From b7a569609ef4106b27a1371269b54ac21f5b731f Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@schrodinger.io>
Date: Fri, 3 Mar 2017 23:42:42 +0100
Subject: [PATCH] boring-nginx: update dockerfile
---
boring-nginx/Dockerfile | 10 +++-------
boring-nginx/tls1_3.patch | 38 --------------------------------------
2 files changed, 3 insertions(+), 45 deletions(-)
delete mode 100644 boring-nginx/tls1_3.patch
diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile
index f6d01de..0eb69cd 100644
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@@ -29,8 +29,6 @@ ARG NGINX_3RD_PARTY_MODULES=" \
--add-module=/tmp/headers-more-nginx-module \
--add-module=/tmp/ngx_brotli"
-COPY tls1_3.patch /tmp/tls1_3.patch
-
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
&& BUILD_DEPS=" \
@@ -65,14 +63,12 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
&& cd /tmp && git clone https://github.com/openresty/headers-more-nginx-module --depth=1 \
&& git clone https://boringssl.googlesource.com/boringssl --depth=1 \
&& cd boringssl \
- && sed -n 's/\$avx = 0/\$avx = 2/p' crypto/*/asm/*.pl \
- && sed -n 's/\$addx = 0/\$addx = 1/p' crypto/*/asm/*.pl \
- && sed -n 's/\$avx = 1/\$avx = 2/p' crypto/*/asm/*.pl \
- && sed -n 's/\$shaext=0/\$shaext=1/p' crypto/*/asm/*.pl \
+ && sed -i 's@out \([>=]\) TLS1_2_VERSION@out \1 TLS1_3_VERSION@' ssl/ssl_lib.c \
+ && sed -i 's@ssl->version[ ]*=[ ]*TLS1_2_VERSION@ssl->version = TLS1_3_VERSION@' ssl/s3_lib.c \
+ && sed -i 's@(SSL3_VERSION, TLS1_2_VERSION@(SSL3_VERSION, TLS1_3_VERSION@' ssl/ssl_test.cc \
&& sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \
&& sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \
&& sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \
- && patch -p1 < /tmp/tls1_3.patch \
&& mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release .. \
&& make -j ${NB_CORES} && cd .. \
&& mkdir -p .openssl/lib/ && cd .openssl && ln -s ../include && cd .. \
diff --git a/boring-nginx/tls1_3.patch b/boring-nginx/tls1_3.patch
deleted file mode 100644
index af3daa1..0000000
--- a/boring-nginx/tls1_3.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -Naur boringssl/ssl/s3_lib.c boringssl-patched/ssl/s3_lib.c
---- boringssl/ssl/s3_lib.c 2017-02-19 03:26:26.485717137 +0100
-+++ boringssl-patched/ssl/s3_lib.c 2017-02-19 03:21:59.196469813 +0100
-@@ -185,7 +185,7 @@
- * TODO(davidben): Move this field into |s3|, have it store the normalized
- * protocol version, and implement this pre-negotiation quirk in |SSL_version|
- * at the API boundary rather than in internal state. */
-- ssl->version = TLS1_2_VERSION;
-+ ssl->version = TLS1_3_VERSION;
- return 1;
- }
-
-diff -Naur boringssl/ssl/ssl_lib.c boringssl-patched/ssl/ssl_lib.c
---- boringssl/ssl/ssl_lib.c 2017-02-19 03:26:26.485717137 +0100
-+++ boringssl-patched/ssl/ssl_lib.c 2017-02-19 03:22:58.504765391 +0100
-@@ -951,10 +951,6 @@
- uint16_t version) {
- if (version == 0) {
- *out = method->max_version;
-- /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */
-- if (*out > TLS1_2_VERSION) {
-- *out = TLS1_2_VERSION;
-- }
- return 1;
- }
-
-diff -Naur boringssl/ssl/ssl_test.cc boringssl-patched/ssl/ssl_test.cc
---- boringssl/ssl/ssl_test.cc 2017-02-19 03:26:26.485717137 +0100
-+++ boringssl-patched/ssl/ssl_test.cc 2017-02-19 03:25:50.377592542 +0100
-@@ -3116,7 +3116,7 @@
- !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
- !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
- // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
-- !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
-+ !TestDefaultVersion(SSL3_VERSION, TLS1_3_VERSION, &TLS_method) ||
- !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
- !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
- !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||