aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2017-10-23 16:17:03 +0200
committerJakub Jirutka <jakub@jirutka.cz>2017-10-23 16:17:03 +0200
commitfde6b2fac7e3464ed6cd8a8f930e20dd453cc809 (patch)
tree15284c9fd689b0ef0990526186275f4e92895b29 /main
parent1f9b260e6e2499000192680f502e67085500fd66 (diff)
downloadaports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.bz2
aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.xz
main/nginx: remove unused patch
Diffstat (limited to 'main')
-rw-r--r--main/nginx/lua-nginx-module~fix-libressl.patch.bak946
1 files changed, 0 insertions, 946 deletions
diff --git a/main/nginx/lua-nginx-module~fix-libressl.patch.bak b/main/nginx/lua-nginx-module~fix-libressl.patch.bak
deleted file mode 100644
index 9d19eab0e4..0000000000
--- a/main/nginx/lua-nginx-module~fix-libressl.patch.bak
+++ /dev/null
@@ -1,946 +0,0 @@
-From 7a7cb2b3b745eadb0c2d3d7ee5789931f1731209 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Tue, 13 Sep 2016 22:31:32 +0100
-Subject: [PATCH 1/6] bugfix: ssl: don't use SSLv3 in tests
-
-OpenSSL 1.1.0 disables SSLv3 by default. In order to disable SSL session
-tickets set ssl_session_tickets to off instead.
----
- t/142-ssl-session-store.t | 24 +++++++++++-------------
- t/143-ssl-session-fetch.t | 26 +++++++++++++-------------
- 2 files changed, 24 insertions(+), 26 deletions(-)
-
-diff --git a/t/142-ssl-session-store.t b/t/142-ssl-session-store.t
-index 5c9fad3..b595519 100644
---- a/t/142-ssl-session-store.t
-+++ b/t/142-ssl-session-store.t
-@@ -32,7 +32,7 @@ __DATA__
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -102,7 +102,7 @@ ssl_session_store_by_lua_block:1: ssl session store by lua is running!
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -177,7 +177,7 @@ API disabled in the context of ssl_session_store_by_lua*
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -267,9 +267,9 @@ my timer run!
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -335,9 +335,9 @@ API disabled in the context of ssl_session_store_by_lua*
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -407,9 +407,9 @@ ngx.exit does not yield and the error code is eaten.
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -480,9 +480,9 @@ ssl_session_store_by_lua*: handler return value: 0, sess new cb exit code: 0
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -548,9 +548,9 @@ should never reached here
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -621,7 +621,7 @@ get_phase: ssl_session_store
- }
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -690,7 +690,7 @@ qr/elapsed in ssl cert by lua: 0.(?:09|1[01])\d+,/,
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -760,7 +760,6 @@ a.lua:1: ssl store session by lua is running!
- ssl_session_store_by_lua_block {
- print("handler in test.com")
- }
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-
-@@ -770,7 +769,6 @@ a.lua:1: ssl store session by lua is running!
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-
-@@ -836,7 +834,7 @@ qr/\[emerg\] .*? "ssl_session_store_by_lua_block" directive is not allowed here
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t
-index bd800ff..54f7a4a 100644
---- a/t/143-ssl-session-fetch.t
-+++ b/t/143-ssl-session-fetch.t
-@@ -33,7 +33,7 @@ __DATA__
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -114,7 +114,7 @@ qr/ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!/s
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -198,7 +198,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/,
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -297,9 +297,9 @@ qr/my timer run!/s
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -377,9 +377,9 @@ qr/received memc reply: OK/s
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -458,9 +458,9 @@ should never reached here
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -540,9 +540,9 @@ should never reached here
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -621,9 +621,9 @@ should never reached here
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -704,9 +704,9 @@ should never reached here
- server {
- listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
- server_name test.com;
-- ssl_protocols SSLv3;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -787,7 +787,7 @@ should never reached here
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -872,7 +872,7 @@ qr/get_phase: ssl_session_fetch/s
- }
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -956,7 +956,7 @@ ssl store session by lua is running!
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-@@ -1036,7 +1036,7 @@ qr/\S+:\d+: ssl fetch sess by lua is running!/s
- server_name test.com;
- ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
- ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-- ssl_protocols SSLv3;
-+ ssl_session_tickets off;
-
- server_tokens off;
- }
-
-From daeb42cb9463d7a25d4d64a2588721cb377fb75b Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@cloudflare.com>
-Date: Thu, 12 May 2016 13:12:23 +0100
-Subject: [PATCH 2/6] bugfix: ssl: do not access SSL_SESSION struct directly
-
-In OpenSSL 1.1.0 it was made opaque.
