186526
/
openresty
mirror of https://github.com/openresty/openresty.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,647 Commits 13 Branches 176 Tags 4.6 MiB
Commit Graph

2 Commits

Author SHA1 Message Date
spacewander 2e480157a3 feature: supported OpenSSL 1.1.1 by upgrading the OpenSSL patch. 
Previously, we used the OpenSSL 1.1.1 ClientHello callback to do ssl
session fetching non-blockingly. However, this way cannot handle an edge
case: the ssl session resumption via session ticket might fail, and the
client fallbacks to session ID resumption. The ClientHello callback is
run too early to know if the client will fallback to use session ID
resumption.

Therefore, we have to take back the OpenSSL sess_set_get_cb_yield patch
and upgrade it to adapt OpenSSL 1.1.1.

Thanks Yongjian Xu and crasyangel for their help.

See 08e9e50.

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
 2019-07-17 11:03:34 -07:00
Thibault Charbonnier a51fa56086 change: renamed the 'ssl_pending_session' patch to 'ssl_sess_cb_yield' for NGINX cores 1.17.1 and above. 
Its naming is now aligned with the `ssl_cert_cb_yield` patch.

See 08e9e50 for details on why this renaming was reverted for the 1.15.8
version of this patch.
 2019-07-11 11:38:57 -07:00