summaryrefslogtreecommitdiff
path: root/main/nginx
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2017-07-14 02:41:12 +0200
committerJakub Jirutka <jakub@jirutka.cz>2017-07-14 02:43:19 +0200
commit7f9206baefd98883bc751c47d7a92507a6113178 (patch)
tree5a1823a1f8a0f32136898a195e68f9cee5c33587 /main/nginx
parenta8736b1ef63631b4ba022004d7eb9012dfea6d24 (diff)
downloadaports-7f9206baefd98883bc751c47d7a92507a6113178.zip
main/nginx: update http-nchan module to 1.1.7
Diffstat (limited to 'main/nginx')
-rw-r--r--main/nginx/APKBUILD4
-rw-r--r--main/nginx/APKBUILD.new-module308
-rw-r--r--main/nginx/lua-nginx-module~fix-libressl.patch.bak946
3 files changed, 1256 insertions, 2 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index b3005a8ed9d..608dbd04634 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -90,7 +90,7 @@ _http_lua_provides="$pkgname-lua" # for backward compatibility
_add_module "http-lua-upstream" "v0.06" "https://github.com/openresty/lua-upstream-nginx-module"
_http_lua_upstream_depends="$pkgname-mod-http-lua"
-_add_module "http-nchan" "v1.1.4" "https://github.com/slact/nchan"
+_add_module "http-nchan" "v1.1.7" "https://github.com/slact/nchan"
_http_nchan_so="ngx_nchan_module.so"
_add_module "http-redis2" "v0.14" "https://github.com/openresty/redis2-nginx-module"
@@ -278,7 +278,7 @@ ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc57
e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 headers-more-nginx-module-0.32.tar.gz
ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a lua-nginx-module-0.10.8.tar.gz
eee427887b172cde32f42c5b2158fb1e05742b102b996e48e99941a9c1a33ec7d473a8835c1d06686c02afeb5d5dbe0fec8ff700a363d6330821f108196e85da lua-upstream-nginx-module-0.06.tar.gz
-458bddfb27b8aa8a99a6324a600620531b2c71f035c10304868a1acb523a288ee6f90746dbe43cd8c476ed55ad01649a225a5ea73eedf3a199387fe2049c529e nchan-1.1.4.tar.gz
+1e9b029912ef6e89dba8e3aed57d50848b52fbeb1077d965ca39aea14c2b34c11092ee53db47fb1df9e5adaf466f849c5a33cade881fddb420c1a036bc659d4b nchan-1.1.7.tar.gz
a22cfab85f5a15cf4b778749227caee559982dbe7711e1c5698456b3821943ec66b7a980ed56612b7f2ae70d22832123be24e50a402c659c6f3eb1d98d60b4cd redis2-nginx-module-0.14.tar.gz
c853b041cecc3521f888be3d0483c6cf23d239259ac4f5d35b10d4483b0fb06d1d22060adedcf6605b220d99f9051faf300d06989736d510b4486f943d3a675e set-misc-nginx-module-0.31.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
diff --git a/main/nginx/APKBUILD.new-module b/main/nginx/APKBUILD.new-module
new file mode 100644
index 00000000000..387fac1a23d
--- /dev/null
+++ b/main/nginx/APKBUILD.new-module
@@ -0,0 +1,308 @@
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: Jeff Bilyk <jbilyk@gmail.com>
+# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+
+pkgname=nginx
+pkgver=1.12.0
+pkgrel=0
+pkgdesc="HTTP and reverse proxy server (stable version)"
+url="http://www.nginx.org/en"
+arch="all"
+license="custom"
+
+# Revision of nginx-tests to use for check().
