feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1.
The patch was also renamed from `ssl_pending_session.patch` to `ssl_sess_cb_yield.patch` (similarly to the existing `ssl_cert_cb_yield.patch` one). Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
This commit is contained in:
parent
547fdd5fb2
commit
9e834398de
|
@ -1,6 +1,6 @@
|
||||||
--- nginx-1.15.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700
|
--- nginx-1.15.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700
|
||||||
+++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700
|
+++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700
|
||||||
@@ -1307,7 +1307,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
|
@@ -1581,7 +1581,15 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
|
||||||
}
|
}
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
|
@ -8,9 +8,27 @@
|
||||||
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
|
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP
|
||||||
+# ifdef SSL_ERROR_PENDING_SESSION
|
+# ifdef SSL_ERROR_PENDING_SESSION
|
||||||
+ || sslerr == SSL_ERROR_PENDING_SESSION
|
+ || sslerr == SSL_ERROR_PENDING_SESSION
|
||||||
|
+
|
||||||
|
+# elif defined(SSL_ERROR_WANT_CLIENT_HELLO_CB)
|
||||||
|
+ || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB
|
||||||
+# endif
|
+# endif
|
||||||
+ )
|
+ )
|
||||||
+ {
|
+ {
|
||||||
c->read->handler = ngx_ssl_handshake_handler;
|
c->read->handler = ngx_ssl_handshake_handler;
|
||||||
c->write->handler = ngx_ssl_handshake_handler;
|
c->write->handler = ngx_ssl_handshake_handler;
|
||||||
|
|
||||||
|
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
|
||||||
|
--- a/src/event/ngx_event_openssl.h
|
||||||
|
+++ b/src/event/ngx_event_openssl.h
|
||||||
|
@@ -64,6 +64,11 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
+#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
|
||||||
|
+#define HAVE_SSL_CLIENT_HELLO_CB_SUPPORT 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+
|
||||||
|
struct ngx_ssl_s {
|
||||||
|
SSL_CTX *ctx;
|
||||||
|
ngx_log_t *log;
|
|
@ -414,9 +414,16 @@ echo "$info_txt applying the ssl_cert_cb_yield.patch patch to nginx"
|
||||||
patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch
|
patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch
|
||||||
echo
|
echo
|
||||||
|
|
||||||
echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
|
answer=`$root/util/ver-ge "$main_ver" 1.15.8`
|
||||||
patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
|
if [ "$answer" = "N" ]; then
|
||||||
echo
|
echo "$info_txt applying the ssl_pending_session.patch patch to nginx"
|
||||||
|
patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch
|
||||||
|
echo
|
||||||
|
else
|
||||||
|
echo "$info_txt applying the ssl_sess_cb_yield.patch patch to nginx"
|
||||||
|
patch -p1 < $root/patches/nginx-$main_ver-ssl_sess_cb_yield.patch
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
|
||||||
echo "$info_txt applying the upstream_timeout_fields patch for nginx"
|
echo "$info_txt applying the upstream_timeout_fields patch for nginx"
|
||||||
patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1
|
patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1
|
||||||
|
|
Loading…
Reference in New Issue