hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

boring-nginx: update patch

Browse Source
This commit is contained in:
Wonderfall 2016-10-11 18:36:19 +02:00
parent 6ebae3b754
commit 08e28c83b0
5 changed files with 63 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
boring-nginx/boring.patch
View File

@ -1,6 +1,6 @@
diff -Naur nginx-1.11.4/src/event/ngx_event_openssl.c nginx-1.11.4-patched/src/event/ngx_event_openssl.c diff -Naur nginx-1.11.5/src/event/ngx_event_openssl.c nginx-1.11.5-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.4/src/event/ngx_event_openssl.c 2016-09-16 00:49:53.176182112 +0200 --- nginx-1.11.5/src/event/ngx_event_openssl.c 2016-10-11 18:30:28.956383557 +0200
+++ nginx-1.11.4-patched/src/event/ngx_event_openssl.c 2016-09-16 00:47:27.636986453 +0200 +++ nginx-1.11.5-patched/src/event/ngx_event_openssl.c 2016-10-11 18:34:41.226899170 +0200
@@ -2016,7 +2016,9 @@ @@ -2016,7 +2016,9 @@
/* handshake failures */ /* handshake failures */
@ -21,10 +21,10 @@ diff -Naur nginx-1.11.4/src/event/ngx_event_openssl.c nginx-1.11.4-patched/src/e
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */ || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */ || n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
diff -Naur nginx-1.11.4/src/http/ngx_http_upstream.c nginx-1.11.4-patched/src/http/ngx_http_upstream.c diff -Naur nginx-1.11.5/src/http/ngx_http_upstream.c nginx-1.11.5-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.4/src/http/ngx_http_upstream.c 2016-09-16 00:50:04.068121614 +0200 --- nginx-1.11.5/src/http/ngx_http_upstream.c 2016-10-11 18:31:13.368121756 +0200
+++ nginx-1.11.4-patched/src/http/ngx_http_upstream.c 2016-09-16 00:47:50.916858344 +0200 +++ nginx-1.11.5-patched/src/http/ngx_http_upstream.c 2016-10-11 18:35:17.470686369 +0200
@@ -1694,7 +1694,7 @@ @@ -1696,7 +1696,7 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data); "upstream SSL server name: \"%s\"", name.data);

10
boring-nginx/patch-source/nginx-1.11.4-patched/src/event/ngx_event_openssl.c → boring-nginx/patch-source/nginx-1.11.5-patched/src/event/ngx_event_openssl.c
View File

@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
HMAC_CTX *hctx, int enc); HMAC_CTX *hctx, int enc);
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10002002L #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif #endif
@ -3096,7 +3096,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
return NGX_ERROR; return NGX_ERROR;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10002002L #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
/* X509_check_host() is only available in OpenSSL 1.0.2+ */ /* X509_check_host() is only available in OpenSSL 1.0.2+ */
@ -3213,7 +3213,7 @@ found:
} }
#if OPENSSL_VERSION_NUMBER < 0x10002002L #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
@ -3660,13 +3660,13 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
engine = ENGINE_by_id((char *) value[1].data); engine = ENGINE_by_id((char *) value[1].data);
if (engine == NULL) { if (engine == NULL) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_by_id(\"%V\") failed", &value[1]); "ENGINE_by_id(\"%V\") failed", &value[1]);
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
&value[1]); &value[1]);

26
boring-nginx/patch-source/nginx-1.11.4-patched/src/http/ngx_http_upstream.c → boring-nginx/patch-source/nginx-1.11.5-patched/src/http/ngx_http_upstream.c
View File

