|
[-]
[+]
|
Changed |
nginx.spec
|
|
|
|
[-]
[+]
|
Added |
boringssl.patch
^
|
| @@ -0,0 +1,66 @@
+From ec439c41f45ce01f0f5e03b8df58f0148e108f83 Mon Sep 17 00:00:00 2001
+From: Yves Laroche <yves.laroche@bluecoala.com>
+Date: Fri, 24 Apr 2015 12:57:48 +0100
+Subject: [PATCH] BoringSSL
+
+---
+ src/core/nginx.c | 8 ++++++++
+ src/event/ngx_event_openssl.c | 2 ++
+ src/event/ngx_event_openssl.h | 1 +
+ 3 files changed, 11 insertions(+)
+
+diff --git a/src/core/nginx.c b/src/core/nginx.c
+index 4702d28..9a0cc89 100644
+--- a/src/core/nginx.c
++++ b/src/core/nginx.c
+@@ -254,6 +254,7 @@ main(int argc, char *const *argv)
+ #endif
+
+ #if (NGX_SSL)
++#ifdef SSLEAY_VERSION_NUMBER
+ if (SSLeay() == SSLEAY_VERSION_NUMBER) {
+ ngx_write_stderr("built with " OPENSSL_VERSION_TEXT
+ NGX_LINEFEED);
+@@ -264,6 +265,13 @@ main(int argc, char *const *argv)
+ SSLeay_version(SSLEAY_VERSION));
+ ngx_write_stderr(")" NGX_LINEFEED);
+ }
++#else
++ ngx_write_stderr("built with " OPENSSL_VERSION_TEXT
++ " (running with ");
++ ngx_write_stderr((char *) (uintptr_t)
++ SSLeay_version(SSLEAY_VERSION));
++ ngx_write_stderr(")" NGX_LINEFEED);
++#endif
+ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ ngx_write_stderr("TLS SNI support enabled" NGX_LINEFEED);
+ #else
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 1b789e6..00d2448 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -1905,7 +1905,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
+
+ /* handshake failures */
+ if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
++#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
+ || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
++#endif
+ || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
+ || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
+ || n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
+diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
+index 08eff64..cc48bb4 100644
+--- a/src/event/ngx_event_openssl.h
++++ b/src/event/ngx_event_openssl.h
+@@ -29,6 +29,7 @@
+ #include <openssl/rsa.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
++#include <openssl/mem.h>
+
+ #define NGX_SSL_NAME "OpenSSL"
+
+--
+2.1.4
+
|
|
[-]
[+]
|
Deleted |
openssl-rc4tilt.patch
^
|
| @@ -1,17 +0,0 @@
-Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch.
-diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c
---- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200
-@@ -3844,6 +3844,11 @@
- (TLS1_get_version(s) < TLS1_2_VERSION))
- continue;
-
-+ /* Disable RC4 for TLS v1.1+ */
-+ if ((c->algorithm_enc == SSL_RC4) &&
-+ (TLS1_get_version(s) >= TLS1_1_VERSION))
-+ continue;
-+
- ssl_set_cert_masks(cert,c);
- mask_k = cert->mask_k;
- mask_a = cert->mask_a;
-Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
|
|
|
Added |
boringssl.tar.gz
^
|
|
|
Deleted |
openssl-1.0.2a.tar.gz
^
|