+_tests_hgrev=cdd44ff602db
+_tests_dir="$srcdir/nginx-tests-$_tests_hgrev"
+
+# Modules
+_devel_kit_name=ngx_devel_kit
+_devel_kit_ver=0.3.0
+_devel_kit_url="https://github.com/simpl/ngx_devel_kit"
+_devel_kit_dir="$srcdir/$_devel_kit_name-$_devel_kit_ver"
+_devel_kit_so="ndk_http_module.so"
+
+_http_echo_name=echo-nginx-module
+_http_echo_ver=0.60
+_http_echo_url="https://github.com/openresty/echo-nginx-module"
+_http_echo_dir="$srcdir/$_http_echo_name-$_http_echo_ver"
+
+_http_fancyindex_name=ngx-fancyindex
+_http_fancyindex_ver=0.4.1
+_http_fancyindex_url="https://github.com/aperezdc/ngx-fancyindex"
+_http_fancyindex_dir="$srcdir/$_http_fancyindex_name-$_http_fancyindex_ver"
+
+_http_headers_more_name=headers-more-nginx-module
+_http_headers_more_ver=0.32
+_http_headers_more_url="https://github.com/openresty/headers-more-nginx-module"
+_http_headers_more_dir="$srcdir/$_http_headers_more_name-$_http_headers_more_ver"
+_http_headers_more_so="ngx_http_headers_more_filter_module.so"
+
+_http_lua_name=lua-nginx-module
+_http_lua_ver=0.10.8
+_http_lua_url="https://github.com/openresty/lua-nginx-module"
+_http_lua_dir="$srcdir/$_http_lua_name-$_http_lua_ver"
+_http_lua_depends="$pkgname-mod-devel-kit"
+_http_lua_provides="$pkgname-lua" # for backward compatibility
+
+_http_nchan_name=nchan
+_http_nchan_ver=1.1.4
+_http_nchan_url="https://github.com/slact/nchan"
+_http_nchan_dir="$srcdir/$_http_nchan_name-$_http_nchan_ver"
+_http_nchan_so="ngx_nchan_module.so"
+
+_http_set_misc_name=set-misc-nginx-module
+_http_set_misc_ver=0.31
+_http_set_misc_url="https://github.com/openresty/set-misc-nginx-module"
+_http_set_misc_dir="$srcdir/$_http_set_misc_name-$_http_set_misc_ver"
+
+_http_upload_progress_name=nginx-upload-progress-module
+_http_upload_progress_ver=0.9.2
+_http_upload_progress_url="https://github.com/masterzen/nginx-upload-progress-module"
+_http_upload_progress_dir="$srcdir/$_http_upload_progress_name-$_http_upload_progress_ver"
+_http_upload_progress_so="ngx_http_uploadprogress_module.so"
+
+_rtmp_name=nginx-rtmp-module
+_rtmp_ver=1.1.11
+_rtmp_url="https://github.com/arut/nginx-rtmp-module"
+_rtmp_dir="$srcdir/$_rtmp_name-$_rtmp_ver"
+_rtmp_provides="$pkgname-rtmp" # for backward compatibility
+
+depends=""
+makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev
+ libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
+checkdepends="perl perl-fcgi perl-io-socket-ssl perl-net-ssleay
+ perl-protocol-websocket uwsgi-python"
+pkgusers="nginx"
+_grp_ngx="nginx"
+_grp_www="www-data"
+pkggroups="$_grp_ngx $_grp_www"
+install="$pkgname.pre-install $pkgname.post-upgrade"
+subpackages="$pkgname-doc $pkgname-vim::noarch"
+replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
+source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
+ $pkgname-tests-$_tests_hgrev.tar.gz::http://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
+ $_devel_kit_name-$_devel_kit_ver.tar.gz::$_devel_kit_url/archive/v$_devel_kit_ver.tar.gz
+ $_http_echo_name-$_http_echo_ver.tar.gz::$_http_echo_url/archive/v$_http_echo_ver.tar.gz
+ $_http_echo_name~fix-nginx-1.12.patch
+ $_http_fancyindex_name-$_http_fancyindex_ver.tar.gz::$_http_fancyindex_url/archive/v$_http_fancyindex_ver.tar.gz
+ $_http_headers_more_name-$_http_headers_more_ver.tar.gz::$_http_headers_more_url/archive/v$_http_headers_more_ver.tar.gz
+ $_http_lua_name-$_http_lua_ver.tar.gz::$_http_lua_url/archive/v$_http_lua_ver.tar.gz
+ $_http_lua_name~fix-nginx-1.12.patch
+ $_http_lua_name~fix-libressl.patch
+ $_http_nchan_name-$_http_nchan_ver.tar.gz::$_http_nchan_url/archive/v$_http_nchan_ver.tar.gz
