Merge pull request #23 from essentialkaos/develop

Version 1.11.5
essentialkaos · Oct 14, 2016 · f2f80ab · f2f80ab
2 parents 5c9811a + c14983a
commit f2f80ab
Show file tree

Hide file tree

Showing 7 changed files with 333 additions and 180 deletions.
diff --git a/SOURCES/boring.patch b/SOURCES/boring.patch
@@ -0,0 +1,35 @@
+diff -ur nginx-1.11.5/src/event/ngx_event_openssl.c nginx-1.11.5-patched/src/event/ngx_event_openssl.c
+--- nginx-1.11.5/src/event/ngx_event_openssl.c	2016-09-13 16:39:24.000000000 +0100
++++ nginx-1.11.5-patched/src/event/ngx_event_openssl.c	2016-09-17 17:33:34.705709306 +0100
+@@ -2016,7 +2016,9 @@
+
+             /* handshake failures */
+         if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */
++#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG
+             || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  /*  129 */
++#endif
+             || n == SSL_R_DIGEST_CHECK_FAILED                        /*  149 */
+             || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              /*  151 */
+             || n == SSL_R_EXCESSIVE_MESSAGE_SIZE                     /*  152 */
+@@ -2024,7 +2026,9 @@
+ #ifdef SSL_R_NO_CIPHERS_PASSED
+             || n == SSL_R_NO_CIPHERS_PASSED                          /*  182 */
+ #endif
++#ifdef SSL_R_NO_CIPHERS_SPECIFIED
+             || n == SSL_R_NO_CIPHERS_SPECIFIED                       /*  183 */
++#endif
+             || n == SSL_R_NO_COMPRESSION_SPECIFIED                   /*  187 */
+             || n == SSL_R_NO_SHARED_CIPHER                           /*  193 */
+             || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
+diff -ur nginx-1.11.5/src/http/ngx_http_upstream.c nginx-1.11.5-patched/src/http/ngx_http_upstream.c
+--- nginx-1.11.5/src/http/ngx_http_upstream.c	2016-09-13 16:39:25.000000000 +0100
++++ nginx-1.11.5-patched/src/http/ngx_http_upstream.c	2016-09-17 17:34:15.882031550 +0100
+@@ -1694,7 +1694,7 @@
+     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                    "upstream SSL server name: \"%s\"", name.data);
+
+-    if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
++    if (SSL_set_tlsext_host_name(c->ssl->connection, (const char*) name.data) == 0) {
+         ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
+                       "SSL_set_tlsext_host_name(\"%s\") failed", name.data);
+         return NGX_ERROR;
diff --git a/SOURCES/webkaos-dynamic-tls-records.patch b/SOURCES/webkaos-dynamic-tls-records.patch
@@ -1,8 +1,3 @@
-From a424fefb0a638eb6d32756b5a0c471efc63e5384 Mon Sep 17 00:00:00 2001
-From: Vlad Krasnov
-Date: Sat, 9 Jan 2016 06:53:14 -0800
-Subject: [PATCH] - Add TLS Dynamic Record Resizing
-
 What we do now:
 We use a static record size of 4K. This gives a good balance of latency and
 throughput.
@@ -27,26 +22,17 @@ In case the connection idles for a given amount of time (1s,
 ssl_dyn_rec_timeout), the process repeats itself (i.e. begin sending small
 records again).
 
----
- src/event/ngx_event_openssl.c          | 39 +++++++++++++++++
- src/event/ngx_event_openssl.h          | 15 ++++++-
- src/http/modules/ngx_http_ssl_module.c | 76 ++++++++++++++++++++++++++++++++++
- src/http/modules/ngx_http_ssl_module.h |  6 +++
- 4 files changed, 135 insertions(+), 1 deletion(-)
-
-diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 57dfc6c..4a0d41a 100644
 --- a/src/event/ngx_event_openssl.c
 +++ b/src/event/ngx_event_openssl.c
-@@ -1037,6 +1037,7 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
+@@ -1131,6 +1131,7 @@
 
      sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
      sc->buffer_size = ssl->buffer_size;
 +    sc->dyn_rec = ssl->dyn_rec;
 
      sc->session_ctx = ssl->ctx;
 
-@@ -1575,6 +1576,41 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
+@@ -1669,6 +1670,41 @@
 
      for ( ;; ) {
 
@@ -88,7 +74,7 @@ index 57dfc6c..4a0d41a 100644
          while (in && buf->last < buf->end && send < limit) {
              if (in->buf->last_buf || in->buf->flush) {
                  flush = 1;
-@@ -1676,6 +1712,9 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
+@@ -1770,6 +1806,9 @@
 
      if (n > 0) {
 
@@ -98,41 +84,40 @@ index 57dfc6c..4a0d41a 100644
          if (c->ssl->saved_read_handler) {
 
              c->read->handler = c->ssl->saved_read_handler;
-diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
-index c86be2a..4a45934 100644
 --- a/src/event/ngx_event_openssl.h
 +++ b/src/event/ngx_event_openssl.h
-@@ -38,9 +38,18 @@
+@@ -54,10 +54,19 @@
+ #define ngx_ssl_conn_t          SSL
 