@ -748,6 +748,8 @@ found:
return; return;
} }
u->upstream = uscf;
#if (NGX_HTTP_SSL) #if (NGX_HTTP_SSL)
u->ssl_name = uscf->host; u->ssl_name = uscf->host;
#endif #endif
@ -5442,6 +5444,7 @@ ngx_http_upstream(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
uscf = ngx_http_upstream_add(cf, &u, NGX_HTTP_UPSTREAM_CREATE uscf = ngx_http_upstream_add(cf, &u, NGX_HTTP_UPSTREAM_CREATE
|NGX_HTTP_UPSTREAM_WEIGHT |NGX_HTTP_UPSTREAM_WEIGHT
|NGX_HTTP_UPSTREAM_MAX_CONNS
|NGX_HTTP_UPSTREAM_MAX_FAILS |NGX_HTTP_UPSTREAM_MAX_FAILS
|NGX_HTTP_UPSTREAM_FAIL_TIMEOUT |NGX_HTTP_UPSTREAM_FAIL_TIMEOUT
|NGX_HTTP_UPSTREAM_DOWN |NGX_HTTP_UPSTREAM_DOWN
@ -5543,7 +5546,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
time_t fail_timeout; time_t fail_timeout;
ngx_str_t *value, s; ngx_str_t *value, s;
ngx_url_t u; ngx_url_t u;
ngx_int_t weight, max_fails; ngx_int_t weight, max_conns, max_fails;
ngx_uint_t i; ngx_uint_t i;
ngx_http_upstream_server_t *us; ngx_http_upstream_server_t *us;
@ -5557,6 +5560,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts; value = cf->args->elts;
weight = 1; weight = 1;
max_conns = 0;
max_fails = 1; max_fails = 1;
fail_timeout = 10; fail_timeout = 10;
@ -5577,6 +5581,21 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
continue; continue;
} }
if (ngx_strncmp(value[i].data, "max_conns=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_CONNS)) {
goto not_supported;
}
max_conns = ngx_atoi(&value[i].data[10], value[i].len - 10);
if (max_conns == NGX_ERROR) {
goto invalid;
}
continue;
}
if (ngx_strncmp(value[i].data, "max_fails=", 10) == 0) { if (ngx_strncmp(value[i].data, "max_fails=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_FAILS)) { if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_FAILS)) {
@ -5653,6 +5672,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
us->addrs = u.addrs; us->addrs = u.addrs;
us->naddrs = u.naddrs; us->naddrs = u.naddrs;
us->weight = weight; us->weight = weight;
us->max_conns = max_conns;
us->max_fails = max_fails; us->max_fails = max_fails;
us->fail_timeout = fail_timeout; us->fail_timeout = fail_timeout;
@ -5717,14 +5737,14 @@ ngx_http_upstream_add(ngx_conf_t *cf, ngx_url_t *u, ngx_uint_t flags)
} }
if ((uscfp[i]->flags & NGX_HTTP_UPSTREAM_CREATE) && !u->no_port) { if ((uscfp[i]->flags & NGX_HTTP_UPSTREAM_CREATE) && !u->no_port) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0, ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"upstream \"%V\" may not have port %d", "upstream \"%V\" may not have port %d",
&u->host, u->port); &u->host, u->port);
return NULL; return NULL;
} }
if ((flags & NGX_HTTP_UPSTREAM_CREATE) && !uscfp[i]->no_port) { if ((flags & NGX_HTTP_UPSTREAM_CREATE) && !uscfp[i]->no_port) {
ngx_log_error(NGX_LOG_WARN, cf->log, 0, ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"upstream \"%V\" may not have port %d in %s:%ui", "upstream \"%V\" may not have port %d in %s:%ui",
&u->host, uscfp[i]->port, &u->host, uscfp[i]->port,
uscfp[i]->file_name, uscfp[i]->line); uscfp[i]->file_name, uscfp[i]->line);

10
boring-nginx/patch-source/nginx-1.11.4/src/event/ngx_event_openssl.c → boring-nginx/patch-source/nginx-1.11.5/src/event/ngx_event_openssl.c
View File

@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
HMAC_CTX *hctx, int enc); HMAC_CTX *hctx, int enc);
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10002002L #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif #endif
@ -3092,7 +3092,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
return NGX_ERROR; return NGX_ERROR;
} }
#if OPENSSL_VERSION_NUMBER >= 0x10002002L #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
/* X509_check_host() is only available in OpenSSL 1.0.2+ */ /* X509_check_host() is only available in OpenSSL 1.0.2+ */
@ -3209,7 +3209,7 @@ found:
} }
#if OPENSSL_VERSION_NUMBER < 0x10002002L #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
@ -3656,13 +3656,13 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
engine = ENGINE_by_id((char *) value[1].data); engine = ENGINE_by_id((char *) value[1].data);
if (engine == NULL) { if (engine == NULL) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_by_id(\"%V\") failed", &value[1]); "ENGINE_by_id(\"%V\") failed", &value[1]);
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
&value[1]); &value[1]);

