dockerfiles/boring-nginx/boring.patch

diff -Naur nginx-1.11.5/src/event/ngx_event_openssl.c nginx-1.11.5-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.5/src/event/ngx_event_openssl.c	2016-10-11 18:30:28.956383557 +0200
+++ nginx-1.11.5-patched/src/event/ngx_event_openssl.c	2016-10-11 18:34:41.226899170 +0200
@@ -2016,7 +2016,9 @@
 
             /* handshake failures */
         if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */
+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
             || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  /*  129 */
+#endif
             || n == SSL_R_DIGEST_CHECK_FAILED                        /*  149 */
             || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              /*  151 */
             || n == SSL_R_EXCESSIVE_MESSAGE_SIZE                     /*  152 */
@@ -2024,7 +2026,9 @@
 #ifdef SSL_R_NO_CIPHERS_PASSED
             || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
 #endif
+#ifdef SSL_R_NO_CIPHERS_SPECIFIED
             || n == SSL_R_NO_CIPHERS_SPECIFIED                       /*  183 */
+#endif
             || n == SSL_R_NO_COMPRESSION_SPECIFIED                   /*  187 */
             || n == SSL_R_NO_SHARED_CIPHER                           /*  193 */
             || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
diff -Naur nginx-1.11.5/src/http/ngx_http_upstream.c nginx-1.11.5-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.5/src/http/ngx_http_upstream.c	2016-10-11 18:31:13.368121756 +0200
+++ nginx-1.11.5-patched/src/http/ngx_http_upstream.c	2016-10-11 18:35:17.470686369 +0200
@@ -1696,7 +1696,7 @@
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "upstream SSL server name: \"%s\"", name.data);
 
-    if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+    if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {
         ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
                       "SSL_set_tlsext_host_name(\"%s\") failed", name.data);
         return NGX_ERROR;
boring-nginx: update patch 2016-10-11 18:36:19 +02:00			`diff -Naur nginx-1.11.5/src/event/ngx_event_openssl.c nginx-1.11.5-patched/src/event/ngx_event_openssl.c`
			`--- nginx-1.11.5/src/event/ngx_event_openssl.c 2016-10-11 18:30:28.956383557 +0200`
			`+++ nginx-1.11.5-patched/src/event/ngx_event_openssl.c 2016-10-11 18:34:41.226899170 +0200`
boring-nginx: fix patch 2016-09-16 00:57:03 +02:00			`@@ -2016,7 +2016,9 @@`

better boring.patch 2016-05-31 21:54:41 +02:00			`/* handshake failures */`
			`if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */`
			`+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG`
			`\|\| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */`
			`+#endif`
			`\|\| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */`
			`\|\| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */`
			`\|\| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */`
boring-nginx: fix patch 2016-09-16 00:57:03 +02:00			`@@ -2024,7 +2026,9 @@`
			`#ifdef SSL_R_NO_CIPHERS_PASSED`
better boring.patch 2016-05-31 21:54:41 +02:00			`\|\| n == SSL_R_NO_CIPHERS_PASSED /* 182 */`
boring-nginx: fix patch 2016-09-16 00:57:03 +02:00			`#endif`
better boring.patch 2016-05-31 21:54:41 +02:00			`+#ifdef SSL_R_NO_CIPHERS_SPECIFIED`
			`\|\| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */`
			`+#endif`
			`\|\| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */`
			`\|\| n == SSL_R_NO_SHARED_CIPHER /* 193 */`
			`\|\| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */`
boring-nginx: update patch 2016-10-11 18:36:19 +02:00			`diff -Naur nginx-1.11.5/src/http/ngx_http_upstream.c nginx-1.11.5-patched/src/http/ngx_http_upstream.c`
			`--- nginx-1.11.5/src/http/ngx_http_upstream.c 2016-10-11 18:31:13.368121756 +0200`
			`+++ nginx-1.11.5-patched/src/http/ngx_http_upstream.c 2016-10-11 18:35:17.470686369 +0200`
			`@@ -1696,7 +1696,7 @@`
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,`
			`"upstream SSL server name: \"%s\"", name.data);`
boring-nginx: fix patch 2016-09-16 00:57:03 +02:00
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`- if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {`
better boring.patch 2016-05-31 21:54:41 +02:00			`+ if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {`
add boring-nginx, based on reverse 2016-05-29 02:09:20 +02:00			`ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,`
			`"SSL_set_tlsext_host_name(\"%s\") failed", name.data);`
			`return NGX_ERROR;`