 
- typedef struct {
++typedef struct {
 +    ngx_msec_t                  timeout;
 +    ngx_uint_t                  threshold;
 +    size_t                      size_lo;
 +    size_t                      size_hi;
 +} ngx_ssl_dyn_rec_t;
 +
 +
-+typedef struct {
+ struct ngx_ssl_s {
      SSL_CTX                    *ctx;
      ngx_log_t                  *log;
      size_t                      buffer_size;
 +    ngx_ssl_dyn_rec_t           dyn_rec;
- } ngx_ssl_t;
+ };
 
 
-@@ -63,6 +72,10 @@ typedef struct {
+@@ -80,6 +89,10 @@
      unsigned                    no_wait_shutdown:1;
      unsigned                    no_send_shutdown:1;
      unsigned                    handshake_buffer_set:1;
 +
 +    ngx_ssl_dyn_rec_t           dyn_rec;
 +    ngx_msec_t                  dyn_rec_last_write;
 +    ngx_uint_t                  dyn_rec_records_sent;
- } ngx_ssl_connection_t;
+ };
 
 
-@@ -72,7 +85,7 @@ typedef struct {
+@@ -89,7 +102,7 @@
  #define NGX_SSL_DFLT_BUILTIN_SCACHE  -5
 
 
@@ -141,11 +126,9 @@ index c86be2a..4a45934 100644
 
  typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;
 
-diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
-index 7b051ea..e2941af 100644
 --- a/src/http/modules/ngx_http_ssl_module.c
 +++ b/src/http/modules/ngx_http_ssl_module.c
-@@ -233,6 +233,41 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
+@@ -233,6 +233,41 @@
        offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
        NULL },
 
@@ -187,7 +170,7 @@ index 7b051ea..e2941af 100644
        ngx_null_command
  };
 
-@@ -532,6 +567,11 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
+@@ -533,6 +568,11 @@
      sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
      sscf->stapling = NGX_CONF_UNSET;
      sscf->stapling_verify = NGX_CONF_UNSET;
@@ -199,7 +182,7 @@ index 7b051ea..e2941af 100644
 
      return sscf;
  }
-@@ -596,6 +636,20 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+@@ -598,6 +638,20 @@
      ngx_conf_merge_str_value(conf->stapling_responder,
                           prev->stapling_responder, "");
 
@@ -220,7 +203,7 @@ index 7b051ea..e2941af 100644
      conf->ssl.log = cf->log;
 
      if (conf->enable) {
-@@ -773,6 +827,28 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+@@ -778,6 +832,28 @@
 
      }
 
@@ -249,11 +232,9 @@ index 7b051ea..e2941af 100644
      return NGX_CONF_OK;
  }
 
-diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
-index 8e69e9e..05967d4 100644
 --- a/src/http/modules/ngx_http_ssl_module.h
 +++ b/src/http/modules/ngx_http_ssl_module.h
-@@ -56,6 +56,12 @@ typedef struct {
+@@ -57,6 +57,12 @@
 
      u_char                         *file;
      ngx_uint_t                      line;
@@ -266,6 +247,3 @@ index 8e69e9e..05967d4 100644
  } ngx_http_ssl_srv_conf_t;
 
 
--- 
-2.7.4 (Apple Git-66)
-
diff --git a/SOURCES/webkaos.patch b/SOURCES/webkaos.patch
@@ -1,6 +1,6 @@
-diff -urN nginx-1.11.4-orig/auto/lib/openssl/make nginx-1.11.4/auto/lib/openssl/make
---- nginx-1.11.4-orig/auto/lib/openssl/make	2016-09-24 18:38:32.876164921 -0400
-+++ nginx-1.11.4/auto/lib/openssl/make	2016-09-24 18:45:56.153104377 -0400
+diff -urN nginx-1.11.5-orig/auto/lib/openssl/make nginx-1.11.5/auto/lib/openssl/make
+--- nginx-1.11.5-orig/auto/lib/openssl/make	2016-10-13 19:43:12.433021795 -0400
++++ nginx-1.11.5/auto/lib/openssl/make	2016-10-13 19:45:29.774029162 -0400
 @@ -45,18 +45,18 @@
              /*) ngx_prefix="$OPENSSL/.openssl" ;;
              *)  ngx_prefix="$PWD/$OPENSSL/.openssl" ;;
@@ -24,9 +24,9 @@ diff -urN nginx-1.11.4-orig/auto/lib/openssl/make nginx-1.11.4/auto/lib/openssl/
      ;;
 
