hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

better boring.patch

Browse Source
This commit is contained in:
Wonderfall 2016-05-31 21:54:41 +02:00
parent b7572650ca
commit 5b730a1ee7
2 changed files with 26 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
boring-nginx/Dockerfile
View File

@ -66,10 +66,6 @@ RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/ap
-e "s/\"Server: \" NGINX_VER CRLF/\"Server: ${SIGNATURE}\" NGINX_VER CRLF/g" \
src/http/ngx_http_header_filter_module.c \
&& patch -p1 < /tmp/boring.patch \
&& sed -i \
-e '/SSL_R_BLOCK_CIPHER_PAD_IS_WRONG/d' \
-e '/SSL_R_NO_CIPHERS_SPECIFIED/d' \
src/event/ngx_event_openssl.c \
&& CC=clang CXX=clang++ ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/local/sbin/nginx \

59
boring-nginx/boring.patch
View File

@ -1,40 +1,33 @@
# HG changeset patch
# User Piotr Sikora <piotrsikora at google.com>
# Date 1446864006 28800
# Fri Nov 06 18:40:06 2015 -0800
# Node ID 9716b76675442d78d750ee542e4c80fa86d9b355
# Parent 8aef9afa46e31a112fa1ceaffaefbc5990dbde22
SSL: cast hostname in SSL_set_tlsext_host_name().
BoringSSL promoted this macro to a proper function,
so it requires parameters with correct types now.
Signed-off-by: Piotr Sikora <piotrsikora at google.com>
diff -r 8aef9afa46e3 -r 9716b7667544 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -1660,7 +1660,9 @@ ngx_http_upstream_ssl_name(ngx_http_requ
diff -ur nginx-1.11.0/src/event/ngx_event_openssl.c nginx-1.11.0-patched/src/event/ngx_event_openssl.c
--- nginx-1.11.0/src/event/ngx_event_openssl.c 2016-05-24 16:54:42.000000000 +0100
+++ nginx-1.11.0-patched/src/event/ngx_event_openssl.c 2016-05-26 18:12:03.114511014 +0100
@@ -1994,13 +1994,17 @@
/* handshake failures */
if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
+#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
|| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
+#endif
|| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
|| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
|| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
|| n == SSL_R_LENGTH_MISMATCH /* 159 */
|| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
+#ifdef SSL_R_NO_CIPHERS_SPECIFIED
|| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
+#endif
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
diff -ur nginx-1.11.0/src/http/ngx_http_upstream.c nginx-1.11.0-patched/src/http/ngx_http_upstream.c
--- nginx-1.11.0/src/http/ngx_http_upstream.c 2016-05-24 16:54:43.000000000 +0100
+++ nginx-1.11.0-patched/src/http/ngx_http_upstream.c 2016-05-26 18:12:23.166741658 +0100
@@ -1690,7 +1690,7 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);
- if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+ if (SSL_set_tlsext_host_name(c->ssl->connection, (const char *) name.data)
+ == 0)
+ {
+ if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {
ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
"SSL_set_tlsext_host_name(\"%s\") failed", name.data);
return NGX_ERROR;
diff -r 8aef9afa46e3 -r 9716b7667544 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -851,7 +851,8 @@ ngx_stream_proxy_ssl_name(ngx_stream_ses
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);
- if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data)
+ if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection,
+ (const char *) name.data)
== 0)
{
ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0,