diff options
author | Jakub Jirutka <jakub@jirutka.cz> | 2017-10-23 16:17:03 +0200 |
---|---|---|
committer | Jakub Jirutka <jakub@jirutka.cz> | 2017-10-23 16:17:03 +0200 |
commit | fde6b2fac7e3464ed6cd8a8f930e20dd453cc809 (patch) | |
tree | 15284c9fd689b0ef0990526186275f4e92895b29 /main/nginx/lua-nginx-module~fix-libressl.patch.bak | |
parent | 1f9b260e6e2499000192680f502e67085500fd66 (diff) | |
download | aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.bz2 aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.xz |
main/nginx: remove unused patch
Diffstat (limited to 'main/nginx/lua-nginx-module~fix-libressl.patch.bak')
-rw-r--r-- | main/nginx/lua-nginx-module~fix-libressl.patch.bak | 946 |
1 files changed, 0 insertions, 946 deletions
diff --git a/main/nginx/lua-nginx-module~fix-libressl.patch.bak b/main/nginx/lua-nginx-module~fix-libressl.patch.bak deleted file mode 100644 index 9d19eab0e4..0000000000 --- a/main/nginx/lua-nginx-module~fix-libressl.patch.bak +++ /dev/null @@ -1,946 +0,0 @@ -From 7a7cb2b3b745eadb0c2d3d7ee5789931f1731209 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@ghedini.me> -Date: Tue, 13 Sep 2016 22:31:32 +0100 -Subject: [PATCH 1/6] bugfix: ssl: don't use SSLv3 in tests - -OpenSSL 1.1.0 disables SSLv3 by default. In order to disable SSL session -tickets set ssl_session_tickets to off instead. ---- - t/142-ssl-session-store.t | 24 +++++++++++------------- - t/143-ssl-session-fetch.t | 26 +++++++++++++------------- - 2 files changed, 24 insertions(+), 26 deletions(-) - -diff --git a/t/142-ssl-session-store.t b/t/142-ssl-session-store.t -index 5c9fad3..b595519 100644 ---- a/t/142-ssl-session-store.t -+++ b/t/142-ssl-session-store.t -@@ -32,7 +32,7 @@ __DATA__ - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -102,7 +102,7 @@ ssl_session_store_by_lua_block:1: ssl session store by lua is running! - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -177,7 +177,7 @@ API disabled in the context of ssl_session_store_by_lua* - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -267,9 +267,9 @@ my timer run! - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; - -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -335,9 +335,9 @@ API disabled in the context of ssl_session_store_by_lua* - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -407,9 +407,9 @@ ngx.exit does not yield and the error code is eaten. - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -480,9 +480,9 @@ ssl_session_store_by_lua*: handler return value: 0, sess new cb exit code: 0 - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -548,9 +548,9 @@ should never reached here - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -621,7 +621,7 @@ get_phase: ssl_session_store - } - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -690,7 +690,7 @@ qr/elapsed in ssl cert by lua: 0.(?:09|1[01])\d+,/, - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -760,7 +760,6 @@ a.lua:1: ssl store session by lua is running! - ssl_session_store_by_lua_block { - print("handler in test.com") - } -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - -@@ -770,7 +769,6 @@ a.lua:1: ssl store session by lua is running! - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; - -@@ -836,7 +834,7 @@ qr/\[emerg\] .*? "ssl_session_store_by_lua_block" directive is not allowed here - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t -index bd800ff..54f7a4a 100644 ---- a/t/143-ssl-session-fetch.t -+++ b/t/143-ssl-session-fetch.t -@@ -33,7 +33,7 @@ __DATA__ - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -114,7 +114,7 @@ qr/ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!/s - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -198,7 +198,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/, - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -297,9 +297,9 @@ qr/my timer run!