WolfSSL
/
wolfssl-nginx
mirror of https://github.com/wolfSSL/wolfssl-nginx.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Support for wolfSSL 3.14

pull/4/head
Sean Parkinson 2018-03-15 11:03:21 +10:00
parent 6012f3d70b
commit 6160c0f813
17 changed files with 247 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
nginx-1.10.3-wolfssl.patch
View File

@ -1,22 +1,47 @@
diff -ur nginx-1.10.3/auto/lib/openssl/conf nginx-1.10.3-wolfssl/auto/lib/openssl/conf
--- nginx-1.10.3/auto/lib/openssl/conf 2017-02-01 01:01:11.000000000 +1000
+++ nginx-1.10.3-wolfssl/auto/lib/openssl/conf 2017-04-13 10:38:27.614124846 +1000
@@ -53,8 +53,34 @@
+++ nginx-1.10.3-wolfssl/auto/lib/openssl/conf 2018-03-15 10:42:00.974532594 +1000
@@ -15,8 +15,16 @@
CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/openssl/include/openssl/ssl.h"
- CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/ssleay32.lib"
- CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libeay32.lib"
+
+ if [ -f $OPENSSL/ms/do_ms.bat ]; then
+ # before OpenSSL 1.1.0
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/ssleay32.lib"
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libeay32.lib"
+ else
+ # OpenSSL 1.1.0+
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libssl.lib"
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libcrypto.lib"
+ fi
# libeay32.lib requires gdi32.lib
CORE_LIBS="$CORE_LIBS gdi32.lib"
@@ -49,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
+
+ if [ $WOLFSSL != NONE ]; then
+ ngx_feature="wolfSSL library in $WOLFSSL"
+ ngx_feature_path="$WOLFSSL/include/wolfssl $WOLFSSL/include"
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl $WOLFSSL/include"
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
+ CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
+ fi
+
@ -31,7 +56,6 @@ diff -ur nginx-1.10.3/auto/lib/openssl/conf nginx-1.10.3-wolfssl/auto/lib/openss
+END
+ exit 1
+ fi
+
+
if [ $ngx_found = no ]; then

14
nginx-1.11.10-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.11.10/auto/lib/openssl/conf nginx-1.11.10-wolfssl/auto/lib/openssl/conf
--- nginx-1.11.10/auto/lib/openssl/conf 2017-02-15 01:36:04.000000000 +1000
+++ nginx-1.11.10-wolfssl/auto/lib/openssl/conf 2017-03-03 12:12:59.991555289 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.11.10-wolfssl/auto/lib/openssl/conf 2018-03-15 10:41:36.814622697 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.11.10/auto/lib/openssl/conf nginx-1.11.10-wolfssl/auto/lib/open
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"

4
nginx-1.11.13-wolfssl-debug.patch
View File

@ -1,6 +1,6 @@
diff -ur nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c nginx-1.11.13-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 09:07:36.997535505 +1000
+++ nginx-1.11.13-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-02 09:07:52.965498263 +1000
--- nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 14:27:02.018793321 +1000
+++ nginx-1.11.13-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-02 14:27:53.627085910 +1000
@@ -144,6 +144,11 @@
#endif

36
nginx-1.11.13-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.11.13/auto/lib/openssl/conf nginx-1.11.13-wolfssl/auto/lib/openssl/conf
--- nginx-1.11.13/auto/lib/openssl/conf 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/auto/lib/openssl/conf 2017-04-13 09:30:40.072107746 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.11.13-wolfssl/auto/lib/openssl/conf 2018-03-15 10:41:19.366691516 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.11.13/auto/lib/openssl/conf nginx-1.11.13-wolfssl/auto/lib/open
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
@ -64,7 +70,7 @@ diff -ur nginx-1.11.13/auto/options nginx-1.11.13-wolfssl/auto/options
diff -ur nginx-1.11.13/src/event/ngx_event_openssl.c nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.11.13/src/event/ngx_event_openssl.c 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 09:07:36.997535505 +1000
+++ nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 14:27:02.018793321 +1000
@@ -340,6 +340,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
@ -100,6 +106,26 @@ diff -ur nginx-1.11.13/src/event/ngx_event_openssl.c nginx-1.11.13-wolfssl/src/e
/*
* OpenSSL 1.0.2+ allows configuring a curve list instead of a single
@@ -3050,7 +3062,8 @@
return -1;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
return -1;
@@ -3094,7 +3107,8 @@
size = 32;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
return -1;
diff -ur nginx-1.11.13/src/event/ngx_event_openssl.h nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.11.13/src/event/ngx_event_openssl.h 2017-04-05 01:01:57.000000000 +1000
+++ nginx-1.11.13-wolfssl/src/event/ngx_event_openssl.h 2018-02-02 09:07:12.437593298 +1000

