main/nginx: remove unused patch

author: Jakub Jirutka <jakub@jirutka.cz> 2017-10-23 16:17:03 +0200
committer: Jakub Jirutka <jakub@jirutka.cz> 2017-10-23 16:17:03 +0200
commit: fde6b2fac7e3464ed6cd8a8f930e20dd453cc809 (patch)
tree: 15284c9fd689b0ef0990526186275f4e92895b29 /main/nginx
parent: 1f9b260e6e2499000192680f502e67085500fd66 (diff)
download: aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.bz2
aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.xz
1 files changed, 0 insertions, 946 deletions
diff --git a/main/nginx/lua-nginx-module~fix-libressl.patch.bak b/main/nginx/lua-nginx-module~fix-libressl.patch.bak
deleted file mode 100644
index 9d19eab0e4..0000000000
--- a/main/nginx/lua-nginx-module~fix-libressl.patch.bak
+++ /dev/null
@@ -1,946 +0,0 @@
-From 7a7cb2b3b745eadb0c2d3d7ee5789931f1731209 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Tue, 13 Sep 2016 22:31:32 +0100
-Subject: [PATCH 1/6] bugfix: ssl: don't use SSLv3 in tests
-
-OpenSSL 1.1.0 disables SSLv3 by default. In order to disable SSL session
-tickets set ssl_session_tickets to off instead.
----
- t/142-ssl-session-store.t | 24 +++++++++++-------------
- t/143-ssl-session-fetch.t | 26 +++++++++++++-------------
- 2 files changed, 24 insertions(+), 26 deletions(-)
-
-diff --git a/t/142-ssl-session-store.t b/t/142-ssl-session-store.t
-index 5c9fad3..b595519 100644
---- a/t/142-ssl-session-store.t
-+++ b/t/142-ssl-session-store.t
-@@ -32,7 +32,7 @@ __DATA__
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -102,7 +102,7 @@ ssl_session_store_by_lua_block:1: ssl session store by lua is running!
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -177,7 +177,7 @@ API disabled in the context of ssl_session_store_by_lua*
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -267,9 +267,9 @@ my timer run!
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name   test.com;
- 
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -335,9 +335,9 @@ API disabled in the context of ssl_session_store_by_lua*
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -407,9 +407,9 @@ ngx.exit does not yield and the error code is eaten.
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -480,9 +480,9 @@ ssl_session_store_by_lua*: handler return value: 0, sess new cb exit code: 0
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -548,9 +548,9 @@ should never reached here
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -621,7 +621,7 @@ get_phase: ssl_session_store
-         }
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -690,7 +690,7 @@ qr/elapsed in ssl cert by lua: 0.(?:09|1[01])\d+,/,
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -760,7 +760,6 @@ a.lua:1: ssl store session by lua is running!
-         ssl_session_store_by_lua_block {
-             print("handler in test.com")
-         }
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
- 
-@@ -770,7 +769,6 @@ a.lua:1: ssl store session by lua is running!
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
- 
-@@ -836,7 +834,7 @@ qr/\[emerg\] .*? "ssl_session_store_by_lua_block" directive is not allowed here
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t
-index bd800ff..54f7a4a 100644
---- a/t/143-ssl-session-fetch.t
-+++ b/t/143-ssl-session-fetch.t
-@@ -33,7 +33,7 @@ __DATA__
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -114,7 +114,7 @@ qr/ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!/s
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -198,7 +198,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/,
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -297,9 +297,9 @@ qr/my timer run!/s
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name   test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -377,9 +377,9 @@ qr/received memc reply: OK/s
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -458,9 +458,9 @@ should never reached here
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -540,9 +540,9 @@ should never reached here
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -621,9 +621,9 @@ should never reached here
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -704,9 +704,9 @@ should never reached here
-     server {
-         listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-         server_name test.com;
--        ssl_protocols SSLv3;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -787,7 +787,7 @@ should never reached here
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -872,7 +872,7 @@ qr/get_phase: ssl_session_fetch/s
-         }
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -956,7 +956,7 @@ ssl store session by lua is running!