/s - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -377,9 +377,9 @@ qr/received memc reply: OK/s - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -458,9 +458,9 @@ should never reached here - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -540,9 +540,9 @@ should never reached here - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -621,9 +621,9 @@ should never reached here - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -704,9 +704,9 @@ should never reached here - server { - listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; - server_name test.com; -- ssl_protocols SSLv3; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -787,7 +787,7 @@ should never reached here - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -872,7 +872,7 @@ qr/get_phase: ssl_session_fetch/s - } - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -956,7 +956,7 @@ ssl store session by lua is running! - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } -@@ -1036,7 +1036,7 @@ qr/\S+:\d+: ssl fetch sess by lua is running!/s - server_name test.com; - ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; -- ssl_protocols SSLv3; -+ ssl_session_tickets off; - - server_tokens off; - } - -From daeb42cb9463d7a25d4d64a2588721cb377fb75b Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@cloudflare.com> -Date: Thu, 12 May 2016 13:12:23 +0100 -Subject: [PATCH 2/6] bugfix: ssl: do not access SSL_SESSION struct directly - -In OpenSSL 1.1.0 it was made opaque. ---- - src/ngx_http_lua_socket_tcp.c | 15 ++--- - t/129-ssl-socket.t | 152 +++++++++++++++++++++--------------------- - 2 files changed, 82 insertions(+), 85 deletions(-) - -diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c -index 6db6e2d..18352bf 100644 ---- a/src/ngx_http_lua_socket_tcp.c -+++ b/src/ngx_http_lua_socket_tcp.c -@@ -1311,9 +1311,8 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) - return 2; - } - -- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua ssl set session: %p:%d", -- *psession, (*psession)->references); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -+ "lua ssl set session: %p", *psession); - } - } - -@@ -1577,9 +1576,8 @@ ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, - } else { - *ud = ssl_session; - -- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua ssl save session: %p:%d", ssl_session, -- ssl_session->references); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -+ "lua ssl save session: %p", ssl_session); - - /* set up the __gc metamethod */ - lua_pushlightuserdata(L, &ngx_http_lua_ssl_session_metatable_key); -@@ -5356,9 +5354,8 @@ ngx_http_lua_ssl_free_session(lua_State *L) - - psession = lua_touserdata(L, 1); - if (psession && *psession != NULL) { -- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -- "lua ssl free session: %p:%d", *psession, -- (*psession)->references); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -+ "lua ssl free session: %p", *psession); - - ngx_ssl_free_session(*psession); - } -diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t -index cc14594..e7e6a98 100644 ---- a/t/129-ssl-socket.t -+++ b/t/129-ssl-socket.t -@@ -108,10 +108,10 @@ sent http request: 59 bytes. - received: HTTP/1.1 (?:200 OK|302 Found) - close: 1 nil - \z ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- no_error_log - lua ssl server name: -@@ -185,10 +185,10 @@ received: HTTP/1.1 401 Unauthorized - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- no_error_log - lua ssl server name: -@@ -262,10 +262,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" -@@ -349,13 +349,13 @@ sent http request: 59 bytes. - received: HTTP/1.1 200 OK - close: 1 nil - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl set session: \1:2 --lua ssl save session: \1:3 --lua ssl free session: \1:2 --lua ssl free session: \1:1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl set session: \1 -+lua ssl save session: \1 -+lua ssl free session: \1 -+lua ssl free session: \1 - $/ - - --- error_log -@@ -437,7 +437,7 @@ failed to do SSL handshake: certificate host mismatch - failed