  esac
-diff -urN nginx-1.11.4-orig/src/core/nginx.c nginx-1.11.4/src/core/nginx.c
---- nginx-1.11.4-orig/src/core/nginx.c	2016-09-24 18:38:32.912168205 -0400
-+++ nginx-1.11.4/src/core/nginx.c	2016-09-24 18:46:01.468094372 -0400
+diff -urN nginx-1.11.5-orig/src/core/nginx.c nginx-1.11.5/src/core/nginx.c
+--- nginx-1.11.5-orig/src/core/nginx.c	2016-10-13 19:43:12.479022089 -0400
++++ nginx-1.11.5/src/core/nginx.c	2016-10-13 19:45:29.789027430 -0400
 @@ -378,9 +378,9 @@
 
      if (ngx_show_help) {
@@ -40,13 +40,13 @@ diff -urN nginx-1.11.4-orig/src/core/nginx.c nginx-1.11.4/src/core/nginx.c
              "Options:" NGX_LINEFEED
              "  -?,-h         : this help" NGX_LINEFEED
              "  -v            : show version and exit" NGX_LINEFEED
-diff -urN nginx-1.11.4-orig/src/core/nginx.h nginx-1.11.4/src/core/nginx.h
---- nginx-1.11.4-orig/src/core/nginx.h	2016-09-24 18:38:32.915168521 -0400
-+++ nginx-1.11.4/src/core/nginx.h	2016-09-24 18:47:13.000000000 -0400
+diff -urN nginx-1.11.5-orig/src/core/nginx.h nginx-1.11.5/src/core/nginx.h
+--- nginx-1.11.5-orig/src/core/nginx.h	2016-10-13 19:43:12.482022088 -0400
++++ nginx-1.11.5/src/core/nginx.h	2016-10-13 20:15:46.000000000 -0400
 @@ -11,7 +11,7 @@
 
- #define nginx_version      1011004
- #define NGINX_VERSION      "1.11.4"
+ #define nginx_version      1011005
+ #define NGINX_VERSION      "1.11.5"
 -#define NGINX_VER          "nginx/" NGINX_VERSION
 +#define NGINX_VER          "webkaos/" NGINX_VERSION
 
@@ -61,9 +61,9 @@ diff -urN nginx-1.11.4-orig/src/core/nginx.h nginx-1.11.4/src/core/nginx.h
  #define NGX_OLDPID_EXT     ".oldbin"
 
 
-diff -urN nginx-1.11.4-orig/src/core/ngx_log.c nginx-1.11.4/src/core/ngx_log.c
---- nginx-1.11.4-orig/src/core/ngx_log.c	2016-09-24 18:38:32.914168419 -0400
-+++ nginx-1.11.4/src/core/ngx_log.c	2016-09-24 18:46:05.775102520 -0400
+diff -urN nginx-1.11.5-orig/src/core/ngx_log.c nginx-1.11.5/src/core/ngx_log.c
+--- nginx-1.11.5-orig/src/core/ngx_log.c	2016-10-13 19:43:12.481022088 -0400
++++ nginx-1.11.5/src/core/ngx_log.c	2016-10-13 19:45:29.807025840 -0400
 @@ -202,9 +202,9 @@
          return;
      }
@@ -94,9 +94,9 @@ diff -urN nginx-1.11.4-orig/src/core/ngx_log.c nginx-1.11.4/src/core/ngx_log.c
          return NGX_CONF_ERROR;
  #endif
 
-diff -urN nginx-1.11.4-orig/src/http/modules/ngx_http_autoindex_module.c nginx-1.11.4/src/http/modules/ngx_http_autoindex_module.c
---- nginx-1.11.4-orig/src/http/modules/ngx_http_autoindex_module.c	2016-09-24 18:38:32.899166988 -0400
-+++ nginx-1.11.4/src/http/modules/ngx_http_autoindex_module.c	2016-09-24 18:46:10.110101776 -0400
+diff -urN nginx-1.11.5-orig/src/http/modules/ngx_http_autoindex_module.c nginx-1.11.5/src/http/modules/ngx_http_autoindex_module.c
+--- nginx-1.11.5-orig/src/http/modules/ngx_http_autoindex_module.c	2016-10-13 19:43:12.461022088 -0400
++++ nginx-1.11.5/src/http/modules/ngx_http_autoindex_module.c	2016-10-13 19:45:29.821024648 -0400
 @@ -445,9 +445,11 @@
      ;
 
