WolfSSL
/
wolfssl-nginx
mirror of https://github.com/wolfSSL/wolfssl-nginx.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Adds wolfSSL support to Nginx.
50 Commits
2 Branches
0 Tags
440 KiB
Shell 72.6%
Perl 23.5%
HTML 3.9%
 
 
 
Go to file
Juliusz Sosinowicz 9d9c58e049 Use SSL_SESSION_dup 2019-11-05 22:44:55 +01:00
conf wolfSSL needs this to identify the key correctly 2019-10-31 11:12:02 +01:00
html
wolfssl For proxy testing 2017-02-27 08:04:33 +10:00
.gitignore
LICENSE Create LICENSE 2018-06-05 12:19:37 -07:00
README.md Update README.md 2018-10-19 14:48:39 -06:00
cp_certs.sh Update for nginx-1.15.0 2018-06-25 14:53:59 +10:00
nginx-1.10.3-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.10.3-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.11.7-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.11.7-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.11.10-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.11.10-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.11.13-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.11.13-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.12.0-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.12.0-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.12.1-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.12.1-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.12.2-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.12.2-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.0-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.13.0-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.2-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.13.2-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.8-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.13.8-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.12-wolfssl-debug.patch Patches for versions 1.14.0 and 1.13.12 2018-04-18 15:07:32 +10:00
nginx-1.13.12-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.14.0-wolfssl-debug.patch Patches for versions 1.14.0 and 1.13.12 2018-04-18 15:07:32 +10:00
nginx-1.14.0-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.15.0-wolfssl-debug.patch Update for nginx-1.15.0 2018-06-25 14:53:59 +10:00
nginx-1.15.0-wolfssl.patch Reuse sessions 2019-10-22 13:56:27 +02:00
nginx-1.16.1-wolfssl-debug.patch Remove tabs and fix debug patch 2019-10-29 17:38:15 +01:00
nginx-1.16.1-wolfssl.patch Use SSL_SESSION_dup 2019-11-05 22:44:55 +01:00
nginx-1.17.5-wolfssl-debug.patch 1.17.5 patches 2019-11-04 22:48:48 +01:00
nginx-1.17.5-wolfssl.patch 1.17.5 patches 2019-11-04 22:48:48 +01:00
ssl_ecc.t Improvements to patching 2017-04-13 10:49:03 +10:00
ssl_stapling.t ssl_stapling.t test with RSA and ECC separate 2019-10-24 15:04:17 +02:00
test.sh Update for nginx-1.15.0 2018-06-25 14:53:59 +10:00
wolfssl-3.13.0-nginx.patch Patch file for wolfSSL 3.13.0 2018-04-17 10:07:17 +10:00

README.md

wolfssl-nginx

wolfSSL Support in Nginx

wolfSSL is supported in Nginx. There are minor changes to the Nginx code base and recompilation is required.

The tested versions:

  • wolfSSL 3.14
  • wolfSSL 3.13.0 (with patch applied: wolfssl-3.13.0-nginx.patch)
  • Nginx 1.14.0
  • Nginx 1.13.12
  • Nginx 1.13.8
  • Nginx 1.13.2
  • Nginx 1.13.0
  • Nginx 1.12.2
  • Nginx 1.12.1
  • Nginx 1.12.0
  • Nginx 1.11.13
  • Nginx 1.11.10
  • Nginx 1.11.7
  • Nginx 1.10.3

Building

First you will need Nginx source package and wolfSSL source code.

Now build and install wolfSSL. Please make sure to configure wolfSSL with ./configure --enable-nginx. The default installation directory is: /usr/local.

To enable wolfSSL support in Nginx the source code must be patched:

  1. Change into the Nginx source directory.
  2. Apply patch: patch -p1 < /nginx--wolfssl.patch

Now rebuild Nginx:

  1. Configure Nginx with this command (extra options may be added as required):
  • ./configure --with-wolfssl=/usr/local --with-http_ssl_module
  1. Build Nginx: make

Testing

Nginx has a repository of tests that can be obtained with the following command:

To run the tests see the README. Tests are expected to pass with exceptions. An example of runnning the tests:

  1. Change into nginx-tests directory.
  2. Run tests: TEST_NGINX_BINARY=../nginx--wolfssl/objs/nginx prove .

There will be failures of SSL tests for the following reasons:

  • using non-default, insecure cipher suites, multiple certificate chains not supported (ssl_certificate.t)
  • using non-default, insecure cipher suites (ssl_stapling.t)

Note: the file ssl_ecc.t in wolfssl-nginx can be used with the Nginx test system.

There are additional tests available in wolfssl-nginx. These are in addition to the Nginx tests. The OpenSSL's superapp is required for OCSP Stapling testing. To test:

  1. Change into wolfssl-nginx directory.
  2. Run the script: ./test.sh (If using IPv6 then set IPV6=yes.)
  3. When working, the number of FAIL and UNKNOWN will be 0.

Testing is only supported on Linux with bash.

License

This work is licensed under GPLv3; see LICENSE for details.