+ $_http_set_misc_name-$_http_set_misc_ver.tar.gz::$_http_set_misc_url/archive/v$_http_set_misc_ver.tar.gz
+ $_http_upload_progress_name-$_http_upload_progress_ver.tar.gz::$_http_upload_progress_url/archive/v$_http_upload_progress_ver.tar.gz
+ $_rtmp_name-$_rtmp_ver.tar.gz::$_rtmp_url/archive/v$_rtmp_ver.tar.gz
+ nginx.conf
+ default.conf
+ $pkgname.logrotate
+ $pkgname.initd
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# luajit is not available for s390x and ppc64le
+case "$CARCH" in
+ ppc64le | s390x) makedepends="$makedepends lua5.1-dev";;
+ *) makedepends="$makedepends luajit-dev";;
+esac
+
+_modules_dir="usr/lib/$pkgname/modules"
+_modules="
+ http-geoip
+ http-image-filter
+ http-perl
+ http-xslt-filter
+ mail
+ stream
+ devel-kit
+ http-echo
+ http-fancyindex
+ http-headers-more
+ http-lua
+ http-nchan
+ http-set-misc
+ http-upload-progress
+ rtmp"
+for _m in $_modules; do
+ subpackages="$subpackages $pkgname-mod-$_m:_module"
+done
+
+
+prepare() {
+ local file; for file in $source; do
+ case $file in
+ *~*.patch)
+ msg $file
+ cd "$srcdir"/${file%%~*}-*
+ patch -p 1 -i "$srcdir/$file"
+ ;;
+ *.patch)
+ msg $file
+ cd "$builddir"
+ patch -p 1 -i "$srcdir/$file"
+ ;;
+ esac
+ done
+}
+
+build() {
+ cd "$builddir"
+
+ export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
+ export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
+ ./configure \
+ --prefix=/var/lib/$pkgname \
+ --sbin-path=/usr/sbin/$pkgname \
+ --modules-path=/$_modules_dir \
+ --conf-path=/etc/$pkgname/$pkgname.conf \
+ --pid-path=/run/$pkgname/$pkgname.pid \
+ --lock-path=/run/$pkgname/$pkgname.lock \
+ --http-client-body-temp-path=/var/lib/$pkgname/tmp/client_body \
+ --http-proxy-temp-path=/var/lib/$pkgname/tmp/proxy \
+ --http-fastcgi-temp-path=/var/lib/$pkgname/tmp/fastcgi \
+ --http-uwsgi-temp-path=/var/lib/$pkgname/tmp/uwsgi \
+ --http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \
+ --with-perl_modules_path=/usr/lib/perl5/vendor_perl \
+ \
+ --user=$pkgusers \
+ --group=$_grp_ngx \
+ --with-threads \
+ --with-file-aio \
+ --with-ipv6 \
+ \
+ --with-http_ssl_module \
+ --with-http_v2_module \
+ --with-http_realip_module \
+ --with-http_addition_module \
+ --with-http_xslt_module=dynamic \
+ --with-http_image_filter_module=dynamic \
+ --with-http_geoip_module=dynamic \
+ --with-http_sub_module \
+ --with-http_dav_module \
+ --with-http_flv_module \
+ --with-http_mp4_module \
+ --with-http_gunzip_module \
+ --with-http_gzip_static_module \
+ --with-http_auth_request_module \
+ --with-http_random_index_module \
+ --with-http_secure_link_module \
+ --with-http_slice_module \
+ --with-http_stub_status_module \
+ --with-http_perl_module=dynamic \
+ --with-http_realip_module \
+ --with-mail=dynamic \
+ --with-mail_ssl_module \
+ --with-stream=dynamic \
+ --with-stream_ssl_module \
+ \
+ --add-dynamic-module="$_devel_kit_dir" \
+ --add-dynamic-module="$_http_echo_dir" \
+ --add-dynamic-module="$_http_fancyindex_dir" \
+ --add-dynamic-module="$_http_headers_more_dir" \
+ --add-dynamic-module="$_http_lua_dir" \
+ --add-dynamic-module="$_http_nchan_dir" \
+ --add-dynamic-module="$_http_set_misc_dir" \
+ --add-dynamic-module="$_http_upload_progress_dir" \
+ --add-dynamic-module="$_rtmp_dir" \
+ || return 1
+
+ make || return 1
+}
+
+check() {
+ cd "$_tests_dir"
+
+ TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
+}
+
+package() {
+ cd "$builddir"
+
+ make DESTDIR="$pkgdir" install || return 1
+
+ # Disable some PaX protections; this is needed for Lua module.