@@ -172,9 +172,9 @@ diff -urN nginx-1.11.4-orig/src/http/modules/ngx_http_autoindex_module.c nginx-1
                                tm.ngx_tm_mday,
                                months[tm.ngx_tm_mon - 1],
                                tm.ngx_tm_year,
-diff -urN nginx-1.11.4-orig/src/http/ngx_http_header_filter_module.c nginx-1.11.4/src/http/ngx_http_header_filter_module.c
---- nginx-1.11.4-orig/src/http/ngx_http_header_filter_module.c	2016-09-24 18:38:32.904167347 -0400
-+++ nginx-1.11.4/src/http/ngx_http_header_filter_module.c	2016-09-24 18:46:14.697101031 -0400
+diff -urN nginx-1.11.5-orig/src/http/ngx_http_header_filter_module.c nginx-1.11.5/src/http/ngx_http_header_filter_module.c
+--- nginx-1.11.5-orig/src/http/ngx_http_header_filter_module.c	2016-10-13 19:43:12.470022089 -0400
++++ nginx-1.11.5/src/http/ngx_http_header_filter_module.c	2016-10-13 19:45:29.833023482 -0400
 @@ -46,7 +46,7 @@
  };
 
@@ -228,9 +228,9 @@ diff -urN nginx-1.11.4-orig/src/http/ngx_http_header_filter_module.c nginx-1.11.
  #define NGX_HTTP_OFF_5XX   (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX)
 
      ngx_string("500 Internal Server Error"),
-diff -urN nginx-1.11.4-orig/src/http/ngx_http_special_response.c nginx-1.11.4/src/http/ngx_http_special_response.c
---- nginx-1.11.4-orig/src/http/ngx_http_special_response.c	2016-09-24 18:38:32.905167415 -0400
-+++ nginx-1.11.4/src/http/ngx_http_special_response.c	2016-09-24 18:46:26.282099228 -0400
+diff -urN nginx-1.11.5-orig/src/http/ngx_http_special_response.c nginx-1.11.5/src/http/ngx_http_special_response.c
+--- nginx-1.11.5-orig/src/http/ngx_http_special_response.c	2016-10-13 19:43:12.471022089 -0400
++++ nginx-1.11.5/src/http/ngx_http_special_response.c	2016-10-13 20:21:05.000000000 -0400
 @@ -19,14 +19,14 @@
 
 
@@ -683,9 +683,9 @@ diff -urN nginx-1.11.4-orig/src/http/ngx_http_special_response.c nginx-1.11.4/sr
  #define NGX_HTTP_OFF_5XX   (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX)
 
      ngx_string(ngx_http_error_494_page), /* 494, request header too large */
-diff -urN nginx-1.11.4-orig/src/http/v2/ngx_http_v2_filter_module.c nginx-1.11.4/src/http/v2/ngx_http_v2_filter_module.c
---- nginx-1.11.4-orig/src/http/v2/ngx_http_v2_filter_module.c	2016-09-24 18:38:32.908167736 -0400
-+++ nginx-1.11.4/src/http/v2/ngx_http_v2_filter_module.c	2016-09-24 18:49:16.000000000 -0400
+diff -urN nginx-1.11.5-orig/src/http/v2/ngx_http_v2_filter_module.c nginx-1.11.5/src/http/v2/ngx_http_v2_filter_module.c
+--- nginx-1.11.5-orig/src/http/v2/ngx_http_v2_filter_module.c	2016-10-13 19:43:12.474022089 -0400
++++ nginx-1.11.5/src/http/v2/ngx_http_v2_filter_module.c	2016-10-13 19:45:29.852022348 -0400
 @@ -139,7 +139,7 @@
      ngx_http_core_srv_conf_t  *cscf;
      u_char                     addr[NGX_SOCKADDR_STRLEN];
@@ -704,9 +704,9 @@ diff -urN nginx-1.11.4-orig/src/http/v2/ngx_http_v2_filter_module.c nginx-1.11.4
 
          *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SERVER_INDEX);
 
-diff -urN nginx-1.11.4-orig/src/os/unix/ngx_setproctitle.c nginx-1.11.4/src/os/unix/ngx_setproctitle.c
---- nginx-1.11.4-orig/src/os/unix/ngx_setproctitle.c	2016-09-24 18:38:32.882165538 -0400
-+++ nginx-1.11.4/src/os/unix/ngx_setproctitle.c	2016-09-24 18:46:31.267098432 -0400
+diff -urN nginx-1.11.5-orig/src/os/unix/ngx_setproctitle.c nginx-1.11.5/src/os/unix/ngx_setproctitle.c
+--- nginx-1.11.5-orig/src/os/unix/ngx_setproctitle.c	2016-10-13 19:43:12.442022001 -0400
++++ nginx-1.11.5/src/os/unix/ngx_setproctitle.c	2016-10-13 19:45:29.870021555 -0400
 @@ -89,7 +89,7 @@
 
      ngx_os_argv[1] = NULL;

diff --git a/patch-check.sh b/patch-check.sh