33
nginx-1.11.7-wolfssl.patch
View File

@ -1,7 +1,32 @@
diff -ur nginx-1.11.7/auto/lib/openssl/conf nginx-1.11.7-wolfssl/auto/lib/openssl/conf
--- nginx-1.11.7/auto/lib/openssl/conf 2016-12-14 01:21:24.000000000 +1000
+++ nginx-1.11.7-wolfssl/auto/lib/openssl/conf 2017-01-17 16:09:53.864946344 +1000
@@ -53,8 +53,33 @@
+++ nginx-1.11.7-wolfssl/auto/lib/openssl/conf 2018-03-15 10:41:46.330586503 +1000
@@ -15,8 +15,16 @@
CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/openssl/include/openssl/ssl.h"
- CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/ssleay32.lib"
- CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libeay32.lib"
+
+ if [ -f $OPENSSL/ms/do_ms.bat ]; then
+ # before OpenSSL 1.1.0
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/ssleay32.lib"
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libeay32.lib"
+ else
+ # OpenSSL 1.1.0+
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libssl.lib"
+ CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libcrypto.lib"
+ fi
# libeay32.lib requires gdi32.lib
CORE_LIBS="$CORE_LIBS gdi32.lib"
@@ -49,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +36,9 @@ diff -ur nginx-1.11.7/auto/lib/openssl/conf nginx-1.11.7-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"

14
nginx-1.12.0-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.12.0/auto/lib/openssl/conf nginx-1.12.0-wolfssl/auto/lib/openssl/conf
--- nginx-1.12.0/auto/lib/openssl/conf 2017-04-13 00:46:01.000000000 +1000
+++ nginx-1.12.0-wolfssl/auto/lib/openssl/conf 2017-04-13 09:53:49.670278950 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.12.0-wolfssl/auto/lib/openssl/conf 2018-03-15 10:41:05.182749858 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.12.0/auto/lib/openssl/conf nginx-1.12.0-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"

37
nginx-1.12.1-wolfssl-debug.patch
View File

@ -1,40 +1,3 @@
diff -ur nginx-1.12.1-wolfssl/auto/lib/openssl/conf nginx-1.12.1-wolfssl-debug/auto/lib/openssl/conf
--- nginx-1.12.1-wolfssl/auto/lib/openssl/conf 2018-02-02 11:14:00.503060273 +1000
+++ nginx-1.12.1-wolfssl-debug/auto/lib/openssl/conf 2018-02-02 11:12:46.602768290 +1000
@@ -61,33 +61,8 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
-
- if [ $WOLFSSL != NONE ]; then
- ngx_feature="wolfSSL library in $WOLFSSL"
- ngx_feature_path="$WOLFSSL/include/wolfssl"
-
- if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
- else
- ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
- fi
-
- CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
- CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
- fi
-
. auto/feature
- if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
-cat << END
-
-$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
-SSL modules require the wolfSSL library.
-
-END
- exit 1
- fi
-
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.12.1-wolfssl/auto/options nginx-1.12.1-wolfssl-debug/auto/options
--- nginx-1.12.1-wolfssl/auto/options 2018-02-02 11:14:00.503060273 +1000
+++ nginx-1.12.1-wolfssl-debug/auto/options 2018-02-02 11:12:46.602768290 +1000

14
nginx-1.12.1-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.12.1/auto/lib/openssl/conf nginx-1.12.1-wolfssl/auto/lib/openssl/conf
--- nginx-1.12.1/auto/lib/openssl/conf 2017-07-11 23:24:06.000000000 +1000
+++ nginx-1.12.1-wolfssl/auto/lib/openssl/conf 2018-02-02 11:14:00.503060273 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.12.1-wolfssl/auto/lib/openssl/conf 2018-03-15 10:40:55.062792837 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.12.1/auto/lib/openssl/conf nginx-1.12.1-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"

