dockerfiles/boring-nginx/boring.patch

diff -ur nginx-1.11.0/src/event/ngx_event_openssl.c nginx-1.11.0-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.0/src/event/ngx_event_openssl.c	2016-05-24 16:54:42.000000000 +0100
+++ nginx-1.11.0-patched/src/event/ngx_event_openssl.c	2016-05-26 18:12:03.114511014 +0100
@@ -1994,13 +1994,17 @@
 
             /* handshake failures */
         if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */
+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
             || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  /*  129 */
+#endif
             || n == SSL_R_DIGEST_CHECK_FAILED                        /*  149 */
             || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              /*  151 */
             || n == SSL_R_EXCESSIVE_MESSAGE_SIZE                     /*  152 */
             || n == SSL_R_LENGTH_MISMATCH                            /*  159 */
             || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
+#ifdef SSL_R_NO_CIPHERS_SPECIFIED
             || n == SSL_R_NO_CIPHERS_SPECIFIED                       /*  183 */
+#endif
             || n == SSL_R_NO_COMPRESSION_SPECIFIED                   /*  187 */
             || n == SSL_R_NO_SHARED_CIPHER                           /*  193 */
             || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
diff -ur nginx-1.11.0/src/http/ngx_http_upstream.c nginx-1.11.0-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.0/src/http/ngx_http_upstream.c	2016-05-24 16:54:43.000000000 +0100
+++ nginx-1.11.0-patched/src/http/ngx_http_upstream.c	2016-05-26 18:12:23.166741658 +0100
@@ -1690,7 +1690,7 @@
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "upstream SSL server name: \"%s\"", name.data);
 
-    if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+    if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {
         ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
                       "SSL_set_tlsext_host_name(\"%s\") failed", name.data);
         return NGX_ERROR;
better boring.patch 2016-05-31 21:54:41 +02:00			`diff -ur nginx-1.11.0/src/event/ngx_event_openssl.c nginx-1.11.0-patched/src/event/ngx_event_openssl.c`
			`--- nginx-1.11.0/src/event/ngx_event_openssl.c 2016-05-24 16:54:42.000000000 +0100`
			`+++ nginx-1.11.0-patched/src/event/ngx_event_openssl.c 2016-05-26 18:12:03.114511014 +0100`
			`@@ -1994,13 +1994,17 @@`

			`/* handshake failures */`
			`if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */`
			`+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG`
			`\|\| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */`
			`+#endif`
			`\|\| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */`
			`\|\| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */`
			`\|\| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */`
			`\|\| n == SSL_R_LENGTH_MISMATCH /* 159 */`
			`\|\| n == SSL_R_NO_CIPHERS_PASSED /* 182 */`
			`+#ifdef SSL_R_NO_CIPHERS_SPECIFIED`
			`\|\| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */`
			`+#endif`
			`\|\| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */`
			`\|\| n == SSL_R_NO_SHARED_CIPHER /* 193 */`
			`\|\| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */`
			`diff -ur nginx-1.11.0/src/http/ngx_http_upstream.c nginx-1.11.0-patched/src/http/ngx_http_upstream.c`
			`--- nginx-1.11.0/src/http/ngx_http_upstream.c 2016-05-24 16:54:43.000000000 +0100`
			`+++ nginx-1.11.0-patched/src/http/ngx_http_upstream.c 2016-05-26 18:12:23.166741658 +0100`
			`@@ -1690,7 +1690,7 @@`
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,`
			`"upstream SSL server name: \"%s\"", name.data);`

			`- if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {`
better boring.patch 2016-05-31 21:54:41 +02:00			`+ if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {`
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,`
			`"SSL_set_tlsext_host_name(\"%s\") failed", name.data);`
			`return NGX_ERROR;`