----
- src/ngx_http_lua_socket_tcp.c | 15 ++---
- t/129-ssl-socket.t | 152 +++++++++++++++++++++---------------------
- 2 files changed, 82 insertions(+), 85 deletions(-)
-
-diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c
-index 6db6e2d..18352bf 100644
---- a/src/ngx_http_lua_socket_tcp.c
-+++ b/src/ngx_http_lua_socket_tcp.c
-@@ -1311,9 +1311,8 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L)
- return 2;
- }
-
-- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
-- "lua ssl set session: %p:%d",
-- *psession, (*psession)->references);
-+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
-+ "lua ssl set session: %p", *psession);
- }
- }
-
-@@ -1577,9 +1576,8 @@ ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r,
- } else {
- *ud = ssl_session;
-
-- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
-- "lua ssl save session: %p:%d", ssl_session,
-- ssl_session->references);
-+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
-+ "lua ssl save session: %p", ssl_session);
-
- /* set up the __gc metamethod */
- lua_pushlightuserdata(L, &ngx_http_lua_ssl_session_metatable_key);
-@@ -5356,9 +5354,8 @@ ngx_http_lua_ssl_free_session(lua_State *L)
-
- psession = lua_touserdata(L, 1);
- if (psession && *psession != NULL) {
-- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
-- "lua ssl free session: %p:%d", *psession,
-- (*psession)->references);
-+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
-+ "lua ssl free session: %p", *psession);
-
- ngx_ssl_free_session(*psession);
- }
-diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
-index cc14594..e7e6a98 100644
---- a/t/129-ssl-socket.t
-+++ b/t/129-ssl-socket.t
-@@ -108,10 +108,10 @@ sent http request: 59 bytes.
- received: HTTP/1.1 (?:200 OK|302 Found)
- close: 1 nil
- \z
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -185,10 +185,10 @@ received: HTTP/1.1 401 Unauthorized
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -262,10 +262,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -349,13 +349,13 @@ sent http request: 59 bytes.
- received: HTTP/1.1 200 OK
- close: 1 nil
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl set session: \1:2
--lua ssl save session: \1:3
--lua ssl free session: \1:2
--lua ssl free session: \1:1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl set session: \1
-+lua ssl save session: \1
-+lua ssl free session: \1
-+lua ssl free session: \1
- $/
-
- --- error_log
-@@ -437,7 +437,7 @@ failed to do SSL handshake: certificate host mismatch
- failed to send http request: closed
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "blah.agentzh.org"
-@@ -517,7 +517,7 @@ failed to do SSL handshake: certificate host mismatch
- failed to send http request: closed
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "blah.agentzh.org"
-@@ -592,10 +592,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
-
- --- error_log
-@@ -677,10 +677,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]++/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
-
- --- error_log
-@@ -759,7 +759,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate
- failed to send http request: closed
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -838,7 +838,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate
- failed to send http request: closed
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -928,10 +928,10 @@ sent http request: 59 bytes.
- received: HTTP/1.1 (?:200 OK|302 Found)
- close: 1 nil
- \z
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "www.google.com"
-@@ -1018,7 +1018,7 @@ GET /t
- connected: 1
- failed to do SSL handshake: 20: unable to get local issuer certificate
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "www.google.com"
-@@ -1100,10 +1100,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
-
- --- error_log
-@@ -1179,10 +1179,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -1259,10 +1259,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -1339,10 +1339,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -1417,7 +1417,7 @@ failed to do SSL handshake: handshake failed
- failed to send http request: closed
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log eval
- [
-@@ -1493,10 +1493,10 @@ ssl handshake: userdata
- set keepalive: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: \1:2
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: \1
- $/
-
- --- error_log
-@@ -1569,14 +1569,14 @@ ssl handshake: userdata
- set keepalive: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl save session: \1:3
--lua ssl save session: \1:4
--lua ssl free session: \1:4
--lua ssl free session: \1:3
--lua ssl free session: \1:2
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl save session: \1
-+lua ssl save session: \1
-+lua ssl free session: \1
-+lua ssl free session: \1
-+lua ssl free session: \1
- $/
-
- --- error_log
-@@ -1620,7 +1620,7 @@ hello world
- --- response_body_like: 500 Internal Server Error
- --- error_code: 500
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- attempt to call method 'sslhandshake' (a nil value)
-@@ -1719,10 +1719,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -1824,10 +1824,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "test.com"
-@@ -1917,7 +1917,7 @@ failed to do SSL handshake: handshake failed
- ">>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log eval
- qr/SSL_do_handshake\(\) failed .*?unknown protocol/
-@@ -2016,7 +2016,7 @@ $::TestCertificate
- >>> test.crl
- $::TestCRL"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "test.com"
-@@ -2095,12 +2095,12 @@ received: HTTP/1.1 200 OK
- close: 1 nil
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl save session: ([0-9A-F]+):3
--lua ssl free session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -2154,7 +2154,7 @@ connected: 1
- failed to do SSL handshake: timeout
-
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -2226,7 +2226,7 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- no_error_log
- lua ssl server name:
-@@ -2297,10 +2297,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -2377,7 +2377,7 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- no_error_log
- lua ssl server name:
-@@ -2479,10 +2479,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- --- no_error_log
-@@ -2575,7 +2575,7 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
-
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl certificate verify error: (18: self signed certificate)
-
-From 7206c8f6fe10136e458d4b3c7ae2b696bd4c8983 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@cloudflare.com>
-Date: Thu, 12 May 2016 13:17:52 +0100
-Subject: [PATCH 3/6] bugfix: ssl: do not set tlsext_status_expected flag
-
-In OpenSSL 1.1.0 the SSL struct was made opaque, and setting this
-flag manually is not required anyway since OpenSSL already does that
-automatically when ngx_http_lua_ssl_empty_status_callback() returns
-"OK" (which is always), and an OCSP response has been set.
