hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

boring-nginx: add homemade tls1.3 patch

Browse Source
This commit is contained in:
Wonderfall 2017-02-19 03:34:27 +01:00
parent dd00c13965
commit a717c673ce
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
boring-nginx/Dockerfile
View File

@ -6,6 +6,8 @@ ARG NGINX_VERSION=1.11.10
ARG GPG_NGINX="B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8"
ARG BUILD_CORES
COPY tls1_3.patch /tmp/tls1_3.patch
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
&& BUILD_DEPS=" \
@ -48,6 +50,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
&& sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \
&& sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \
&& sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \
&& patch -p1 < /tmp/tls1_3.patch \
&& mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release .. \
&& make -j ${NB_CORES} && cd .. \
&& mkdir -p .openssl/lib/ && cd .openssl && ln -s ../include && cd .. \

38
boring-nginx/tls1_3.patch Normal file
View File

@ -0,0 +1,38 @@
diff -Naur boringssl/ssl/s3_lib.c boringssl-patched/ssl/s3_lib.c
--- boringssl/ssl/s3_lib.c 2017-02-19 03:26:26.485717137 +0100
+++ boringssl-patched/ssl/s3_lib.c 2017-02-19 03:21:59.196469813 +0100
@@ -185,7 +185,7 @@
* TODO(davidben): Move this field into |s3|, have it store the normalized
* protocol version, and implement this pre-negotiation quirk in |SSL_version|
* at the API boundary rather than in internal state. */
- ssl->version = TLS1_2_VERSION;
+ ssl->version = TLS1_3_VERSION;
return 1;
}
diff -Naur boringssl/ssl/ssl_lib.c boringssl-patched/ssl/ssl_lib.c
--- boringssl/ssl/ssl_lib.c 2017-02-19 03:26:26.485717137 +0100
+++ boringssl-patched/ssl/ssl_lib.c 2017-02-19 03:22:58.504765391 +0100
@@ -951,10 +951,6 @@
uint16_t version) {
if (version == 0) {
*out = method->max_version;
- /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */
- if (*out > TLS1_2_VERSION) {
- *out = TLS1_2_VERSION;
- }
return 1;
}
diff -Naur boringssl/ssl/ssl_test.cc boringssl-patched/ssl/ssl_test.cc
--- boringssl/ssl/ssl_test.cc 2017-02-19 03:26:26.485717137 +0100
+++ boringssl-patched/ssl/ssl_test.cc 2017-02-19 03:25:50.377592542 +0100
@@ -3116,7 +3116,7 @@
!TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
!TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
// TODO(svaldez): Update this when TLS 1.3 is enabled by default.
- !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
+ !TestDefaultVersion(SSL3_VERSION, TLS1_3_VERSION, &TLS_method) ||
!TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
!TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
!TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||