diff -ur nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c --- nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c 2019-10-17 09:01:12.991526380 +1000 +++ nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c 2019-10-17 08:32:00.850631120 +1000 @@ -164,6 +164,11 @@ #endif +#ifdef WOLFSSL_NGINX + /* Turn on internal wolfssl debugging to stdout */ + wolfSSL_Debugging_ON(); +#endif + #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef SSL_OP_NO_COMPRESSION { @@ -1579,9 +1584,7 @@ { #ifdef TLS1_3_VERSION if (c->ssl->session) { - #if !defined(WOLFSSL_NGINX) SSL_SESSION_up_ref(c->ssl->session); - #endif return c->ssl->session; } #endif diff -ur nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c.orig nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c.orig --- nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c.orig 2019-10-17 08:23:11.313946458 +1000 +++ nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c.orig 2019-10-17 08:30:33.163460161 +1000 @@ -384,6 +384,10 @@ SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback); +#ifdef WOLFSSL_NGINX + SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL); +#endif + return NGX_OK; } @@ -863,6 +867,14 @@ ngx_int_t +ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl) +{ + SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback); + + return NGX_OK; +} + +ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth) { @@ -1370,7 +1382,8 @@ * maximum interoperability. */ -#if (defined SSL_CTX_set1_curves_list || defined SSL_CTRL_SET_CURVES_LIST) +#if (defined SSL_CTX_set1_curves_list || defined SSL_CTRL_SET_CURVES_LIST) || \ + defined(WOLFSSL_NGINX) /* * OpenSSL 1.0.2+ allows configuring a curve list instead of a single @@ -3929,7 +3942,8 @@ return -1; } -#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \ + (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS)) if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) { ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed"); return -1; @@ -3973,7 +3987,8 @@ size = 32; } -#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \ + (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS)) if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) { ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed"); return -1; diff -ur nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.h nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.h --- nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.h 2019-10-17 09:09:02.955768195 +1000 +++ nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.h 2019-10-17 08:30:33.163460161 +1000 @@ -14,7 +14,6 @@ #ifdef WOLFSSL_NGINX #include -#include #endif #include #include Only in nginx-1.16.1-wolfssl/src/event: .ngx_event_openssl.h.swp diff -ur nginx-1.16.1-wolfssl/src/http/ngx_http_request.c nginx-1.16.1-wolfssl-debug/src/http/ngx_http_request.c --- nginx-1.16.1-wolfssl/src/http/ngx_http_request.c 2019-10-17 08:49:18.234819519 +1000 +++ nginx-1.16.1-wolfssl-debug/src/http/ngx_http_request.c 2019-10-17 08:30:33.163460161 +1000 @@ -851,12 +851,6 @@ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -#ifndef SSL_AD_NO_RENEGOTIATION -#define SSL_AD_NO_RENEGOTIATION 100 -#endif -#ifndef SSL_AD_INTERNAL_ERROR -#define SSL_AD_INTERNAL_ERROR 80 -#endif int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)