to send http request: closed - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "blah.agentzh.org" -@@ -517,7 +517,7 @@ failed to do SSL handshake: certificate host mismatch - failed to send http request: closed - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "blah.agentzh.org" -@@ -592,10 +592,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - - --- error_log -@@ -677,10 +677,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]++/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - - --- error_log -@@ -759,7 +759,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate - failed to send http request: closed - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "iscribblet.org" -@@ -838,7 +838,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate - failed to send http request: closed - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "iscribblet.org" -@@ -928,10 +928,10 @@ sent http request: 59 bytes. - received: HTTP/1.1 (?:200 OK|302 Found) - close: 1 nil - \z ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "www.google.com" -@@ -1018,7 +1018,7 @@ GET /t - connected: 1 - failed to do SSL handshake: 20: unable to get local issuer certificate - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "www.google.com" -@@ -1100,10 +1100,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - - --- error_log -@@ -1179,10 +1179,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" -@@ -1259,10 +1259,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" -@@ -1339,10 +1339,10 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" -@@ -1417,7 +1417,7 @@ failed to do SSL handshake: handshake failed - failed to send http request: closed - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log eval - [ -@@ -1493,10 +1493,10 @@ ssl handshake: userdata - set keepalive: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: \1:2 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: \1 - $/ - - --- error_log -@@ -1569,14 +1569,14 @@ ssl handshake: userdata - set keepalive: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl save session: \1:3 --lua ssl save session: \1:4 --lua ssl free session: \1:4 --lua ssl free session: \1:3 --lua ssl free session: \1:2 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl save session: \1 -+lua ssl save session: \1 -+lua ssl free session: \1 -+lua ssl free session: \1 -+lua ssl free session: \1 - $/ - - --- error_log -@@ -1620,7 +1620,7 @@ hello world - --- response_body_like: 500 Internal Server Error - --- error_code: 500 - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - attempt to call method 'sslhandshake' (a nil value) -@@ -1719,10 +1719,10 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- no_error_log - lua ssl server name: -@@ -1824,10 +1824,10 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "test.com" -@@ -1917,7 +1917,7 @@ failed to do SSL handshake: handshake failed - ">>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log eval - qr/SSL_do_handshake\(\) failed .*?unknown protocol/ -@@ -2016,7 +2016,7 @@ $::TestCertificate - >>> test.crl - $::TestCRL" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "test.com" -@@ -2095,12 +2095,12 @@ received: HTTP/1.1 200 OK - close: 1 nil - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl save session: ([0-9A-F]+):3 --lua ssl free session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" -@@ -2154,7 +2154,7 @@ connected: 1 - failed to do SSL handshake: timeout - - --- log_level: debug ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl server name: "iscribblet.org" -@@ -2226,7 +2226,7 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- no_error_log - lua ssl server name: -@@ -2297,10 +2297,10 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- no_error_log - lua ssl server name: -@@ -2377,7 +2377,7 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- no_error_log - lua ssl server name: -@@ -2479,10 +2479,10 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out