hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

boring-nginx: update patch

Browse Source
This commit is contained in:
Wonderfall 2016-10-11 18:36:19 +02:00
parent 6ebae3b754
commit 08e28c83b0
5 changed files with 63 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
boring-nginx/boring.patch
View File

@ -1,6 +1,6 @@
diff -Naur nginx-1.11.4/src/event/ngx_event_openssl.c nginx-1.11.4-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.4/src/event/ngx_event_openssl.c 2016-09-16 00:49:53.176182112 +0200
+++ nginx-1.11.4-patched/src/event/ngx_event_openssl.c 2016-09-16 00:47:27.636986453 +0200
diff -Naur nginx-1.11.5/src/event/ngx_event_openssl.c nginx-1.11.5-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.5/src/event/ngx_event_openssl.c 2016-10-11 18:30:28.956383557 +0200
+++ nginx-1.11.5-patched/src/event/ngx_event_openssl.c 2016-10-11 18:34:41.226899170 +0200
@@ -2016,7 +2016,9 @@
/* handshake failures */
@ -21,10 +21,10 @@ diff -Naur nginx-1.11.4/src/event/ngx_event_openssl.c nginx-1.11.4-patched/src/e
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
diff -Naur nginx-1.11.4/src/http/ngx_http_upstream.c nginx-1.11.4-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.4/src/http/ngx_http_upstream.c 2016-09-16 00:50:04.068121614 +0200
+++ nginx-1.11.4-patched/src/http/ngx_http_upstream.c 2016-09-16 00:47:50.916858344 +0200
@@ -1694,7 +1694,7 @@
diff -Naur nginx-1.11.5/src/http/ngx_http_upstream.c nginx-1.11.5-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.5/src/http/ngx_http_upstream.c 2016-10-11 18:31:13.368121756 +0200
+++ nginx-1.11.5-patched/src/http/ngx_http_upstream.c 2016-10-11 18:35:17.470686369 +0200
@@ -1696,7 +1696,7 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);

10
boring-nginx/patch-source/nginx-1.11.4-patched/src/event/ngx_event_openssl.c → boring-nginx/patch-source/nginx-1.11.5-patched/src/event/ngx_event_openssl.c
View File

@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
HMAC_CTX *hctx, int enc);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10002002L
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif
@ -3096,7 +3096,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
return NGX_ERROR;
}
#if OPENSSL_VERSION_NUMBER >= 0x10002002L
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
@ -3213,7 +3213,7 @@ found:
}
#if OPENSSL_VERSION_NUMBER < 0x10002002L
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
@ -3660,13 +3660,13 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
engine = ENGINE_by_id((char *) value[1].data);
if (engine == NULL) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_by_id(\"%V\") failed", &value[1]);
return NGX_CONF_ERROR;
}
if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
&value[1]);

26
boring-nginx/patch-source/nginx-1.11.4-patched/src/http/ngx_http_upstream.c → boring-nginx/patch-source/nginx-1.11.5-patched/src/http/ngx_http_upstream.c
View File

@ -748,6 +748,8 @@ found:
return;
}
u->upstream = uscf;
#if (NGX_HTTP_SSL)
u->ssl_name = uscf->host;
#endif
@ -5442,6 +5444,7 @@ ngx_http_upstream(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
uscf = ngx_http_upstream_add(cf, &u, NGX_HTTP_UPSTREAM_CREATE
|NGX_HTTP_UPSTREAM_WEIGHT
|NGX_HTTP_UPSTREAM_MAX_CONNS
|NGX_HTTP_UPSTREAM_MAX_FAILS
|NGX_HTTP_UPSTREAM_FAIL_TIMEOUT
|NGX_HTTP_UPSTREAM_DOWN
@ -5543,7 +5546,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
time_t fail_timeout;
ngx_str_t *value, s;
ngx_url_t u;
ngx_int_t weight, max_fails;
ngx_int_t weight, max_conns, max_fails;
ngx_uint_t i;
ngx_http_upstream_server_t *us;
@ -5557,6 +5560,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts;
weight = 1;
max_conns = 0;
max_fails = 1;
fail_timeout = 10;
@ -5577,6 +5581,21 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
continue;
}
if (ngx_strncmp(value[i].data, "max_conns=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_CONNS)) {
goto not_supported;
}
max_conns = ngx_atoi(&value[i].data[10], value[i].len - 10);
if (max_conns == NGX_ERROR) {
goto invalid;
}
continue;
}
if (ngx_strncmp(value[i].data, "max_fails=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_FAILS)) {
@ -5653,6 +5672,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
us->addrs = u.addrs;
us->naddrs = u.naddrs;
us->weight = weight;
us->max_conns = max_conns;
us->max_fails = max_fails;
us->fail_timeout = fail_timeout;
@ -5717,14 +5737,14 @@ ngx_http_upstream_add(ngx_conf_t *cf, ngx_url_t *u, ngx_uint_t flags)
}
if ((uscfp[i]->flags & NGX_HTTP_UPSTREAM_CREATE) && !u->no_port) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"upstream \"%V\" may not have port %d",
&u->host, u->port);
return NULL;
}
if ((flags & NGX_HTTP_UPSTREAM_CREATE) && !uscfp[i]->no_port) {
ngx_log_error(NGX_LOG_WARN, cf->log, 0,
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"upstream \"%V\" may not have port %d in %s:%ui",
&u->host, uscfp[i]->port,
uscfp[i]->file_name, uscfp[i]->line);