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-@@ -1036,7 +1036,7 @@ qr/\S+:\d+: ssl fetch sess by lua is running!/s
-         server_name   test.com;
-         ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-         ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
--        ssl_protocols SSLv3;
-+        ssl_session_tickets off;
- 
-         server_tokens off;
-     }
-
-From daeb42cb9463d7a25d4d64a2588721cb377fb75b Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@cloudflare.com>
-Date: Thu, 12 May 2016 13:12:23 +0100
-Subject: [PATCH 2/6] bugfix: ssl: do not access SSL_SESSION struct directly
-
-In OpenSSL 1.1.0 it was made opaque.
----
- src/ngx_http_lua_socket_tcp.c |  15 ++---
- t/129-ssl-socket.t            | 152 +++++++++++++++++++++---------------------
- 2 files changed, 82 insertions(+), 85 deletions(-)
-
-diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c
-index 6db6e2d..18352bf 100644
---- a/src/ngx_http_lua_socket_tcp.c
-+++ b/src/ngx_http_lua_socket_tcp.c
-@@ -1311,9 +1311,8 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L)
-                     return 2;
-                 }
- 
--                ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
--                               "lua ssl set session: %p:%d",
--                               *psession, (*psession)->references);
-+                ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
-+                               "lua ssl set session: %p", *psession);
-             }
-         }
- 
-@@ -1577,9 +1576,8 @@ ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r,
-     } else {
-         *ud = ssl_session;
- 
--       ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
--                      "lua ssl save session: %p:%d", ssl_session,
--                      ssl_session->references);
-+       ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
-+                      "lua ssl save session: %p", ssl_session);
- 
-         /* set up the __gc metamethod */
-         lua_pushlightuserdata(L, &ngx_http_lua_ssl_session_metatable_key);
-@@ -5356,9 +5354,8 @@ ngx_http_lua_ssl_free_session(lua_State *L)
- 
-     psession = lua_touserdata(L, 1);
-     if (psession && *psession != NULL) {
--        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
--                       "lua ssl free session: %p:%d", *psession,
--                       (*psession)->references);
-+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
-+                       "lua ssl free session: %p", *psession);
- 
-         ngx_ssl_free_session(*psession);
-     }
-diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
-index cc14594..e7e6a98 100644
---- a/t/129-ssl-socket.t
-+++ b/t/129-ssl-socket.t
-@@ -108,10 +108,10 @@ sent http request: 59 bytes.
- received: HTTP/1.1 (?:200 OK|302 Found)
- close: 1 nil
- \z
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -185,10 +185,10 @@ received: HTTP/1.1 401 Unauthorized
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -262,10 +262,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -349,13 +349,13 @@ sent http request: 59 bytes.
- received: HTTP/1.1 200 OK
- close: 1 nil
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl set session: \1:2
--lua ssl save session: \1:3
--lua ssl free session: \1:2
--lua ssl free session: \1:1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl set session: \1
-+lua ssl save session: \1
-+lua ssl free session: \1
-+lua ssl free session: \1
- $/
- 
- --- error_log
-@@ -437,7 +437,7 @@ failed to do SSL handshake: certificate host mismatch
- failed to send http request: closed
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "blah.agentzh.org"
-@@ -517,7 +517,7 @@ failed to do SSL handshake: certificate host mismatch
- failed to send http request: closed
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "blah.agentzh.org"
-@@ -592,10 +592,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- 
- --- error_log
-@@ -677,10 +677,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]++/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- 
- --- error_log
-@@ -759,7 +759,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate
- failed to send http request: closed
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -838,7 +838,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate
- failed to send http request: closed
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -928,10 +928,10 @@ sent http request: 59 bytes.
