From 08e9e5078236f86343406ba19a621eea36beb65a Mon Sep 17 00:00:00 2001 From: Thibault Charbonnier Date: Tue, 2 Jul 2019 11:55:50 -0700 Subject: [PATCH] Revert "feature: updated the NGINX patches for async SSL session fetching to support OpenSSL 1.1.1." This reverts commit 9e834398de906bea23c8668bd8d78c36c453224a. Support for OpenSSL 1.1.1 will come with the 1.17.1 series of NGINX patches. Since no other 1.15.8.* releases are planned, we are reverting the state of the 1.15.8 patches to that of the 1.15.8.1 release. --- ...=> nginx-1.15.8-ssl_pending_session.patch} | 20 +------------------ util/mirror-tarballs | 13 +++--------- 2 files changed, 4 insertions(+), 29 deletions(-) rename patches/{nginx-1.15.8-ssl_sess_cb_yield.patch => nginx-1.15.8-ssl_pending_session.patch} (50%) diff --git a/patches/nginx-1.15.8-ssl_sess_cb_yield.patch b/patches/nginx-1.15.8-ssl_pending_session.patch similarity index 50% rename from patches/nginx-1.15.8-ssl_sess_cb_yield.patch rename to patches/nginx-1.15.8-ssl_pending_session.patch index e62f451..10122f8 100644 --- a/patches/nginx-1.15.8-ssl_sess_cb_yield.patch +++ b/patches/nginx-1.15.8-ssl_pending_session.patch @@ -1,6 +1,6 @@ --- nginx-1.15.8/src/event/ngx_event_openssl.c 2016-07-17 19:20:30.411137606 -0700 +++ nginx-1.15.8-patched/src/event/ngx_event_openssl.c 2016-07-19 16:53:35.539768477 -0700 -@@ -1581,7 +1581,15 @@ ngx_ssl_try_early_data(ngx_connection_t *c) +@@ -1307,7 +1307,12 @@ ngx_ssl_handshake(ngx_connection_t *c) } #if OPENSSL_VERSION_NUMBER >= 0x10002000L @@ -8,27 +8,9 @@ + if (sslerr == SSL_ERROR_WANT_X509_LOOKUP +# ifdef SSL_ERROR_PENDING_SESSION + || sslerr == SSL_ERROR_PENDING_SESSION -+ -+# elif defined(SSL_ERROR_WANT_CLIENT_HELLO_CB) -+ || sslerr == SSL_ERROR_WANT_CLIENT_HELLO_CB +# endif + ) + { c->read->handler = ngx_ssl_handshake_handler; c->write->handler = ngx_ssl_handshake_handler; -diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h ---- a/src/event/ngx_event_openssl.h -+++ b/src/event/ngx_event_openssl.h -@@ -64,6 +64,11 @@ - #endif - - -+#ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB -+#define HAVE_SSL_CLIENT_HELLO_CB_SUPPORT 1 -+#endif -+ -+ - struct ngx_ssl_s { - SSL_CTX *ctx; - ngx_log_t *log; diff --git a/util/mirror-tarballs b/util/mirror-tarballs index 9294fe0..442c7af 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -414,16 +414,9 @@ echo "$info_txt applying the ssl_cert_cb_yield.patch patch to nginx" patch -p1 < $root/patches/nginx-$main_ver-ssl_cert_cb_yield.patch echo -answer=`$root/util/ver-ge "$main_ver" 1.15.8` -if [ "$answer" = "N" ]; then - echo "$info_txt applying the ssl_pending_session.patch patch to nginx" - patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch - echo -else - echo "$info_txt applying the ssl_sess_cb_yield.patch patch to nginx" - patch -p1 < $root/patches/nginx-$main_ver-ssl_sess_cb_yield.patch - echo -fi +echo "$info_txt applying the ssl_pending_session.patch patch to nginx" +patch -p1 < $root/patches/nginx-$main_ver-ssl_pending_session.patch +echo echo "$info_txt applying the upstream_timeout_fields patch for nginx" patch -p1 < $root/patches/nginx-$main_ver-upstream_timeout_fields.patch || exit 1