37
nginx-1.12.2-wolfssl-debug.patch
View File

@ -1,40 +1,3 @@
diff -ur nginx-1.12.2-wolfssl/auto/lib/openssl/conf nginx-1.12.2-wolfssl-debug/auto/lib/openssl/conf
--- nginx-1.12.2-wolfssl/auto/lib/openssl/conf 2018-02-02 11:13:34.994958124 +1000
+++ nginx-1.12.2-wolfssl-debug/auto/lib/openssl/conf 2018-02-02 11:13:06.954847473 +1000
@@ -61,33 +61,8 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
-
- if [ $WOLFSSL != NONE ]; then
- ngx_feature="wolfSSL library in $WOLFSSL"
- ngx_feature_path="$WOLFSSL/include/wolfssl"
-
- if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
- else
- ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
- fi
-
- CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
- CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
- fi
-
. auto/feature
- if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
-cat << END
-
-$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
-SSL modules require the wolfSSL library.
-
-END
- exit 1
- fi
-
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.12.2-wolfssl/auto/options nginx-1.12.2-wolfssl-debug/auto/options
--- nginx-1.12.2-wolfssl/auto/options 2018-02-02 11:13:34.994958124 +1000
+++ nginx-1.12.2-wolfssl-debug/auto/options 2018-02-02 11:13:06.954847473 +1000

14
nginx-1.12.2-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.12.2/auto/lib/openssl/conf nginx-1.12.2-wolfssl/auto/lib/openssl/conf
--- nginx-1.12.2/auto/lib/openssl/conf 2017-10-17 23:16:37.000000000 +1000
+++ nginx-1.12.2-wolfssl/auto/lib/openssl/conf 2018-02-02 11:13:34.994958124 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.12.2-wolfssl/auto/lib/openssl/conf 2018-03-15 10:40:46.114831798 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.12.2/auto/lib/openssl/conf nginx-1.12.2-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"

41
nginx-1.13.0-wolfssl-debug.patch
View File

@ -1,40 +1,3 @@
diff -ur nginx-1.13.0-wolfssl/auto/lib/openssl/conf nginx-1.13.0-wolfssl-debug/auto/lib/openssl/conf
--- nginx-1.13.0-wolfssl/auto/lib/openssl/conf 2018-02-01 08:37:32.565863658 +1000
+++ nginx-1.13.0-wolfssl-debug/auto/lib/openssl/conf 2018-02-01 08:36:08.797416011 +1000
@@ -61,33 +61,8 @@
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
-
- if [ $WOLFSSL != NONE ]; then
- ngx_feature="wolfSSL library in $WOLFSSL"
- ngx_feature_path="$WOLFSSL/include/wolfssl"
-
- if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
- else
- ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
- fi
-
- CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
- CFLAGS="$CFLAGS -DWOLFSSL_NGINX"
- fi
-
. auto/feature
- if [ $WOLFSSL != NONE -a $ngx_found = no ]; then
-cat << END
-
-$0: error: Could not find wolfSSL at $WOLFSSL/include/wolfssl.
-SSL modules require the wolfSSL library.
-
-END
- exit 1
- fi
-
if [ $ngx_found = no ]; then
# FreeBSD port
diff -ur nginx-1.13.0-wolfssl/auto/options nginx-1.13.0-wolfssl-debug/auto/options
--- nginx-1.13.0-wolfssl/auto/options 2018-02-01 08:37:32.565863658 +1000
+++ nginx-1.13.0-wolfssl-debug/auto/options 2018-02-01 08:36:08.797416011 +1000
@ -63,8 +26,8 @@ diff -ur nginx-1.13.0-wolfssl/auto/options nginx-1.13.0-wolfssl-debug/auto/optio
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
diff -ur nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.c nginx-1.13.0-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.c 2018-02-01 08:42:59.243534258 +1000
+++ nginx-1.13.0-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-01 08:41:43.047153153 +1000
--- nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 14:28:42.591166177 +1000
+++ nginx-1.13.0-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-02 14:29:12.030976039 +1000
@@ -144,6 +144,11 @@
#endif

36
nginx-1.13.0-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.13.0/auto/lib/openssl/conf nginx-1.13.0-wolfssl/auto/lib/openssl/conf
--- nginx-1.13.0/auto/lib/openssl/conf 2017-04-26 00:18:22.000000000 +1000
+++ nginx-1.13.0-wolfssl/auto/lib/openssl/conf 2018-02-01 08:37:32.565863658 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.13.0-wolfssl/auto/lib/openssl/conf 2018-03-15 10:29:04.221357959 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.13.0/auto/lib/openssl/conf nginx-1.13.0-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
@ -64,7 +70,7 @@ diff -ur nginx-1.13.0/auto/options nginx-1.13.0-wolfssl/auto/options
diff -ur nginx-1.13.0/src/event/ngx_event_openssl.c nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.13.0/src/event/ngx_event_openssl.c 2017-04-26 00:18:23.000000000 +1000
+++ nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.c 2018-02-01 08:42:59.243534258 +1000
+++ nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 14:28:42.591166177 +1000
@@ -346,6 +346,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
@ -101,6 +107,26 @@ diff -ur nginx-1.13.0/src/event/ngx_event_openssl.c nginx-1.13.0-wolfssl/src/eve
/*
* OpenSSL 1.0.2+ allows configuring a curve list instead of a single
@@ -3058,7 +3071,8 @@
return -1;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
return -1;
@@ -3102,7 +3116,8 @@
size = 32;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
return -1;
diff -ur nginx-1.13.0/src/event/ngx_event_openssl.h nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.13.0/src/event/ngx_event_openssl.h 2017-04-26 00:18:23.000000000 +1000
+++ nginx-1.13.0-wolfssl/src/event/ngx_event_openssl.h 2018-02-01 08:42:38.107428966 +1000