- received: HTTP/1.1 (?:200 OK|302 Found)
- close: 1 nil
- \z
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "www.google.com"
-@@ -1018,7 +1018,7 @@ GET /t
- connected: 1
- failed to do SSL handshake: 20: unable to get local issuer certificate
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "www.google.com"
-@@ -1100,10 +1100,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- 
- --- error_log
-@@ -1179,10 +1179,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -1259,10 +1259,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -1339,10 +1339,10 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -1417,7 +1417,7 @@ failed to do SSL handshake: handshake failed
- failed to send http request: closed
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log eval
- [
-@@ -1493,10 +1493,10 @@ ssl handshake: userdata
- set keepalive: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: \1:2
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: \1
- $/
- 
- --- error_log
-@@ -1569,14 +1569,14 @@ ssl handshake: userdata
- set keepalive: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl save session: \1:3
--lua ssl save session: \1:4
--lua ssl free session: \1:4
--lua ssl free session: \1:3
--lua ssl free session: \1:2
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl save session: \1
-+lua ssl save session: \1
-+lua ssl free session: \1
-+lua ssl free session: \1
-+lua ssl free session: \1
- $/
- 
- --- error_log
-@@ -1620,7 +1620,7 @@ hello world
- --- response_body_like: 500 Internal Server Error
- --- error_code: 500
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- attempt to call method 'sslhandshake' (a nil value)
-@@ -1719,10 +1719,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -1824,10 +1824,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "test.com"
-@@ -1917,7 +1917,7 @@ failed to do SSL handshake: handshake failed
- ">>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log eval
- qr/SSL_do_handshake\(\) failed .*?unknown protocol/
-@@ -2016,7 +2016,7 @@ $::TestCertificate
- >>> test.crl
- $::TestCRL"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "test.com"
-@@ -2095,12 +2095,12 @@ received: HTTP/1.1 200 OK
- close: 1 nil
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl save session: ([0-9A-F]+):3
--lua ssl free session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -2154,7 +2154,7 @@ connected: 1
- failed to do SSL handshake: timeout
- 
- --- log_level: debug
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl server name: "iscribblet.org"
-@@ -2226,7 +2226,7 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- no_error_log
- lua ssl server name:
-@@ -2297,10 +2297,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- no_error_log
- lua ssl server name:
-@@ -2377,7 +2377,7 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- no_error_log
- lua ssl server name:
-@@ -2479,10 +2479,10 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out eval
--qr/^lua ssl save session: ([0-9A-F]+):2
--lua ssl free session: ([0-9A-F]+):1
-+qr/^lua ssl save session: ([0-9A-F]+)
-+lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- --- no_error_log
-@@ -2575,7 +2575,7 @@ $::TestCertificateKey
- >>> test.crt
- $::TestCertificate"
- 
----- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
-+--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
- --- grep_error_log_out
- --- error_log
- lua ssl certificate verify error: (18: self signed certificate)
-
-From 7206c8f6fe10136e458d4b3c7ae2b696bd4c8983 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@cloudflare.com>
-Date: Thu, 12 May 2016 13:17:52 +0100
-Subject: [PATCH 3/6] bugfix: ssl: do not set tlsext_status_expected flag
-
-In OpenSSL 1.1.0 the SSL struct was made opaque, and setting this
-flag manually is not required anyway since OpenSSL already does that
-automatically when ngx_http_lua_ssl_empty_status_callback() returns
-"OK" (which is always), and an OCSP response has been set.
----
- src/ngx_http_lua_ssl_ocsp.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c
-index 3904aa8..31b4f24 100644
---- a/src/ngx_http_lua_ssl_ocsp.c
-+++ b/src/ngx_http_lua_ssl_ocsp.c
-@@ -490,7 +490,6 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
- 
-     dd("set ocsp resp: resp_len=%d", (int) resp_len);
-     (void) SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, resp_len);
--    ssl_conn->tlsext_status_expected = 1;
- 
-     return NGX_OK;
- 
-
-From 96f39afab912c06fc76f2b18a70130ab41b00f12 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@cloudflare.com>
-Date: Fri, 10 Jun 2016 13:23:21 +0100
-Subject: [PATCH 4/6] bugfix: ssl: do not access SSL struct directly for
- tlsext_status_type
-
-In OpenSSL 1.1.0 it was made opaque, and a getter function was added.
