From 5b730a1ee79bfb8df18ebbcc4bfaedee746a1372 Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@schrodinger.io>
Date: Tue, 31 May 2016 21:54:41 +0200
Subject: [PATCH] better boring.patch

---
 boring-nginx/Dockerfile   |  4 ---
 boring-nginx/boring.patch | 59 +++++++++++++++++----------------------
 2 files changed, 26 insertions(+), 37 deletions(-)

diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile
index 7036ec8..e57a400 100644
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@@ -66,10 +66,6 @@ RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/ap
     -e "s/\"Server: \" NGINX_VER CRLF/\"Server: ${SIGNATURE}\" NGINX_VER CRLF/g" \
     src/http/ngx_http_header_filter_module.c \
  && patch -p1 < /tmp/boring.patch \
- && sed -i \
-    -e '/SSL_R_BLOCK_CIPHER_PAD_IS_WRONG/d' \
-    -e '/SSL_R_NO_CIPHERS_SPECIFIED/d' \
-    src/event/ngx_event_openssl.c \
  && CC=clang CXX=clang++ ./configure \
     --prefix=/etc/nginx \
     --sbin-path=/usr/local/sbin/nginx \
diff --git a/boring-nginx/boring.patch b/boring-nginx/boring.patch
index 713f1ae..90c4199 100644
--- a/boring-nginx/boring.patch
+++ b/boring-nginx/boring.patch
@@ -1,40 +1,33 @@
-# HG changeset patch
-# User Piotr Sikora <piotrsikora at google.com>
-# Date 1446864006 28800
-#      Fri Nov 06 18:40:06 2015 -0800
-# Node ID 9716b76675442d78d750ee542e4c80fa86d9b355
-# Parent  8aef9afa46e31a112fa1ceaffaefbc5990dbde22
-SSL: cast hostname in SSL_set_tlsext_host_name().
-
-BoringSSL promoted this macro to a proper function,
-so it requires parameters with correct types now.
-
-Signed-off-by: Piotr Sikora <piotrsikora at google.com>
-
-diff -r 8aef9afa46e3 -r 9716b7667544 src/http/ngx_http_upstream.c
---- a/src/http/ngx_http_upstream.c
-+++ b/src/http/ngx_http_upstream.c
-@@ -1660,7 +1660,9 @@ ngx_http_upstream_ssl_name(ngx_http_requ
+diff -ur nginx-1.11.0/src/event/ngx_event_openssl.c nginx-1.11.0-patched/src/event/ngx_event_openssl.c
+--- nginx-1.11.0/src/event/ngx_event_openssl.c	2016-05-24 16:54:42.000000000 +0100
++++ nginx-1.11.0-patched/src/event/ngx_event_openssl.c	2016-05-26 18:12:03.114511014 +0100
+@@ -1994,13 +1994,17 @@
+ 
+             /* handshake failures */
+         if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */
++#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
+             || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  /*  129 */
++#endif
+             || n == SSL_R_DIGEST_CHECK_FAILED                        /*  149 */
+             || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              /*  151 */
+             || n == SSL_R_EXCESSIVE_MESSAGE_SIZE                     /*  152 */
+             || n == SSL_R_LENGTH_MISMATCH                            /*  159 */
+             || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
++#ifdef SSL_R_NO_CIPHERS_SPECIFIED
+             || n == SSL_R_NO_CIPHERS_SPECIFIED                       /*  183 */
++#endif
+             || n == SSL_R_NO_COMPRESSION_SPECIFIED                   /*  187 */
+             || n == SSL_R_NO_SHARED_CIPHER                           /*  193 */
+             || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
+diff -ur nginx-1.11.0/src/http/ngx_http_upstream.c nginx-1.11.0-patched/src/http/ngx_http_upstream.c
+--- nginx-1.11.0/src/http/ngx_http_upstream.c	2016-05-24 16:54:43.000000000 +0100
++++ nginx-1.11.0-patched/src/http/ngx_http_upstream.c	2016-05-26 18:12:23.166741658 +0100
+@@ -1690,7 +1690,7 @@
      ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                     "upstream SSL server name: \"%s\"", name.data);
  
 -    if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
-+    if (SSL_set_tlsext_host_name(c->ssl->connection, (const char *) name.data)
-+        == 0)
-+    {
++    if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {
          ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
                        "SSL_set_tlsext_host_name(\"%s\") failed", name.data);
          return NGX_ERROR;
-diff -r 8aef9afa46e3 -r 9716b7667544 src/stream/ngx_stream_proxy_module.c
---- a/src/stream/ngx_stream_proxy_module.c
-+++ b/src/stream/ngx_stream_proxy_module.c
-@@ -851,7 +851,8 @@ ngx_stream_proxy_ssl_name(ngx_stream_ses
-     ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
-                    "upstream SSL server name: \"%s\"", name.data);
- 
--    if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data)
-+    if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection,
-+                                 (const char *) name.data)
-         == 0)
-     {
-         ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0,