removed tls1.3 patch for boring-nginx because wih nginx 1.15.3 it works out of the box with boringSSL.

2025-04-19 20:09:16 +00:00 · 2018-08-30 21:13:21 +02:00 · 2018-08-30 21:13:21 +02:00 · 18557b455e
commit 18557b455e
parent 9fefa338e2
2 changed files with 0 additions and 65 deletions
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@ -85,8 +85,6 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
 && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
 && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
 && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
 && wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.13.0%2B.patch -O dynamic_records.patch \
 && patch -p1 < dynamic_records.patch \
 && ./configure \
    --prefix=/etc/nginx \
    --sbin-path=/usr/sbin/nginx \
--- a/boring-nginx/tls13.patch
+++ b/boring-nginx/tls13.patch
@ -1,63 +0,0 @@
 From cfc32a1e540e4f542egggd3008 Mon Sep 17 00:00:00 2001
 From: Buik / Bassie <bassie@buik.locale>
 Date: Tue, 09 Apr 2018 12:55:23 +0800
 Subject: [PATCH] Enable TLS 1.3 on BoringSSL
 Enable TLS 1.3 on BoringSSL.
 Tested on Nginx 1.13.11 with BoringSSL chromium-stable and BoringSSL master (git branch April 09 2018)
 --- 
 s3_lib.cc       | 2 +-
 ssl_test.cc     | 4 ++--
 ssl_versions.cc | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
 index a3fc8d7..b28bbc8 100644
 --- a/ssl/s3_lib.cc
 +++ b/ssl/s3_lib.cc
@@ -201,7 +201,7 @@ bool ssl3_new(SSL *ssl) {
   // TODO(davidben): Move this field into |s3|, have it store the normalized
   // protocol version, and implement this pre-negotiation quirk in |SSL_version|
   // at the API boundary rather than in internal state.
 -  ssl->version = TLS1_2_VERSION;
 +  ssl->version = TLS1_3_VERSION;
   return true;
 }
 diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
 index 12f044c..cfc4af1 100644
 --- a/ssl/ssl_test.cc
 +++ b/ssl/ssl_test.cc
@@ -2607,7 +2607,7 @@ TEST(SSLTest, SetVersion) {
   // Zero is the default version.
   EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
 -  EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
 +  EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
   EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
   EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
@@ -2640,7 +2640,7 @@ TEST(SSLTest, SetVersion) {
   EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
   EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
 -  EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
 +  EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
   EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
   EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
 }
 diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
 index 73ea26f..da10cb2 100644
 --- a/ssl/ssl_versions.cc
 +++ b/ssl/ssl_versions.cc
@@ -189,7 +189,7 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
                             uint16_t version) {
   // Zero is interpreted as the default maximum version.
   if (version == 0) {
 -    *out = TLS1_2_VERSION;
 +    *out = TLS1_3_VERSION;
     return true;
   }