----
- src/ngx_http_lua_ssl_ocsp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c
-index 31b4f24..9ec8b50 100644
---- a/src/ngx_http_lua_ssl_ocsp.c
-+++ b/src/ngx_http_lua_ssl_ocsp.c
-@@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
-         return NGX_ERROR;
-     }
- 
-+#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
-+    if (SSL_get_tlsext_status_type(ssl_conn) == -1) {
-+#else
-     if (ssl_conn->tlsext_status_type == -1) {
-+#endif
-         dd("no ocsp status req from client");
-         return NGX_DECLINED;
-     }
-
-From 26d6bbefb78cc72d14961a8166ffc3cb67611b6f Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Tue, 13 Sep 2016 22:19:10 +0100
-Subject: [PATCH 5/6] bugfix: ssl: make SSL session callback build with OpenSSL
- 1.1.0
-
----
- src/ngx_http_lua_ssl_session_fetchby.c | 9 ++++++---
- src/ngx_http_lua_ssl_session_fetchby.h | 6 +++++-
- src/ngx_http_lua_ssl_session_storeby.c | 8 ++++++--
- 3 files changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/src/ngx_http_lua_ssl_session_fetchby.c b/src/ngx_http_lua_ssl_session_fetchby.c
-index 4c450b5..6212c60 100644
---- a/src/ngx_http_lua_ssl_session_fetchby.c
-+++ b/src/ngx_http_lua_ssl_session_fetchby.c
-@@ -171,8 +171,11 @@ ngx_http_lua_ssl_sess_fetch_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
- 
- /* cached session fetching callback to be set with SSL_CTX_sess_set_get_cb */
- ngx_ssl_session_t *
--ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id,
--    int len, int *copy)
-+ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn,
-+#if OPENSSL_VERSION_NUMBER >= 0x10100003L
-+    const
-+#endif
-+    u_char *id, int len, int *copy)
- {
-     lua_State                       *L;
-     ngx_int_t                        rc;
-@@ -284,7 +287,7 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id,
-     cctx->exit_code = 1;  /* successful by default */
-     cctx->connection = c;
-     cctx->request = r;
--    cctx->session_id.data = id;
-+    cctx->session_id.data = (u_char *) id;
-     cctx->session_id.len = len;
-     cctx->entered_sess_fetch_handler = 1;
-     cctx->done = 0;
-diff --git a/src/ngx_http_lua_ssl_session_fetchby.h b/src/ngx_http_lua_ssl_session_fetchby.h
-index 5a6f96f..50c6616 100644
---- a/src/ngx_http_lua_ssl_session_fetchby.h
-+++ b/src/ngx_http_lua_ssl_session_fetchby.h
-@@ -25,7 +25,11 @@ char *ngx_http_lua_ssl_sess_fetch_by_lua_block(ngx_conf_t *cf,
-     ngx_command_t *cmd, void *conf);
- 
- ngx_ssl_session_t *ngx_http_lua_ssl_sess_fetch_handler(
--    ngx_ssl_conn_t *ssl_conn, u_char *id, int len, int *copy);
-+    ngx_ssl_conn_t *ssl_conn,
-+#if OPENSSL_VERSION_NUMBER >= 0x10100003L
-+    const
-+#endif
-+    u_char *id, int len, int *copy);
- #endif
- 
- 
-diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c
-index b5596bc..85dbece 100644
---- a/src/ngx_http_lua_ssl_session_storeby.c
-+++ b/src/ngx_http_lua_ssl_session_storeby.c
-@@ -172,6 +172,8 @@ int
- ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn,
-     ngx_ssl_session_t *sess)
- {
-+    const u_char                    *sess_id;
-+    unsigned int                     sess_id_len;
-     lua_State                       *L;
-     ngx_int_t                        rc;
-     ngx_connection_t                *c, *fc = NULL;
-@@ -246,11 +248,13 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn,
-         }
-     }
- 
-+    sess_id = SSL_SESSION_get_id(sess, &sess_id_len);
-+
-     cctx->connection = c;
-     cctx->request = r;
-     cctx->session = sess;
--    cctx->session_id.data = sess->session_id;
--    cctx->session_id.len = sess->session_id_length;
-+    cctx->session_id.data = (u_char *) sess_id;
-+    cctx->session_id.len = sess_id_len;
-     cctx->done = 0;
- 
-     dd("setting cctx");
-
-From ac7dc8f7fdc391301db5c8e35a7113b86d492b56 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Mon, 28 Nov 2016 21:01:00 +0000
-Subject: [PATCH 6/6] bugfix: ssl: don't use RC4 in tests
-
-RC4 ciphers are deprecated and disabled by default in OpenSSL 1.1.0.
