feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1.

The patch was also renamed from `ssl_pending_session.patch` to
`ssl_sess_cb_yield.patch` (similarly to the existing
`ssl_cert_cb_yield.patch` one).

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
This commit is contained in:
spacewander 2019-04-10 11:33:55 +08:00 committed by Thibault Charbonnier
parent 547fdd5fb2
commit 9e834398de
2 changed files with 29 additions and 4 deletions

View File

@ -1,6 +1,6 @@
--- nginx-1.15.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700
+++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700
@@ -1307,7 +1307,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
@@ -1581,7 +1581,15 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
@ -8,9 +8,27 @@
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
+# ifdef SSL_ERROR_PENDING_SESSION
+ || sslerr == SSL_ERROR_PENDING_SESSION
+
+# elif defined(SSL_ERROR_WANT_CLIENT_HELLO_CB)
+ || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB
+# endif
+ )
+ {
c->read->handler = ngx_ssl_handshake_handler;
c->write->handler = ngx_ssl_handshake_handler;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -64,6 +64,11 @@
#endif
+#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
+#define HAVE_SSL_CLIENT_HELLO_CB_SUPPORT 1
+#endif
+
+
struct ngx_ssl_s {
SSL_CTX *ctx;
ngx_log_t *log;

View File

@ -414,9 +414,16 @@ echo "$info_txt applying the ssl_cert_cb_yield.patch patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch
echo
echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
echo
answer=`$root/util/ver-ge "$main_ver" 1.15.8`
if [ "$answer" = "N" ]; then
echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
echo
else
echo "$info_txt applying the ssl_sess_cb_yield.patch patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-ssl_sess_cb_yield.patch
echo
fi
echo "$info_txt applying the upstream_timeout_fields patch for nginx"
patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1