+ local paxflags="-m"
+ [ "$CARCH" = "x86" ] && paxflags="-msp"
+ paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1
+
+ install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+ install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
+
+ install -Dm644 objs/$pkgname.8 \
+ "$pkgdir"/usr/share/man/man8/$pkgname.8 || return 1
+
+ cp -r "$_devel_kit_dir"/docs \
+ "$pkgdir"/usr/share/doc/$pkgname/$_devel_kit_name || return 1
+ cp -r "$_http_lua_dir"/doc \
+ "$pkgdir"/usr/share/doc/$pkgname/$_http_lua_name || return 1
+ cp -r "$_rtmp_dir"/doc \
+ "$pkgdir"/usr/share/doc/$pkgname/$_rtmp_name || return 1
+
+ cd "$pkgdir"
+
+ install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
+ install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
+ install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
+ install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
+
+ install -dm755 ./etc/$pkgname/modules
+ install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
+ install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
+ install -dm755 -g $_grp_www ./var/www/localhost/htdocs
+
+ install -dm755 ./var/log
+ mv ./var/lib/$pkgname/logs ./var/log/$pkgname || return 1
+
+ ln -sf /$_modules_dir ./var/lib/$pkgname/modules
+ ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
+ ln -sf /run/$pkgname ./var/lib/$pkgname/run
+
+ rm -rf ./run ./etc/$pkgname/*.default
+}
+
+vim() {
+ pkgdesc="$pkgdesc (vim syntax)"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/share/vim
+ cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
+}
+
+_module() {
+ local name="${subpkgname#$pkgname-mod-}"
+ name="${name//-/_}"
+ local soname="$(eval "echo \$_${name}_so")";
+ soname="${soname:-"ngx_${name}_module.so"}"
+
+ pkgdesc="$pkgdesc (module $name)"
+ depends="$pkgname $(eval "echo \$_${name}_depends")"
+ provides="$(eval "echo \$_${name}_provides")"
+
+ mkdir -p "$subpkgdir"/$_modules_dir
+ cd "$subpkgdir"
+
+ mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
+
+ mkdir -p "$subpkgdir"/etc/nginx/modules
+ echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
+}
+
+sha512sums="e2e930b61491d91090090d4716740895fc7812e8e266c427ac2b40c5a70493150e5c81e769c6b7563baf5f0e15b32fae8f2b11fd5699e468e1cc40706defb8ee nginx-1.12.0.tar.gz
+ca8be839aef71c537d6d3a79e2894f38790834d6310c6d15ad06900c7c2d7cf71a113847ab96ef9be0fbdfff3b7808e74dea427502b275cfd6c909550f9ba9ab nginx-tests-cdd44ff602db.tar.gz
+558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3.0.tar.gz
+c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c echo-nginx-module-0.60.tar.gz
+401f57ed73941619cdd41061bd92fffc00730e34cc647ea3c9345225723e9c7ebd72d9d15a703cffd93b0a99d458a05fe5efa7373ae24f41b35279285b5ca0fa echo-nginx-module~fix-nginx-1.12.patch
+ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 ngx-fancyindex-0.4.1.tar.gz
+e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 headers-more-nginx-module-0.32.tar.gz
+ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a lua-nginx-module-0.10.8.tar.gz
+04f7d75ce15eba99be99a76d266903c17e48742ab4bf237b988bf84f00cdbf6510c3d4eee88a24620e56dc426220192df39f4736af157fdc4e4c50b4f1d794f2 lua-nginx-module~fix-nginx-1.12.patch
+fd8bce0e7d69552267b8e405b07fc9323e25e06cceb8912a2d143952447a4299756e6a9a8a40f4eabe8b00fed475fd87ee4a982f5ad7449d59783e872c682451 lua-nginx-module~fix-libressl.patch
+458bddfb27b8aa8a99a6324a600620531b2c71f035c10304868a1acb523a288ee6f90746dbe43cd8c476ed55ad01649a225a5ea73eedf3a199387fe2049c529e nchan-1.1.4.tar.gz
+c853b041cecc3521f888be3d0483c6cf23d239259ac4f5d35b10d4483b0fb06d1d22060adedcf6605b220d99f9051faf300d06989736d510b4486f943d3a675e set-misc-nginx-module-0.31.tar.gz
+c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
+e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 nginx-rtmp-module-1.1.11.tar.gz
+ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
+0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
+09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
+1ea032cf88021ec8aa1401d284ea738364511cdb9f8c01670deb8e59aae570f5bbe17f0cbab73c0e08d6b342a621b6a9c014832168ed41f6028ecfa4211b60cf nginx.initd"
diff --git a/main/nginx/lua-nginx-module~fix-libressl.patch.bak b/main/nginx/lua-nginx-module~fix-libressl.patch.bak
new file mode 100644
index 00000000000..9d19eab0e4d
--- /dev/null
+++ b/main/nginx/lua-nginx-module~fix-libressl.patch.bak
@@ -0,0 +1,946 @@
+From 7a7cb2b3b745eadb0c2d3d7ee5789931f1731209 Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@ghedini.me>
+Date: Tue, 13 Sep 2016 22:31:32 +0100
+Subject: [PATCH 1/6] bugfix: ssl: don't use SSLv3 in tests
+
+OpenSSL 1.1.0 disables SSLv3 by default. In order to disable SSL session
+tickets set ssl_session_tickets to off instead.