----
- src/ngx_http_lua_ssl_ocsp.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c
-index 3904aa8..31b4f24 100644
---- a/src/ngx_http_lua_ssl_ocsp.c
-+++ b/src/ngx_http_lua_ssl_ocsp.c
-@@ -490,7 +490,6 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
-
- dd("set ocsp resp: resp_len=%d", (int) resp_len);
- (void) SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, resp_len);
-- ssl_conn->tlsext_status_expected = 1;
-
- return NGX_OK;
-
-
-From 96f39afab912c06fc76f2b18a70130ab41b00f12 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@cloudflare.com>
-Date: Fri, 10 Jun 2016 13:23:21 +0100
-Subject: [PATCH 4/6] bugfix: ssl: do not access SSL struct directly for
- tlsext_status_type
-
-In OpenSSL 1.1.0 it was made opaque, and a getter function was added.
----
- src/ngx_http_lua_ssl_ocsp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c
-index 31b4f24..9ec8b50 100644
---- a/src/ngx_http_lua_ssl_ocsp.c
-+++ b/src/ngx_http_lua_ssl_ocsp.c
-@@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
- return NGX_ERROR;
- }
-
-+#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
-+ if (SSL_get_tlsext_status_type(ssl_conn) == -1) {
-+#else
- if (ssl_conn->tlsext_status_type == -1) {
-+#endif
- dd("no ocsp status req from client");
- return NGX_DECLINED;
- }
-
-From 26d6bbefb78cc72d14961a8166ffc3cb67611b6f Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Tue, 13 Sep 2016 22:19:10 +0100
-Subject: [PATCH 5/6] bugfix: ssl: make SSL session callback build with OpenSSL
- 1.1.0
-
----
- src/ngx_http_lua_ssl_session_fetchby.c | 9 ++++++---
- src/ngx_http_lua_ssl_session_fetchby.h | 6 +++++-
- src/ngx_http_lua_ssl_session_storeby.c | 8 ++++++--
- 3 files changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/src/ngx_http_lua_ssl_session_fetchby.c b/src/ngx_http_lua_ssl_session_fetchby.c
-index 4c450b5..6212c60 100644
---- a/src/ngx_http_lua_ssl_session_fetchby.c
-+++ b/src/ngx_http_lua_ssl_session_fetchby.c
-@@ -171,8 +171,11 @@ ngx_http_lua_ssl_sess_fetch_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
-
- /* cached session fetching callback to be set with SSL_CTX_sess_set_get_cb */
- ngx_ssl_session_t *
--ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id,
-- int len, int *copy)
-+ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn,
-+#if OPENSSL_VERSION_NUMBER >= 0x10100003L
-+ const
-+#endif
-+ u_char *id, int len, int *copy)
- {
- lua_State *L;
- ngx_int_t rc;
-@@ -284,7 +287,7 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id,
- cctx->exit_code = 1; /* successful by default */
- cctx->connection = c;
- cctx->request = r;
-- cctx->session_id.data = id;
-+ cctx->session_id.data = (u_char *) id;
- cctx->session_id.len = len;
- cctx->entered_sess_fetch_handler = 1;
- cctx->done = 0;
-diff --git a/src/ngx_http_lua_ssl_session_fetchby.h b/src/ngx_http_lua_ssl_session_fetchby.h
-index 5a6f96f..50c6616 100644
---- a/src/ngx_http_lua_ssl_session_fetchby.h
-+++ b/src/ngx_http_lua_ssl_session_fetchby.h
-@@ -25,7 +25,11 @@ char *ngx_http_lua_ssl_sess_fetch_by_lua_block(ngx_conf_t *cf,
- ngx_command_t *cmd, void *conf);
-
- ngx_ssl_session_t *ngx_http_lua_ssl_sess_fetch_handler(
-- ngx_ssl_conn_t *ssl_conn, u_char *id, int len, int *copy);
-+ ngx_ssl_conn_t *ssl_conn,
-+#if OPENSSL_VERSION_NUMBER >= 0x10100003L
-+ const
-+#endif
-+ u_char *id, int len, int *copy);
- #endif
-
-
-diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c