4
nginx-1.13.2-wolfssl-debug.patch
View File

@ -1,6 +1,6 @@
diff -ur nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.c nginx-1.13.2-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.c 2018-02-01 09:02:23.968175319 +1000
+++ nginx-1.13.2-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-01 09:07:08.597382683 +1000
--- nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 14:28:56.511074050 +1000
+++ nginx-1.13.2-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-02 14:29:21.006921564 +1000
@@ -144,6 +144,11 @@
#endif

38
nginx-1.13.2-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.13.2/auto/lib/openssl/conf nginx-1.13.2-wolfssl/auto/lib/openssl/conf
--- nginx-1.13.2/auto/lib/openssl/conf 2017-06-28 00:44:19.000000000 +1000
+++ nginx-1.13.2-wolfssl/auto/lib/openssl/conf 2017-06-29 10:18:05.421755825 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.13.2-wolfssl/auto/lib/openssl/conf 2018-03-15 10:28:53.481314304 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.13.2/auto/lib/openssl/conf nginx-1.13.2-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
@ -63,8 +69,8 @@ diff -ur nginx-1.13.2/auto/options nginx-1.13.2-wolfssl/auto/options
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
diff -ur nginx-1.13.2/src/event/ngx_event_openssl.c nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.c
--- nginx-1.13.2/src/event/ngx_event_openssl.c 2017-06-28 00:44:20.000000000 +1000
+++ nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.c 2018-02-01 09:02:23.968175319 +1000
--- nginx-1.13.2/src/event/ngx_event_openssl.c 2018-02-01 10:16:40.445367070 +1000
+++ nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 14:28:56.511074050 +1000
@@ -346,6 +346,10 @@
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
@ -101,6 +107,26 @@ diff -ur nginx-1.13.2/src/event/ngx_event_openssl.c nginx-1.13.2-wolfssl/src/eve
/*
* OpenSSL 1.0.2+ allows configuring a curve list instead of a single
@@ -3058,7 +3071,8 @@
return -1;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
return -1;
@@ -3102,7 +3116,8 @@
size = 32;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
return -1;
diff -ur nginx-1.13.2/src/event/ngx_event_openssl.h nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.h
--- nginx-1.13.2/src/event/ngx_event_openssl.h 2017-06-28 00:44:20.000000000 +1000
+++ nginx-1.13.2-wolfssl/src/event/ngx_event_openssl.h 2018-02-01 09:02:00.048075409 +1000

25
nginx-1.13.8-wolfssl-debug.patch
View File

@ -1,3 +1,28 @@
diff -ur nginx-1.13.8-wolfssl/auto/lib/openssl/conf nginx-1.13.8-wolfssl-debug/auto/lib/openssl/conf
--- nginx-1.13.8-wolfssl/auto/lib/openssl/conf 2018-03-15 09:14:09.334704822 +1000
+++ nginx-1.13.8-wolfssl-debug/auto/lib/openssl/conf 2018-02-02 10:33:24.803654613 +1000
@@ -57,8 +57,7 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <options.h>
- #include <openssl/ssl.h>"
+ ngx_feature_incs="#include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@@ -68,9 +67,9 @@
ngx_feature_path="$WOLFSSL/include/wolfssl"
if [ $NGX_RPATH = YES ]; then
- ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
else
- ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
fi
CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"
diff -ur nginx-1.13.8-wolfssl/src/event/ngx_event_openssl.c nginx-1.13.8-wolfssl-debug/src/event/ngx_event_openssl.c
--- nginx-1.13.8-wolfssl/src/event/ngx_event_openssl.c 2018-02-02 10:10:29.701973701 +1000
+++ nginx-1.13.8-wolfssl-debug/src/event/ngx_event_openssl.c 2018-02-02 10:34:24.287926076 +1000

