| @@ -1,44 +1,3489 @@
-# HG changeset patch
-# User Piotr Sikora <piotr@cloudflare.com>
-# Date 1405415679 25200
-# Tue Jul 15 02:14:39 2014 -0700
-# Node ID 9efeeb95b07de85b8b7bbe50fa2a7e777b722855
-# Parent abd460ece11e9c85d4c0c4a8e6ac46cfb5fa62b5
-SSL: let it build against LibreSSL.
-
-LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0, so tests
-for OpenSSL-1.0.2+ are now passing, even though the library doesn't
-provide functions that we expect from that release of OpenSSL.
-
-Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
-
-diff -r abd460ece11e -r 9efeeb95b07d src/event/ngx_event_openssl.c
---- a/src/event/ngx_event_openssl.c Wed Jul 09 12:27:15 2014 -0700
-+++ b/src/event/ngx_event_openssl.c Tue Jul 15 02:14:39 2014 -0700
-@@ -50,7 +50,7 @@ static int ngx_ssl_session_ticket_key_ca
+diff -rupN nginx-1.7.6/src/event/ngx_event_openssl.c nginx-1.7.6-libre/src/event/ngx_event_openssl.c
+--- nginx-1.7.6/src/event/ngx_event_openssl.c 2014-09-30 15:20:34.000000000 +0200
++++ nginx-1.7.6-libre/src/event/ngx_event_openssl.c 2014-10-17 22:22:47.416600400 +0200
+@@ -52,7 +52,7 @@ static int ngx_ssl_session_ticket_key_ca
HMAC_CTX *hctx, int enc);
#endif
--#if OPENSSL_VERSION_NUMBER < 0x10002002L
-+#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
+-#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10002002L
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif
-@@ -2733,7 +2733,7 @@ ngx_ssl_check_host(ngx_connection_t *c,
+@@ -2854,7 +2854,7 @@ ngx_ssl_check_host(ngx_connection_t *c,
return NGX_ERROR;
}
--#if OPENSSL_VERSION_NUMBER >= 0x10002002L
-+#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER)
+-#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10002002L
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
-@@ -2850,7 +2850,7 @@ found:
+@@ -2971,7 +2971,7 @@ found:
}
--#if OPENSSL_VERSION_NUMBER < 0x10002002L
-+#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
+-#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10002002L
static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
+diff -rupN nginx-1.7.6/src/event/ngx_event_openssl.c.orig nginx-1.7.6-libre/src/event/ngx_event_openssl.c.orig
+--- nginx-1.7.6/src/event/ngx_event_openssl.c.orig 1970-01-01 01:00:00.000000000 +0100
++++ nginx-1.7.6-libre/src/event/ngx_event_openssl.c.orig 2014-09-30 15:20:34.000000000 +0200
+@@ -0,0 +1,3455 @@
++
++/*
++ * Copyright (C) Igor Sysoev
++ * Copyright (C) Nginx, Inc.
++ */
++
++
++#include <ngx_config.h>
++#include <ngx_core.h>
++#include <ngx_event.h>
++
++
++#define NGX_SSL_PASSWORD_BUFFER_SIZE 4096
++
++
++typedef struct {
++ ngx_uint_t engine; /* unsigned engine:1; */
++} ngx_openssl_conf_t;
++
++
++static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
++ void *userdata);
++static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
++static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
++ int ret);
++static void ngx_ssl_passwords_cleanup(void *data);
++static void ngx_ssl_handshake_handler(ngx_event_t *ev);
++static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
++static void ngx_ssl_write_handler(ngx_event_t *wev);
++static void ngx_ssl_read_handler(ngx_event_t *rev);
++static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
++static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
++ ngx_err_t err, char *text);
++static void ngx_ssl_clear_error(ngx_log_t *log);
++
++static ngx_int_t ngx_ssl_session_id_context(ngx_ssl_t *ssl,
++ ngx_str_t *sess_ctx);
++ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
++static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
++ ngx_ssl_session_t *sess);
++static ngx_ssl_session_t *ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
++ u_char *id, int len, int *copy);
++static void ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
++static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
++ ngx_slab_pool_t *shpool, ngx_uint_t n);
++static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
++ ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
++
++#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
++static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
++ unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
++ HMAC_CTX *hctx, int enc);
++#endif
++
++#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
++static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
++#endif
++
++static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
++static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
++static void ngx_openssl_exit(ngx_cycle_t *cycle);
++
++
++static ngx_command_t ngx_openssl_commands[] = {
++
++ { ngx_string("ssl_engine"),
++ NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
++ ngx_openssl_engine,
++ 0,
++ 0,
++ NULL },
++
++ ngx_null_command
++};
++
++
++static ngx_core_module_t ngx_openssl_module_ctx = {
++ ngx_string("openssl"),
++ ngx_openssl_create_conf,
++ NULL
++};
++
++
++ngx_module_t ngx_openssl_module = {
++ NGX_MODULE_V1,
++ &ngx_openssl_module_ctx, /* module context */
++ ngx_openssl_commands, /* module directives */
++ NGX_CORE_MODULE, /* module type */
++ NULL, /* init master */
++ NULL, /* init module */
++ NULL, /* init process */
++ NULL, /* init thread */
++ NULL, /* exit thread */
++ NULL, /* exit process */
++ ngx_openssl_exit, /* exit master */
++ NGX_MODULE_V1_PADDING
++};
++
++
++int ngx_ssl_connection_index;
++int ngx_ssl_server_conf_index;
++int ngx_ssl_session_cache_index;
++int ngx_ssl_session_ticket_keys_index;
++int ngx_ssl_certificate_index;
++int ngx_ssl_stapling_index;
++
++
++ngx_int_t
++ngx_ssl_init(ngx_log_t *log)
++{
++#ifndef OPENSSL_IS_BORINGSSL
++ OPENSSL_config(NULL);
++#endif
++
++ SSL_library_init();
++ SSL_load_error_strings();
++
++ OpenSSL_add_all_algorithms();
++
++#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
++#ifndef SSL_OP_NO_COMPRESSION
++ {
++ /*
++ * Disable gzip compression in OpenSSL prior to 1.0.0 version,
++ * this saves about 522K per connection.
++ */
++ int n;
++ STACK_OF(SSL_COMP) *ssl_comp_methods;
++
++ ssl_comp_methods = SSL_COMP_get_compression_methods();
++ n = sk_SSL_COMP_num(ssl_comp_methods);
++
++ while (n--) {
++ (void) sk_SSL_COMP_pop(ssl_comp_methods);
++ }
++ }
++#endif
++#endif
++
|