-index b5596bc..85dbece 100644
---- a/src/ngx_http_lua_ssl_session_storeby.c
-+++ b/src/ngx_http_lua_ssl_session_storeby.c
-@@ -172,6 +172,8 @@ int
- ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn,
- ngx_ssl_session_t *sess)
- {
-+ const u_char *sess_id;
-+ unsigned int sess_id_len;
- lua_State *L;
- ngx_int_t rc;
- ngx_connection_t *c, *fc = NULL;
-@@ -246,11 +248,13 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn,
- }
- }
-
-+ sess_id = SSL_SESSION_get_id(sess, &sess_id_len);
-+
- cctx->connection = c;
- cctx->request = r;
- cctx->session = sess;
-- cctx->session_id.data = sess->session_id;
-- cctx->session_id.len = sess->session_id_length;
-+ cctx->session_id.data = (u_char *) sess_id;
-+ cctx->session_id.len = sess_id_len;
- cctx->done = 0;
-
- dd("setting cctx");
-
-From ac7dc8f7fdc391301db5c8e35a7113b86d492b56 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Mon, 28 Nov 2016 21:01:00 +0000
-Subject: [PATCH 6/6] bugfix: ssl: don't use RC4 in tests
-
-RC4 ciphers are deprecated and disabled by default in OpenSSL 1.1.0.
----
- t/129-ssl-socket.t | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
-index e7e6a98..ebb6555 100644
---- a/t/129-ssl-socket.t
-+++ b/t/129-ssl-socket.t
-@@ -1129,7 +1129,7 @@ SSL reused session
- sock:settimeout(2000)
-
- do
-- local ok, err = sock:connect("iscribblet.org", 443)
-+ local ok, err = sock:connect("openresty.org", 443)
- if not ok then
- ngx.say("failed to connect: ", err)
- return
-@@ -1137,7 +1137,7 @@ SSL reused session
-
- ngx.say("connected: ", ok)
-
-- local session, err = sock:sslhandshake(nil, "iscribblet.org")
-+ local session, err = sock:sslhandshake(nil, "openresty.org")
- if not session then
- ngx.say("failed to do SSL handshake: ", err)
- return
-@@ -1145,7 +1145,7 @@ SSL reused session
-
- ngx.say("ssl handshake: ", type(session))
-
-- local req = "GET / HTTP/1.1\\r\\nHost: iscribblet.org\\r\\nConnection: close\\r\\n\\r\\n"
-+ local req = "GET /en/ HTTP/1.1\\r\\nHost: openresty.org\\r\\nConnection: close\\r\\n\\r\\n"
- local bytes, err = sock:send(req)
- if not bytes then
- ngx.say("failed to send http request: ", err)
-@@ -1174,7 +1174,7 @@ GET /t
- --- response_body
- connected: 1
- ssl handshake: userdata
--sent http request: 59 bytes.
-+sent http request: 61 bytes.
- received: HTTP/1.1 200 OK
- close: 1 nil
-
-@@ -1185,8 +1185,8 @@ qr/^lua ssl save session: ([0-9A-F]+)
- lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
--lua ssl server name: "iscribblet.org"
--SSL: TLSv1.2, cipher: "ECDHE-RSA-RC4-SHA SSLv3
-+lua ssl server name: "openresty.org"
-+SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256
- --- no_error_log
- SSL reused session
- [error]
-@@ -1199,7 +1199,7 @@ SSL reused session
- --- config
- server_tokens off;
- resolver $TEST_NGINX_RESOLVER ipv6=off;
-- lua_ssl_ciphers RC4-SHA;
-+ lua_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;
- location /t {
- #set $port 5000;
- set $port $TEST_NGINX_MEMCACHED_PORT;
-@@ -1266,7 +1266,7 @@ lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
--SSL: TLSv1.2, cipher: "RC4-SHA SSLv3
-+SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256
- --- no_error_log
- SSL reused session
- [error]
-@@ -1346,7 +1346,7 @@ lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
--SSL: TLSv1, cipher: "ECDHE-RSA-RC4-SHA SSLv3
-+SSL: TLSv1
- --- no_error_log
- SSL reused session
- [error]