14
nginx-1.13.8-wolfssl.patch
View File

@ -1,7 +1,13 @@
diff -ur nginx-1.13.8/auto/lib/openssl/conf nginx-1.13.8-wolfssl/auto/lib/openssl/conf
--- nginx-1.13.8/auto/lib/openssl/conf 2017-12-27 02:01:12.000000000 +1000
+++ nginx-1.13.8-wolfssl/auto/lib/openssl/conf 2018-02-02 08:42:39.490622923 +1000
@@ -61,8 +61,33 @@
+++ nginx-1.13.8-wolfssl/auto/lib/openssl/conf 2018-03-15 09:14:09.334704822 +1000
@@ -57,12 +57,38 @@
ngx_feature="OpenSSL library"
ngx_feature_name="NGX_OPENSSL"
ngx_feature_run=no
- ngx_feature_incs="#include <openssl/ssl.h>"
+ ngx_feature_incs="#include <options.h>
+ #include <openssl/ssl.h>"
ngx_feature_path=
ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL"
ngx_feature_test="SSL_CTX_set_options(NULL, 0)"
@ -11,9 +17,9 @@ diff -ur nginx-1.13.8/auto/lib/openssl/conf nginx-1.13.8-wolfssl/auto/lib/openss
+ ngx_feature_path="$WOLFSSL/include/wolfssl"
+
+ if [ $NGX_RPATH = YES ]; then
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-R$WOLFSSL/lib -L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ else
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl $NGX_LIBDL"
+ ngx_feature_libs="-L$WOLFSSL/lib -lwolfssl -lm $NGX_LIBDL"
+ fi
+
+ CORE_INCS="$CORE_INCS $WOLFSSL/include/wolfssl"

15
test.sh
View File

@ -184,15 +184,24 @@ stapling_test() {
client
}
WOLFSSL_OCSP_INDEX=${WOLFSSL_OCSP_CERTS}/index-intermediate1-ca-issued-certs.txt
if [ ! -f ${WOLFSSL_OCSP_INDEX} ]; then
WOLFSSL_OCSP_INDEX=${WOLFSSL_OCSP_CERTS}/index1.txt
fi
WOLFSSL_OCSP_RSIGNER=${WOLFSSL_OCSP_CERTS}/ocsp-responder-cert.pem
WOLFSSL_OCSP_RKEY=${WOLFSSL_OCSP_CERTS}/ocsp-responder-key.pem
WOLFSSL_OCSP_CA=${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem
WOLFSSL_OCSP_CERT1=${WOLFSSL_OCSP_CERTS}/server1-cert.pem
WOLFSSL_OCSP_CERT2=${WOLFSSL_OCSP_CERTS}/server2-cert.pem
# Start the OSCP responder and generate the response files
${OPENSSL} ocsp -port 22221 -nmin ${VALID_MIN} -index ${WOLFSSL_OCSP_CERTS}/index1.txt -rsigner ${WOLFSSL_OCSP_CERTS}/ocsp-responder-cert.pem -rkey ${WOLFSSL_OCSP_CERTS}/ocsp-responder-key.pem -CA ${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem >/dev/null 2>&1 &
${OPENSSL} ocsp -port 22221 -nmin ${VALID_MIN} -index ${WOLFSSL_OCSP_INDEX} -rsigner ${WOLFSSL_OCSP_RSIGNER} -rkey ${WOLFSSL_OCSP_RKEY} -CA ${WOLFSSL_OCSP_CA} >/dev/null 2>&1 &
OCSP_PID=$!
# Generate OCSP response file that indicates certificate is good.
${OPENSSL} ocsp -issuer ${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem -cert ${WOLFSSL_OCSP_CERTS}/server1-cert.pem -url http://localhost:22221 -resp_text -respout ${WN_OCSP_GOOD} -no_nonce >/dev/null 2>&1
${OPENSSL} ocsp -issuer ${WOLFSSL_OCSP_CA} -cert ${WOLFSSL_OCSP_CERT1} -url http://localhost:22221 -resp_text -respout ${WN_OCSP_GOOD} -no_nonce >/dev/null 2>&1
# Generate OCSP response file that indicates certificate is revoked.
${OPENSSL} ocsp -issuer ${WOLFSSL_OCSP_CERTS}/intermediate1-ca-cert.pem -cert ${WOLFSSL_OCSP_CERTS}/server2-cert.pem -url http://localhost:22221 -resp_text -respout ${WN_OCSP_BAD} -no_nonce >/dev/null 2>&1
${OPENSSL} ocsp -issuer ${WOLFSSL_OCSP_CA} -cert ${WOLFSSL_OCSP_CERT2} -url http://localhost:22221 -resp_text -respout ${WN_OCSP_BAD} -no_nonce >/dev/null 2>&1
if [ ! -f $WN_OCSP_GOOD ]; then
echo "Could not find OCSP output file: ${WN_OCSP_GOOD}"