From 9e834398de906bea23c8668bd8d78c36c453224a Mon Sep 17 00:00:00 2001
From: spacewander <spacewanderlzx@gmail.com>
Date: Wed, 10 Apr 2019 11:33:55 +0800
Subject: [PATCH] feature: updated the NGINX patches for async SSL session
 fetching to support OpenSSL 1.1.1.

The patch was also renamed from `ssl_pending_session.patch` to
`ssl_sess_cb_yield.patch` (similarly to the existing
`ssl_cert_cb_yield.patch` one).

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
---
 ...h => nginx-1.15.8-ssl_sess_cb_yield.patch} | 20 ++++++++++++++++++-
 util/mirror-tarballs                          | 13 +++++++++---
 2 files changed, 29 insertions(+), 4 deletions(-)
 rename patches/{nginx-1.15.8-ssl_pending_session.patch => nginx-1.15.8-ssl_sess_cb_yield.patch} (50%)

diff --git a/patches/nginx-1.15.8-ssl_pending_session.patch b/patches/nginx-1.15.8-ssl_sess_cb_yield.patch
similarity index 50%
rename from patches/nginx-1.15.8-ssl_pending_session.patch
rename to patches/nginx-1.15.8-ssl_sess_cb_yield.patch
index 10122f8..e62f451 100644
--- a/patches/nginx-1.15.8-ssl_pending_session.patch
+++ b/patches/nginx-1.15.8-ssl_sess_cb_yield.patch
@@ -1,6 +1,6 @@
 --- nginx-1.15.8/src/event/ngx_event_openssl.c	2016-07-17 19:20:30.411137606 -0700
 +++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c	2016-07-19 16:53:35.539768477 -0700
-@@ -1307,7 +1307,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
+@@ -1581,7 +1581,15 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
      }
  
  #if OPENSSL_VERSION_NUMBER >= 0x10002000L
@@ -8,9 +8,27 @@
 +    if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
 +#   ifdef SSL_ERROR_PENDING_SESSION
 +        || sslerr == SSL_ERROR_PENDING_SESSION
++
++#   elif defined(SSL_ERROR_WANT_CLIENT_HELLO_CB)
++        || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB
 +#   endif
 +       )
 +    {
          c->read->handler = ngx_ssl_handshake_handler;
          c->write->handler = ngx_ssl_handshake_handler;
  
+diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
+--- a/src/event/ngx_event_openssl.h
++++ b/src/event/ngx_event_openssl.h
+@@ -64,6 +64,11 @@
+ #endif
+ 
+ 
++#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
++#define HAVE_SSL_CLIENT_HELLO_CB_SUPPORT  1
++#endif
++
++
+ struct ngx_ssl_s {
+     SSL_CTX                    *ctx;
+     ngx_log_t                  *log;
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index 0b50b7c..9a142cb 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -414,9 +414,16 @@ echo "$info_txt applying the ssl_cert_cb_yield.patch patch to nginx"
 patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch
 echo
 
-echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
-patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
-echo
+answer=`$root/util/ver-ge "$main_ver" 1.15.8`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
+    patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
+    echo
+else
+    echo "$info_txt applying the ssl_sess_cb_yield.patch patch to nginx"
+    patch -p1 < $root/patches/nginx-$main_ver-ssl_sess_cb_yield.patch
+    echo
+fi
 
 echo "$info_txt applying the upstream_timeout_fields patch for nginx"
 patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1