dockerfiles/boring-nginx/boring.patch

diff -ur nginx-1.11.1/src/event/ngx_event_openssl.c nginx-1.11.1-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.1/src/event/ngx_event_openssl.c	2016-06-01 07:32:19.447914116 +0200
+++ nginx-1.11.1-patched/src/event/ngx_event_openssl.c	2016-06-01 07:34:11.267362975 +0200
@@ -1994,13 +1994,17 @@

             /* handshake failures */
         if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */
+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
             || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  /*  129 */
+#endif
             || n == SSL_R_DIGEST_CHECK_FAILED                        /*  149 */
             || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              /*  151 */
             || n == SSL_R_EXCESSIVE_MESSAGE_SIZE                     /*  152 */
             || n == SSL_R_LENGTH_MISMATCH                            /*  159 */
             || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
+#ifdef SSL_R_NO_CIPHERS_SPECIFIED
             || n == SSL_R_NO_CIPHERS_SPECIFIED                       /*  183 */
+#endif
             || n == SSL_R_NO_COMPRESSION_SPECIFIED                   /*  187 */
             || n == SSL_R_NO_SHARED_CIPHER                           /*  193 */
             || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
diff -ur nginx-1.11.1/src/http/ngx_http_upstream.c nginx-1.11.1-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.1/src/http/ngx_http_upstream.c	2016-06-01 07:32:25.935882743 +0200
+++ nginx-1.11.1-patched/src/http/ngx_http_upstream.c	2016-06-01 07:34:57.047131542 +0200
@@ -1690,7 +1690,7 @@
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "upstream SSL server name: \"%s\"", name.data);

-    if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+    if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {
         ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
                       "SSL_set_tlsext_host_name(\"%s\") failed", name.data);
         return NGX_ERROR;
several enhancements 2016-06-01 07:38:10 +02:00			`diff -ur nginx-1.11.1/src/event/ngx_event_openssl.c nginx-1.11.1-patched/src/event/ngx_event_openssl.c`
			`--- nginx-1.11.1/src/event/ngx_event_openssl.c 2016-06-01 07:32:19.447914116 +0200`
			`+++ nginx-1.11.1-patched/src/event/ngx_event_openssl.c 2016-06-01 07:34:11.267362975 +0200`
better boring.patch 2016-05-31 21:54:41 +02:00			`@@ -1994,13 +1994,17 @@`
several enhancements 2016-06-01 07:38:10 +02:00
better boring.patch 2016-05-31 21:54:41 +02:00			`/* handshake failures */`
			`if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */`
			`+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG`
			`\|\| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */`
			`+#endif`
			`\|\| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */`
			`\|\| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */`
			`\|\| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */`
			`\|\| n == SSL_R_LENGTH_MISMATCH /* 159 */`
			`\|\| n == SSL_R_NO_CIPHERS_PASSED /* 182 */`
			`+#ifdef SSL_R_NO_CIPHERS_SPECIFIED`
			`\|\| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */`
			`+#endif`
			`\|\| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */`
			`\|\| n == SSL_R_NO_SHARED_CIPHER /* 193 */`
			`\|\| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */`
several enhancements 2016-06-01 07:38:10 +02:00			`diff -ur nginx-1.11.1/src/http/ngx_http_upstream.c nginx-1.11.1-patched/src/http/ngx_http_upstream.c`
			`--- nginx-1.11.1/src/http/ngx_http_upstream.c 2016-06-01 07:32:25.935882743 +0200`
			`+++ nginx-1.11.1-patched/src/http/ngx_http_upstream.c 2016-06-01 07:34:57.047131542 +0200`
better boring.patch 2016-05-31 21:54:41 +02:00			`@@ -1690,7 +1690,7 @@`
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,`
			`"upstream SSL server name: \"%s\"", name.data);`
several enhancements 2016-06-01 07:38:10 +02:00
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`- if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {`
better boring.patch 2016-05-31 21:54:41 +02:00			`+ if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {`
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,`
			`"SSL_set_tlsext_host_name(\"%s\") failed", name.data);`
			`return NGX_ERROR;`