eval --qr/^lua ssl save session: ([0-9A-F]+):2 --lua ssl free session: ([0-9A-F]+):1 -+qr/^lua ssl save session: ([0-9A-F]+) -+lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - --- no_error_log -@@ -2575,7 +2575,7 @@ $::TestCertificateKey - >>> test.crt - $::TestCertificate" - ----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ -+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ - --- grep_error_log_out - --- error_log - lua ssl certificate verify error: (18: self signed certificate) - -From 7206c8f6fe10136e458d4b3c7ae2b696bd4c8983 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@cloudflare.com> -Date: Thu, 12 May 2016 13:17:52 +0100 -Subject: [PATCH 3/6] bugfix: ssl: do not set tlsext_status_expected flag - -In OpenSSL 1.1.0 the SSL struct was made opaque, and setting this -flag manually is not required anyway since OpenSSL already does that -automatically when ngx_http_lua_ssl_empty_status_callback() returns -"OK" (which is always), and an OCSP response has been set. ---- - src/ngx_http_lua_ssl_ocsp.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c -index 3904aa8..31b4f24 100644 ---- a/src/ngx_http_lua_ssl_ocsp.c -+++ b/src/ngx_http_lua_ssl_ocsp.c -@@ -490,7 +490,6 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r, - - dd("set ocsp resp: resp_len=%d", (int) resp_len); - (void) SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, resp_len); -- ssl_conn->tlsext_status_expected = 1; - - return NGX_OK; - - -From 96f39afab912c06fc76f2b18a70130ab41b00f12 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@cloudflare.com> -Date: Fri, 10 Jun 2016 13:23:21 +0100 -Subject: [PATCH 4/6] bugfix: ssl: do not access SSL struct directly for - tlsext_status_type - -In OpenSSL 1.1.0 it was made opaque, and a getter function was added. ---- - src/ngx_http_lua_ssl_ocsp.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c -index 31b4f24..9ec8b50 100644 ---- a/src/ngx_http_lua_ssl_ocsp.c -+++ b/src/ngx_http_lua_ssl_ocsp.c -@@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r, - return NGX_ERROR; - } - -+#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE -+ if (SSL_get_tlsext_status_type(ssl_conn) == -1) { -+#else - if (ssl_conn->tlsext_status_type == -1) { -+#endif - dd("no ocsp status req from client"); - return NGX_DECLINED; - } - -From 26d6bbefb78cc72d14961a8166ffc3cb67611b6f Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@ghedini.me> -Date: Tue, 13 Sep 2016 22:19:10 +0100 -Subject: [PATCH 5/6] bugfix: ssl: make SSL session callback build with OpenSSL - 1.1.0 - ---- - src/ngx_http_lua_ssl_session_fetchby.c | 9 ++++++--- - src/ngx_http_lua_ssl_session_fetchby.h | 6 +++++- - src/ngx_http_lua_ssl_session_storeby.c | 8 ++++++-- - 3 files changed, 17 insertions(+), 6 deletions(-) - -diff --git a/src/ngx_http_lua_ssl_session_fetchby.c b/src/ngx_http_lua_ssl_session_fetchby.c -index 4c450b5..6212c60 100644 ---- a/src/ngx_http_lua_ssl_session_fetchby.c -+++ b/src/ngx_http_lua_ssl_session_fetchby.c -@@ -171,8 +171,11 @@ ngx_http_lua_ssl_sess_fetch_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - - /* cached session fetching callback to be set with SSL_CTX_sess_set_get_cb */ - ngx_ssl_session_t * --ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id, -- int len, int *copy) -+ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, -+#if OPENSSL_VERSION_NUMBER >= 0x10100003L -+ const -+#endif -+ u_char *id, int len, int *copy) - { - lua_State *L; - ngx_int_t rc; -@@ -284,7 +287,7 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id, - cctx->exit_code = 1; /* successful by default */ - cctx->connection = c; - cctx->request = r; -- cctx->session_id.data = id; -+ cctx->session_id.data = (u_char *) id; - cctx->session_id.len = len; - cctx->entered_sess_fetch_handler = 1; - cctx->done = 0; -diff --git a/src/ngx_http_lua_ssl_session_fetchby.h b/src/ngx_http_lua_ssl_session_fetchby.h -index 5a6f96f..50c6616 100644 ---- a/src/ngx_http_lua_ssl_session_fetchby.h -+++ b/src/ngx_http_lua_ssl_session_fetchby.h -@@ -25,7 +25,11 @@ char *ngx_http_lua_ssl_sess_fetch_by_lua_block(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); - - ngx_ssl_session_t *ngx_http_lua_ssl_sess_fetch_handler( -- ngx_ssl_conn_t *ssl_conn, u_char *id, int len, int *copy); -+ ngx_ssl_conn_t *ssl_conn, -+#if OPENSSL_VERSION_NUMBER >= 0x10100003L -+ const -+#endif -+ u_char *id, int len, int *copy); - #endif - - -diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c -index b5596bc..85dbece 100644 ---- a/src/ngx_http_lua_ssl_session_storeby.c -+++ b/src/ngx_http_lua_ssl_session_storeby.c -@@ -172,6 +172,8 @@ int - ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, - ngx_ssl_session_t *sess) - { -+ const u_char *sess_id; -+ unsigned int sess_id_len; - lua_State *L; - ngx_int_t rc; - ngx_connection_t *c, *fc = NULL; -@@ -246,11 +248,13 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, - } - } - -+ sess_id = SSL_SESSION_get_id(sess, &sess_id_len); -+ - cctx->connection = c; - cctx->request = r; - cctx->session = sess; -- cctx->session_id.data = sess->session_id; -- cctx->session_id.len = sess->session_id_length; -+ cctx->session_id.data = (u_char *) sess_id; -+ cctx->session_id.len = sess_id_len; - cctx->done = 0; - - dd("setting cctx"); - -From ac7dc8f7fdc391301db5c8e35a7113b86d492b56 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini <alessandro@ghedini.me> -Date: Mon, 28 Nov 2016 21:01:00 +0000 -Subject: [PATCH 6/6] bugfix: ssl: don't use RC4 in tests - -RC4 ciphers are deprecated and disabled by default in OpenSSL 1.1.0. ---- - t/129-ssl-socket.t | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t -index e7e6a98..ebb6555 100644 ---- a/t/129-ssl-socket.t -+++ b/t/129-ssl-socket.t -@@ -1129,7 +1129,7 @@ SSL reused session - sock:settimeout(2000) - - do -- local ok, err = sock:connect("iscribblet.org", 443) -+ local ok, err = sock:connect("openresty.org", 443) - if not ok then - ngx.say("failed to connect: ", err) - return -@@ -1137,7 +1137,7 @@ SSL reused session - - ngx.say("connected: ", ok) - -- local session, err = sock:sslhandshake(nil, "iscribblet.org") -+ local session, err = sock:sslhandshake(nil, "openresty.org") - if not session then - ngx.say("failed to do SSL handshake: ", err) - return -@@ -1145,7 +1145,7 @@ SSL reused session - - ngx.say("ssl handshake: ", type(session)) - -- local req = "GET / HTTP/1.1\\r\\nHost: iscribblet.org\\r\\nConnection: close\\r\\n\\r\\n" -+ local req = "GET /en/ HTTP/1.1\\r\\nHost: openresty.org\\r\\nConnection: close\\r\\n\\r\\n" - local bytes, err = sock:send(req) - if not bytes then - ngx.say("failed to send http request: ", err) -@@ -1174,7 +1174,7 @@ GET /t - --- response_body - connected: 1 - ssl handshake: userdata --sent http request: 59 bytes. -+sent http request: 61 bytes. - received: HTTP/1.1 200 OK - close: 1 nil - -@@ -1185,8 +1185,8 @@ qr/^lua ssl save session: ([0-9A-F]+) - lua ssl free session: ([0-9A-F]+) - $/ - --- error_log --lua ssl server name: "iscribblet.org" --SSL: TLSv1.2, cipher: "ECDHE-RSA-RC4-SHA SSLv3 -+lua ssl server name: "openresty.org" -+SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 - --- no_error_log - SSL reused session - [error] -@@ -1199,7 +1199,7 @@ SSL reused session - --- config - server_tokens off; - resolver $TEST_NGINX_RESOLVER ipv6=off; -- lua_ssl_ciphers RC4-SHA; -+ lua_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256; - location /t { - #set $port 5000; - set $port $TEST_NGINX_MEMCACHED_PORT; -@@ -1266,7 +1266,7 @@ lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" --SSL: TLSv1.2, cipher: "RC4-SHA SSLv3 -+SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 - --- no_error_log - SSL reused session - [error] -@@ -1346,7 +1346,7 @@ lua ssl free session: ([0-9A-F]+) - $/ - --- error_log - lua ssl server name: "iscribblet.org" --SSL: TLSv1, cipher: "ECDHE-RSA-RC4-SHA SSLv3 -+SSL: TLSv1 - --- no_error_log - SSL reused session - [error] |