26
boring-nginx/patch-source/nginx-1.11.4/src/http/ngx_http_upstream.c → boring-nginx/patch-source/nginx-1.11.5/src/http/ngx_http_upstream.c
View File

@ -748,6 +748,8 @@ found:
return; return;
} }
u->upstream = uscf;
#if (NGX_HTTP_SSL) #if (NGX_HTTP_SSL)
u->ssl_name = uscf->host; u->ssl_name = uscf->host;
#endif #endif
@ -5442,6 +5444,7 @@ ngx_http_upstream(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
uscf = ngx_http_upstream_add(cf, &u, NGX_HTTP_UPSTREAM_CREATE uscf = ngx_http_upstream_add(cf, &u, NGX_HTTP_UPSTREAM_CREATE
|NGX_HTTP_UPSTREAM_WEIGHT |NGX_HTTP_UPSTREAM_WEIGHT
|NGX_HTTP_UPSTREAM_MAX_CONNS
|NGX_HTTP_UPSTREAM_MAX_FAILS |NGX_HTTP_UPSTREAM_MAX_FAILS
|NGX_HTTP_UPSTREAM_FAIL_TIMEOUT |NGX_HTTP_UPSTREAM_FAIL_TIMEOUT
|NGX_HTTP_UPSTREAM_DOWN |NGX_HTTP_UPSTREAM_DOWN
@ -5543,7 +5546,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
time_t fail_timeout; time_t fail_timeout;
ngx_str_t *value, s; ngx_str_t *value, s;
ngx_url_t u; ngx_url_t u;
ngx_int_t weight, max_fails; ngx_int_t weight, max_conns, max_fails;
ngx_uint_t i; ngx_uint_t i;
ngx_http_upstream_server_t *us; ngx_http_upstream_server_t *us;
@ -5557,6 +5560,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts; value = cf->args->elts;
weight = 1; weight = 1;
max_conns = 0;
max_fails = 1; max_fails = 1;
fail_timeout = 10; fail_timeout = 10;
@ -5577,6 +5581,21 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
continue; continue;
} }
if (ngx_strncmp(value[i].data, "max_conns=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_CONNS)) {
goto not_supported;
}
max_conns = ngx_atoi(&value[i].data[10], value[i].len - 10);
if (max_conns == NGX_ERROR) {
goto invalid;
}
continue;
}
if (ngx_strncmp(value[i].data, "max_fails=", 10) == 0) { if (ngx_strncmp(value[i].data, "max_fails=", 10) == 0) {
if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_FAILS)) { if (!(uscf->flags & NGX_HTTP_UPSTREAM_MAX_FAILS)) {
@ -5653,6 +5672,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
us->addrs = u.addrs; us->addrs = u.addrs;
us->naddrs = u.naddrs; us->naddrs = u.naddrs;
us->weight = weight; us->weight = weight;
us->max_conns = max_conns;
us->max_fails = max_fails; us->max_fails = max_fails;
us->fail_timeout = fail_timeout; us->fail_timeout = fail_timeout;
@ -5717,14 +5737,14 @@ ngx_http_upstream_add(ngx_conf_t *cf, ngx_url_t *u, ngx_uint_t flags)
} }
if ((uscfp[i]->flags & NGX_HTTP_UPSTREAM_CREATE) && !u->no_port) { if ((uscfp[i]->flags & NGX_HTTP_UPSTREAM_CREATE) && !u->no_port) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0, ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"upstream \"%V\" may not have port %d", "upstream \"%V\" may not have port %d",
&u->host, u->port); &u->host, u->port);
return NULL; return NULL;
} }
if ((flags & NGX_HTTP_UPSTREAM_CREATE) && !uscfp[i]->no_port) { if ((flags & NGX_HTTP_UPSTREAM_CREATE) && !uscfp[i]->no_port) {
ngx_log_error(NGX_LOG_WARN, cf->log, 0, ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"upstream \"%V\" may not have port %d in %s:%ui", "upstream \"%V\" may not have port %d in %s:%ui",
&u->host, uscfp[i]->port, &u->host, uscfp[i]->port,
uscfp[i]->file_name, uscfp[i]->line); uscfp[i]->file_name, uscfp[i]->line);