----
- t/129-ssl-socket.t | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
-index e7e6a98..ebb6555 100644
---- a/t/129-ssl-socket.t
-+++ b/t/129-ssl-socket.t
-@@ -1129,7 +1129,7 @@ SSL reused session
-             sock:settimeout(2000)
- 
-             do
--                local ok, err = sock:connect("iscribblet.org", 443)
-+                local ok, err = sock:connect("openresty.org", 443)
-                 if not ok then
-                     ngx.say("failed to connect: ", err)
-                     return
-@@ -1137,7 +1137,7 @@ SSL reused session
- 
-                 ngx.say("connected: ", ok)
- 
--                local session, err = sock:sslhandshake(nil, "iscribblet.org")
-+                local session, err = sock:sslhandshake(nil, "openresty.org")
-                 if not session then
-                     ngx.say("failed to do SSL handshake: ", err)
-                     return
-@@ -1145,7 +1145,7 @@ SSL reused session
- 
-                 ngx.say("ssl handshake: ", type(session))
- 
--                local req = "GET / HTTP/1.1\\r\\nHost: iscribblet.org\\r\\nConnection: close\\r\\n\\r\\n"
-+                local req = "GET /en/ HTTP/1.1\\r\\nHost: openresty.org\\r\\nConnection: close\\r\\n\\r\\n"
-                 local bytes, err = sock:send(req)
-                 if not bytes then
-                     ngx.say("failed to send http request: ", err)
-@@ -1174,7 +1174,7 @@ GET /t
- --- response_body
- connected: 1
- ssl handshake: userdata
--sent http request: 59 bytes.
-+sent http request: 61 bytes.
- received: HTTP/1.1 200 OK
- close: 1 nil
- 
-@@ -1185,8 +1185,8 @@ qr/^lua ssl save session: ([0-9A-F]+)
- lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
--lua ssl server name: "iscribblet.org"
--SSL: TLSv1.2, cipher: "ECDHE-RSA-RC4-SHA SSLv3
-+lua ssl server name: "openresty.org"
-+SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256
- --- no_error_log
- SSL reused session
- [error]
-@@ -1199,7 +1199,7 @@ SSL reused session
- --- config
-     server_tokens off;
-     resolver $TEST_NGINX_RESOLVER ipv6=off;
--    lua_ssl_ciphers RC4-SHA;
-+    lua_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;
-     location /t {
-         #set $port 5000;
-         set $port $TEST_NGINX_MEMCACHED_PORT;
-@@ -1266,7 +1266,7 @@ lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
--SSL: TLSv1.2, cipher: "RC4-SHA SSLv3
-+SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256
- --- no_error_log
- SSL reused session
- [error]
-@@ -1346,7 +1346,7 @@ lua ssl free session: ([0-9A-F]+)
- $/
- --- error_log
- lua ssl server name: "iscribblet.org"
--SSL: TLSv1, cipher: "ECDHE-RSA-RC4-SHA SSLv3
-+SSL: TLSv1
- --- no_error_log
- SSL reused session
- [error]
author	Jakub Jirutka <jakub@jirutka.cz>	2017-10-23 16:17:03 +0200
committer	Jakub Jirutka <jakub@jirutka.cz>	2017-10-23 16:17:03 +0200
commit	fde6b2fac7e3464ed6cd8a8f930e20dd453cc809 (patch)
tree	15284c9fd689b0ef0990526186275f4e92895b29 /main/nginx
parent	1f9b260e6e2499000192680f502e67085500fd66 (diff)
download	aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.bz2 aports-fde6b2fac7e3464ed6cd8a8f930e20dd453cc809.tar.xz