WolfSSL
/
wolfssl-nginx
mirror of https://github.com/wolfSSL/wolfssl-nginx.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Adds wolfSSL support to Nginx.
18 Commits
2 Branches
0 Tags
440 KiB
Shell 72.6%
Perl 23.5%
HTML 3.9%
 
 
 
Go to file
Sean Parkinson 479c127b5f Updates for wolfSSL v3.11 2017-06-19 16:14:10 +10:00
conf Updates for wolfSSL v3.11 2017-06-19 16:14:10 +10:00
html Update tests 2017-01-20 11:06:40 +10:00
wolfssl For proxy testing 2017-02-27 08:04:33 +10:00
.gitignore
LICENSE
README.md Improvements to patching 2017-04-13 10:49:03 +10:00
nginx-1.10.3-wolfssl-debug.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.10.3-wolfssl.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.11.7-wolfssl-debug.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.11.7-wolfssl.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.11.10-wolfssl-debug.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.11.10-wolfssl.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.11.13-wolfssl-debug.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.11.13-wolfssl.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.12.0-wolfssl-debug.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
nginx-1.12.0-wolfssl.patch Verify peer in proxy 2017-04-13 15:45:12 +10:00
ssl_ecc.t Improvements to patching 2017-04-13 10:49:03 +10:00
test.sh Updates for wolfSSL v3.11 2017-06-19 16:14:10 +10:00

README.md

wolfssl-nginx

wolfSSL Support in Nginx

wolfSSL is supported in Nginx. There are minor changes to the Nginx code base and recompilation is required.

The tested versions:

  • wolfSSL 3.11
  • Nginx 1.12.0
  • Nginx 1.11.13
  • Nginx 1.11.10
  • Nginx 1.11.7
  • Nginx 1.10.3

Building

First you will need Nginx source package and wolfSSL source code.

Now build and install wolfSSL. The default installation directory is: /usr/local.

To enable wolfSSL support in Nginx the source code must be patched:

  1. Change into the Nginx source directory.
  2. Apply patch: patch -p1 < /nginx--wolfssl.patch

Now rebuild Nginx:

  1. Configure Nginx with this command (extra options may be added as required):
  • ./configure --with-wolfssl=/usr/local --with-http_ssl_module
  1. Build Nginx: make

Testing

Nginx has a repository of tests that can be obtained with the following command:

To run the tests see the README. Tests are expected to pass with exceptions. An example of runnning the tests:

  1. Change into nginx-tests directory.
  2. Run tests: TEST_NGINX_BINARY=../nginx--wolfssl/objs/nginx prove .

There will be skips of SSL tests for the following reasons:

  • no multiple certificates (ssl_certificate.t)
  • many not work, leaves coredump (ssl_engine_keys.t)

-There will be failures of SSL tests for the following reasons:

    • no support for setting verification depth
    • no support for certificate authorities in certificate request ("no trusted sent")

Note: the file ssl_ecc.t in wolfssl-nginx can be used with the Nginx test system.

There are additional tests available in wolfssl-nginx. These are in addition to the Nginx tests. The OpenSSL's superapp is required for OCSP Stapling testing. To test:

  1. Change into wolfssl-nginx directory.
  2. Run the script: ./test.sh (If using IPv6 then set IPV6=yes.)
  3. When working, the number of FAIL and UNKNOWN will be 0.

Testing is only supported on Linux with bash.