+---
+ t/142-ssl-session-store.t | 24 +++++++++++-------------
+ t/143-ssl-session-fetch.t | 26 +++++++++++++-------------
+ 2 files changed, 24 insertions(+), 26 deletions(-)
+
+diff --git a/t/142-ssl-session-store.t b/t/142-ssl-session-store.t
+index 5c9fad3..b595519 100644
+--- a/t/142-ssl-session-store.t
++++ b/t/142-ssl-session-store.t
+@@ -32,7 +32,7 @@ __DATA__
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -102,7 +102,7 @@ ssl_session_store_by_lua_block:1: ssl session store by lua is running!
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -177,7 +177,7 @@ API disabled in the context of ssl_session_store_by_lua*
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -267,9 +267,9 @@ my timer run!
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -335,9 +335,9 @@ API disabled in the context of ssl_session_store_by_lua*
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -407,9 +407,9 @@ ngx.exit does not yield and the error code is eaten.
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -480,9 +480,9 @@ ssl_session_store_by_lua*: handler return value: 0, sess new cb exit code: 0
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -548,9 +548,9 @@ should never reached here
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -621,7 +621,7 @@ get_phase: ssl_session_store
+ }
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -690,7 +690,7 @@ qr/elapsed in ssl cert by lua: 0.(?:09|1[01])\d+,/,
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -760,7 +760,6 @@ a.lua:1: ssl store session by lua is running!
+ ssl_session_store_by_lua_block {
+ print("handler in test.com")
+ }
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+
+@@ -770,7 +769,6 @@ a.lua:1: ssl store session by lua is running!
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+
+@@ -836,7 +834,7 @@ qr/\[emerg\] .*? "ssl_session_store_by_lua_block" directive is not allowed here
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t
+index bd800ff..54f7a4a 100644
+--- a/t/143-ssl-session-fetch.t
++++ b/t/143-ssl-session-fetch.t
+@@ -33,7 +33,7 @@ __DATA__
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -114,7 +114,7 @@ qr/ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!/s
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -198,7 +198,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/,
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -297,9 +297,9 @@ qr/my timer run!/s
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -377,9 +377,9 @@ qr/received memc reply: OK/s
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -458,9 +458,9 @@ should never reached here
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -540,9 +540,9 @@ should never reached here
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -621,9 +621,9 @@ should never reached here
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -704,9 +704,9 @@ should never reached here
+ server {
+ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+ server_name test.com;
+- ssl_protocols SSLv3;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -787,7 +787,7 @@ should never reached here
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -872,7 +872,7 @@ qr/get_phase: ssl_session_fetch/s
+ }
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -956,7 +956,7 @@ ssl store session by lua is running!
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+@@ -1036,7 +1036,7 @@ qr/\S+:\d+: ssl fetch sess by lua is running!/s
+ server_name test.com;
+ ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
+ ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key;
+- ssl_protocols SSLv3;
++ ssl_session_tickets off;
+
+ server_tokens off;
+ }
+
+From daeb42cb9463d7a25d4d64a2588721cb377fb75b Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@cloudflare.com>
+Date: Thu, 12 May 2016 13:12:23 +0100
+Subject: [PATCH 2/6] bugfix: ssl: do not access SSL_SESSION struct directly
+
+In OpenSSL 1.1.0 it was made opaque.
+---
+ src/ngx_http_lua_socket_tcp.c | 15 ++---
+ t/129-ssl-socket.t | 152 +++++++++++++++++++++---------------------
+ 2 files changed, 82 insertions(+), 85 deletions(-)
+
+diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c
+index 6db6e2d..18352bf 100644
+--- a/src/ngx_http_lua_socket_tcp.c
++++ b/src/ngx_http_lua_socket_tcp.c
+@@ -1311,9 +1311,8 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L)
+ return 2;
+ }
+
+- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
+- "lua ssl set session: %p:%d",
+- *psession, (*psession)->references);
++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
++ "lua ssl set session: %p", *psession);
+ }
+ }
+
+@@ -1577,9 +1576,8 @@ ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r,
+ } else {
+ *ud = ssl_session;
+
+- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
+- "lua ssl save session: %p:%d", ssl_session,
+- ssl_session->references);
++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
++ "lua ssl save session: %p", ssl_session);
+
+ /* set up the __gc metamethod */
+ lua_pushlightuserdata(L, &ngx_http_lua_ssl_session_metatable_key);
+@@ -5356,9 +5354,8 @@ ngx_http_lua_ssl_free_session(lua_State *L)
+
+ psession = lua_touserdata(L, 1);
+ if (psession && *psession != NULL) {
+- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
+- "lua ssl free session: %p:%d", *psession,
+- (*psession)->references);
++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
++ "lua ssl free session: %p", *psession);
+
+ ngx_ssl_free_session(*psession);
+ }
+diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
+index cc14594..e7e6a98 100644
+--- a/t/129-ssl-socket.t
++++ b/t/129-ssl-socket.t
+@@ -108,10 +108,10 @@ sent http request: 59 bytes.
