update boring-nginx to 1.11.8 with tls1.3 patch (#81)

2025-04-19 20:09:16 +00:00 · 2017-01-15 20:58:40 +01:00 · 2017-01-15 20:58:40 +01:00 · 71a9f2fcab
commit 71a9f2fcab
parent 2ac8b719f0
2 changed files with 13 additions and 12 deletions
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@ -3,7 +3,7 @@ MAINTAINER Wonderfall <wonderfall@schrodinger.io>

 ENV UID=991 GID=991

-ARG NGINX_VERSION=1.11.6
+ARG NGINX_VERSION=1.11.8
 ARG GPG_NGINX="B0F4 2533 73F8 F6F5 10D4  2178 520A 9993 A1C0 52F8"
 ARG BUILD_CORES

@ -42,7 +42,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
 && git clone https://github.com/google/ngx_brotli --depth=1 \
 && git clone https://github.com/openresty/headers-more-nginx-module --depth=1 \
 && git clone https://boringssl.googlesource.com/boringssl --depth=1 \
- && cd boringssl \
+ && cd /tmp/ngx_brotli && git submodule update --init \
+ && cd /tmp/boringssl \
 && patch -p1 < /tmp/tls1.3.patch \
 && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release .. \
 && make -j ${NB_CORES} && cd .. \
--- a/boring-nginx/tls1.3.patch
+++ b/boring-nginx/tls1.3.patch
@ -1,4 +1,4 @@
-From c3f389dade719b7b34825d62404a88cc0d618631 Mon Sep 17 00:00:00 2001
+From 36e2f3cf8e8a2f41b7ec1d7040d589974bfad93e Mon Sep 17 00:00:00 2001
 From: Steven Valdez <svaldez@google.com>
 Date: Thu, 13 Oct 2016 14:33:35 -0400
 Subject: [PATCH] Enabling TLS 1.3 (DRAFT).
@ -7,23 +7,23 @@ Change-Id: I2e4f0db3b8630f990911c8e104f60c048bb7450d
 ---

 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 9cc0d9d..d4db949 100644
+index 3b14411..802ed2f 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
-@@ -189,7 +189,7 @@
+@@ -187,7 +187,7 @@
    * TODO(davidben): Move this field into |s3|, have it store the normalized
    * protocol version, and implement this pre-negotiation quirk in |SSL_version|
    * at the API boundary rather than in internal state. */
 -  ssl->version = TLS1_2_VERSION;
 +  ssl->version = TLS1_3_VERSION;
   return 1;
- err:
-   return 0;
+ }
+ 
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index d8270f3..57343a4 100644
+index 89d6f15..9c5afae 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -965,10 +965,6 @@
+@@ -999,10 +999,6 @@
                            uint16_t version) {
   if (version == 0) {
     *out = method->max_version;
@ -35,10 +35,10 @@ index d8270f3..57343a4 100644
   }
 
 diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
-index 5eede01..d847030 100644
+index b74e51e..e8d1847 100644
 --- a/ssl/ssl_test.cc
 +++ b/ssl/ssl_test.cc
-@@ -2410,7 +2410,7 @@
+@@ -2541,7 +2541,7 @@
   }
 
   if (ctx->min_version != SSL3_VERSION ||
@ -47,7 +47,7 @@ index 5eede01..d847030 100644
     fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n",
             ctx->min_version, ctx->max_version);
     return false;
-@@ -2574,8 +2574,7 @@
+@@ -2778,8 +2778,7 @@
       !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||