELLO_CB)
+ || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB
+# endif +# endif
+ ) + )
+ { + {
c->read->handler = ngx_ssl_handshake_handler; c->read->handler = ngx_ssl_handshake_handler;
c->write->handler = ngx_ssl_handshake_handler; c->write->handler = ngx_ssl_handshake_handler;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -64,6 +64,11 @@
#endif
+#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
+#define HAVE_SSL_CLIENT_HELLO_CB_SUPPORT 1
+#endif
+
+
struct ngx_ssl_s {
SSL_CTX *ctx;
ngx_log_t *log;

13
util/mirror-tarballs
View File

@ -414,16 +414,9 @@ echo "$info_txt applying the ssl_cert_cb_yield.patch patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch
echo echo
answer=`$root/util/ver-ge "$main_ver" 1.15.8` echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
if [ "$answer" = "N" ]; then patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
echo "$info_txt applying the ssl_pending_session.patch patch to nginx" echo
patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
echo
else
echo "$info_txt applying the ssl_sess_cb_yield.patch patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-ssl_sess_cb_yield.patch
echo
fi
echo "$info_txt applying the upstream_timeout_fields patch for nginx" echo "$info_txt applying the upstream_timeout_fields patch for nginx"
patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1 patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1