+ received: HTTP/1.1 (?:200 OK|302 Found)
+ close: 1 nil
+ \z
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- no_error_log
+ lua ssl server name:
+@@ -185,10 +185,10 @@ received: HTTP/1.1 401 Unauthorized
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- no_error_log
+ lua ssl server name:
+@@ -262,10 +262,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -349,13 +349,13 @@ sent http request: 59 bytes.
+ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl set session: \1:2
+-lua ssl save session: \1:3
+-lua ssl free session: \1:2
+-lua ssl free session: \1:1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl set session: \1
++lua ssl save session: \1
++lua ssl free session: \1
++lua ssl free session: \1
+ $/
+
+ --- error_log
+@@ -437,7 +437,7 @@ failed to do SSL handshake: certificate host mismatch
+ failed to send http request: closed
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "blah.agentzh.org"
+@@ -517,7 +517,7 @@ failed to do SSL handshake: certificate host mismatch
+ failed to send http request: closed
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "blah.agentzh.org"
+@@ -592,10 +592,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+
+ --- error_log
+@@ -677,10 +677,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]++/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+
+ --- error_log
+@@ -759,7 +759,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate
+ failed to send http request: closed
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -838,7 +838,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate
+ failed to send http request: closed
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -928,10 +928,10 @@ sent http request: 59 bytes.
+ received: HTTP/1.1 (?:200 OK|302 Found)
+ close: 1 nil
+ \z
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "www.google.com"
+@@ -1018,7 +1018,7 @@ GET /t
+ connected: 1
+ failed to do SSL handshake: 20: unable to get local issuer certificate
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "www.google.com"
+@@ -1100,10 +1100,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+
+ --- error_log
+@@ -1179,10 +1179,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -1259,10 +1259,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -1339,10 +1339,10 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -1417,7 +1417,7 @@ failed to do SSL handshake: handshake failed
+ failed to send http request: closed
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log eval
+ [
+@@ -1493,10 +1493,10 @@ ssl handshake: userdata
+ set keepalive: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: \1:2
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: \1
+ $/
+
+ --- error_log
+@@ -1569,14 +1569,14 @@ ssl handshake: userdata
+ set keepalive: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl save session: \1:3
+-lua ssl save session: \1:4
+-lua ssl free session: \1:4
+-lua ssl free session: \1:3
+-lua ssl free session: \1:2
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl save session: \1
++lua ssl save session: \1
++lua ssl free session: \1
++lua ssl free session: \1
++lua ssl free session: \1
+ $/
+
+ --- error_log
+@@ -1620,7 +1620,7 @@ hello world
+ --- response_body_like: 500 Internal Server Error
+ --- error_code: 500
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ attempt to call method 'sslhandshake' (a nil value)
+@@ -1719,10 +1719,10 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- no_error_log
+ lua ssl server name:
+@@ -1824,10 +1824,10 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "test.com"
+@@ -1917,7 +1917,7 @@ failed to do SSL handshake: handshake failed
+ ">>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log eval
+ qr/SSL_do_handshake\(\) failed .*?unknown protocol/
+@@ -2016,7 +2016,7 @@ $::TestCertificate
+ >>> test.crl
+ $::TestCRL"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "test.com"
+@@ -2095,12 +2095,12 @@ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl save session: ([0-9A-F]+):3
+-lua ssl free session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -2154,7 +2154,7 @@ connected: 1
+ failed to do SSL handshake: timeout
+
+ --- log_level: debug
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+@@ -2226,7 +2226,7 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- no_error_log
+ lua ssl server name:
+@@ -2297,10 +2297,10 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- no_error_log
+ lua ssl server name:
+@@ -2377,7 +2377,7 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- no_error_log
+ lua ssl server name:
+@@ -2479,10 +2479,10 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out eval
+-qr/^lua ssl save session: ([0-9A-F]+):2
+-lua ssl free session: ([0-9A-F]+):1
++qr/^lua ssl save session: ([0-9A-F]+)
++lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ --- no_error_log
+@@ -2575,7 +2575,7 @@ $::TestCertificateKey
+ >>> test.crt
+ $::TestCertificate"
+
+---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/
++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/
+ --- grep_error_log_out
+ --- error_log
+ lua ssl certificate verify error: (18: self signed certificate)
+
+From 7206c8f6fe10136e458d4b3c7ae2b696bd4c8983 Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@cloudflare.com>
+Date: Thu, 12 May 2016 13:17:52 +0100
+Subject: [PATCH 3/6] bugfix: ssl: do not set tlsext_status_expected flag
+
+In OpenSSL 1.1.0 the SSL struct was made opaque, and setting this
+flag manually is not required anyway since OpenSSL already does that
+automatically when ngx_http_lua_ssl_empty_status_callback() returns
+"OK" (which is always), and an OCSP response has been set.