10
boring-nginx/patch-source/nginx-1.11.4/src/event/ngx_event_openssl.c → boring-nginx/patch-source/nginx-1.11.5/src/event/ngx_event_openssl.c
View File

@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
HMAC_CTX *hctx, int enc);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10002002L
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif
@ -3092,7 +3092,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
return NGX_ERROR;
}
#if OPENSSL_VERSION_NUMBER >= 0x10002002L
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
@ -3209,7 +3209,7 @@ found:
}
#if OPENSSL_VERSION_NUMBER < 0x10002002L
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
@ -3656,13 +3656,13 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
engine = ENGINE_by_id((char *) value[1].data);
if (engine == NULL) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_by_id(\"%V\") failed", &value[1]);
return NGX_CONF_ERROR;
}
if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
&value[1]);

26
boring-nginx/patch-source/nginx-1.11.4/src/http/ngx_http_upstream.c → boring-nginx/patch-source/nginx-1.11.5/src/http/ngx_http_upstream.c
View File

@ -748,6 +748,8 @@ found:
return;
}
u->upstream = uscf;
#if (NGX_HTTP_SSL)
u->ssl_name = uscf->host;
#endif
@ -5442,6 +5444,7 @@ ngx_http_upstream(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
uscf = ngx_http_upstream_add(cf, &u, NGX_HTTP_UPSTREAM_CREATE
|NGX_HTTP_UPSTREAM_WEIGHT
|NGX_HTTP_UPSTREAM_MAX_CONNS
|NGX_HTTP_UPSTREAM_MAX_FAILS
|NGX_HTTP_UPSTREAM_FAIL_TIMEOUT
|NGX_HTTP_UPSTREAM_DOWN
@ -5543,7 +5546,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
time_t fail_timeout;
ngx_str_t *value, s;
ngx_url_t u;
ngx_int_t weight, max_fails;
ngx_int_t weight, max_conns, max_fails;
ngx_uint_t i;
ngx_http_upstream_server_t *us;
@ -5557,6 +5560,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts;
weight = 1;
max_conns = 0;
max_fails = 1;
fail_timeout = 10;
@ -5577,6 +5581,21 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
continue;
}
if (ngx_strncmp(value[i].data, "max_conns=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_CONNS)) {
goto not_supported;
}
max_conns = ngx_atoi(&value[i].data[10], value[i].len - 10);
if (max_conns == NGX_ERROR) {
goto invalid;
}
continue;
}
if (ngx_strncmp(value[i].data, "max_fails=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_FAILS)) {
@ -5653,6 +5672,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
us->addrs = u.addrs;
us->naddrs = u.naddrs;
us->weight = weight;
us->max_conns = max_conns;
us->max_fails = max_fails;
us->fail_timeout = fail_timeout;
@ -5717,14 +5737,14 @@ ngx_http_upstream_add(ngx_conf_t *cf, ngx_url_t *u, ngx_uint_t flags)
}
if ((uscfp[i]->flags & NGX_HTTP_UPSTREAM_CREATE) && !u->no_port) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"upstream \"%V\" may not have port %d",
&u->host, u->port);
return NULL;
}
if ((flags & NGX_HTTP_UPSTREAM_CREATE) && !uscfp[i]->no_port) {
ngx_log_error(NGX_LOG_WARN, cf->log, 0,
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"upstream \"%V\" may not have port %d in %s:%ui",
&u->host, uscfp[i]->port,
uscfp[i]->file_name, uscfp[i]->line);