+---
+ src/ngx_http_lua_ssl_ocsp.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c
+index 3904aa8..31b4f24 100644
+--- a/src/ngx_http_lua_ssl_ocsp.c
++++ b/src/ngx_http_lua_ssl_ocsp.c
+@@ -490,7 +490,6 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
+
+ dd("set ocsp resp: resp_len=%d", (int) resp_len);
+ (void) SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, resp_len);
+- ssl_conn->tlsext_status_expected = 1;
+
+ return NGX_OK;
+
+
+From 96f39afab912c06fc76f2b18a70130ab41b00f12 Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@cloudflare.com>
+Date: Fri, 10 Jun 2016 13:23:21 +0100
+Subject: [PATCH 4/6] bugfix: ssl: do not access SSL struct directly for
+ tlsext_status_type
+
+In OpenSSL 1.1.0 it was made opaque, and a getter function was added.
+---
+ src/ngx_http_lua_ssl_ocsp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c
+index 31b4f24..9ec8b50 100644
+--- a/src/ngx_http_lua_ssl_ocsp.c
++++ b/src/ngx_http_lua_ssl_ocsp.c
+@@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r,
+ return NGX_ERROR;
+ }
+
++#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE
++ if (SSL_get_tlsext_status_type(ssl_conn) == -1) {
++#else
+ if (ssl_conn->tlsext_status_type == -1) {
++#endif
+ dd("no ocsp status req from client");
+ return NGX_DECLINED;
+ }
+
+From 26d6bbefb78cc72d14961a8166ffc3cb67611b6f Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@ghedini.me>
+Date: Tue, 13 Sep 2016 22:19:10 +0100
+Subject: [PATCH 5/6] bugfix: ssl: make SSL session callback build with OpenSSL
+ 1.1.0
+
+---
+ src/ngx_http_lua_ssl_session_fetchby.c | 9 ++++++---
+ src/ngx_http_lua_ssl_session_fetchby.h | 6 +++++-
+ src/ngx_http_lua_ssl_session_storeby.c | 8 ++++++--
+ 3 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/ngx_http_lua_ssl_session_fetchby.c b/src/ngx_http_lua_ssl_session_fetchby.c
+index 4c450b5..6212c60 100644
+--- a/src/ngx_http_lua_ssl_session_fetchby.c
++++ b/src/ngx_http_lua_ssl_session_fetchby.c
+@@ -171,8 +171,11 @@ ngx_http_lua_ssl_sess_fetch_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
+
+ /* cached session fetching callback to be set with SSL_CTX_sess_set_get_cb */
+ ngx_ssl_session_t *
+-ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id,
+- int len, int *copy)
++ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn,
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++ const
++#endif
++ u_char *id, int len, int *copy)
+ {
+ lua_State *L;
+ ngx_int_t rc;
+@@ -284,7 +287,7 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id,
+ cctx->exit_code = 1; /* successful by default */
+ cctx->connection = c;
+ cctx->request = r;
+- cctx->session_id.data = id;
++ cctx->session_id.data = (u_char *) id;
+ cctx->session_id.len = len;
+ cctx->entered_sess_fetch_handler = 1;
+ cctx->done = 0;
+diff --git a/src/ngx_http_lua_ssl_session_fetchby.h b/src/ngx_http_lua_ssl_session_fetchby.h
+index 5a6f96f..50c6616 100644
+--- a/src/ngx_http_lua_ssl_session_fetchby.h
++++ b/src/ngx_http_lua_ssl_session_fetchby.h
+@@ -25,7 +25,11 @@ char *ngx_http_lua_ssl_sess_fetch_by_lua_block(ngx_conf_t *cf,
+ ngx_command_t *cmd, void *conf);
+
+ ngx_ssl_session_t *ngx_http_lua_ssl_sess_fetch_handler(
+- ngx_ssl_conn_t *ssl_conn, u_char *id, int len, int *copy);
++ ngx_ssl_conn_t *ssl_conn,
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++ const
++#endif
++ u_char *id, int len, int *copy);
+ #endif
+
+
+diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c
+index b5596bc..85dbece 100644
+--- a/src/ngx_http_lua_ssl_session_storeby.c
++++ b/src/ngx_http_lua_ssl_session_storeby.c
+@@ -172,6 +172,8 @@ int
+ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn,
+ ngx_ssl_session_t *sess)
+ {
++ const u_char *sess_id;
++ unsigned int sess_id_len;
+ lua_State *L;
+ ngx_int_t rc;
+ ngx_connection_t *c, *fc = NULL;
+@@ -246,11 +248,13 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn,
+ }
+ }
+
++ sess_id = SSL_SESSION_get_id(sess, &sess_id_len);
++
+ cctx->connection = c;
+ cctx->request = r;
+ cctx->session = sess;
+- cctx->session_id.data = sess->session_id;
+- cctx->session_id.len = sess->session_id_length;
++ cctx->session_id.data = (u_char *) sess_id;
++ cctx->session_id.len = sess_id_len;
+ cctx->done = 0;
+
+ dd("setting cctx");
+
+From ac7dc8f7fdc391301db5c8e35a7113b86d492b56 Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@ghedini.me>
+Date: Mon, 28 Nov 2016 21:01:00 +0000
+Subject: [PATCH 6/6] bugfix: ssl: don't use RC4 in tests
+
+RC4 ciphers are deprecated and disabled by default in OpenSSL 1.1.0.
+---
+ t/129-ssl-socket.t | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t
+index e7e6a98..ebb6555 100644
+--- a/t/129-ssl-socket.t
++++ b/t/129-ssl-socket.t
+@@ -1129,7 +1129,7 @@ SSL reused session
+ sock:settimeout(2000)
+
+ do
+- local ok, err = sock:connect("iscribblet.org", 443)
++ local ok, err = sock:connect("openresty.org", 443)
+ if not ok then
+ ngx.say("failed to connect: ", err)
+ return
+@@ -1137,7 +1137,7 @@ SSL reused session
+
+ ngx.say("connected: ", ok)
+
+- local session, err = sock:sslhandshake(nil, "iscribblet.org")
++ local session, err = sock:sslhandshake(nil, "openresty.org")
+ if not session then
+ ngx.say("failed to do SSL handshake: ", err)
+ return
+@@ -1145,7 +1145,7 @@ SSL reused session
+
+ ngx.say("ssl handshake: ", type(session))
+
+- local req = "GET / HTTP/1.1\\r\\nHost: iscribblet.org\\r\\nConnection: close\\r\\n\\r\\n"
++ local req = "GET /en/ HTTP/1.1\\r\\nHost: openresty.org\\r\\nConnection: close\\r\\n\\r\\n"
+ local bytes, err = sock:send(req)
+ if not bytes then
+ ngx.say("failed to send http request: ", err)
+@@ -1174,7 +1174,7 @@ GET /t
+ --- response_body
+ connected: 1
+ ssl handshake: userdata
+-sent http request: 59 bytes.
++sent http request: 61 bytes.
+ received: HTTP/1.1 200 OK
+ close: 1 nil
+
+@@ -1185,8 +1185,8 @@ qr/^lua ssl save session: ([0-9A-F]+)
+ lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+-lua ssl server name: "iscribblet.org"
+-SSL: TLSv1.2, cipher: "ECDHE-RSA-RC4-SHA SSLv3
++lua ssl server name: "openresty.org"
++SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256
+ --- no_error_log
+ SSL reused session
+ [error]
+@@ -1199,7 +1199,7 @@ SSL reused session
+ --- config
+ server_tokens off;
+ resolver $TEST_NGINX_RESOLVER ipv6=off;
+- lua_ssl_ciphers RC4-SHA;
++ lua_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;
+ location /t {
+ #set $port 5000;
+ set $port $TEST_NGINX_MEMCACHED_PORT;
+@@ -1266,7 +1266,7 @@ lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+-SSL: TLSv1.2, cipher: "RC4-SHA SSLv3
++SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256
+ --- no_error_log
+ SSL reused session
+ [error]
+@@ -1346,7 +1346,7 @@ lua ssl free session: ([0-9A-F]+)
+ $/
+ --- error_log
+ lua ssl server name: "iscribblet.org"
+-SSL: TLSv1, cipher: "ECDHE-RSA-RC4-SHA SSLv3
++SSL: TLSv1
+ --- no_error_log
+ SSL reused session
+ [error]
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-13 23:43:52 +0000