113 lines
3.7 KiB
Diff
113 lines
3.7 KiB
Diff
diff -ur nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c
|
|
--- nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c 2019-10-17 09:01:12.991526380 +1000
|
|
+++ nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c 2019-10-17 08:32:00.850631120 +1000
|
|
@@ -164,6 +164,11 @@
|
|
|
|
#endif
|
|
|
|
+#ifdef WOLFSSL_NGINX
|
|
+ /* Turn on internal wolfssl debugging to stdout */
|
|
+ wolfSSL_Debugging_ON();
|
|
+#endif
|
|
+
|
|
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
|
|
#ifndef SSL_OP_NO_COMPRESSION
|
|
{
|
|
@@ -1579,9 +1584,7 @@
|
|
{
|
|
#ifdef TLS1_3_VERSION
|
|
if (c->ssl->session) {
|
|
- #if !defined(WOLFSSL_NGINX)
|
|
SSL_SESSION_up_ref(c->ssl->session);
|
|
- #endif
|
|
return c->ssl->session;
|
|
}
|
|
#endif
|
|
diff -ur nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c.orig nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c.orig
|
|
--- nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.c.orig 2019-10-17 08:23:11.313946458 +1000
|
|
+++ nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.c.orig 2019-10-17 08:30:33.163460161 +1000
|
|
@@ -384,6 +384,10 @@
|
|
|
|
SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
|
|
|
|
+#ifdef WOLFSSL_NGINX
|
|
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_NONE, NULL);
|
|
+#endif
|
|
+
|
|
return NGX_OK;
|
|
}
|
|
|
|
@@ -863,6 +867,14 @@
|
|
|
|
|
|
ngx_int_t
|
|
+ngx_ssl_set_verify_on(ngx_conf_t *cf, ngx_ssl_t *ssl)
|
|
+{
|
|
+ SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
|
|
+
|
|
+ return NGX_OK;
|
|
+}
|
|
+
|
|
+ngx_int_t
|
|
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
|
|
ngx_int_t depth)
|
|
{
|
|
@@ -1370,7 +1382,8 @@
|
|
* maximum interoperability.
|
|
*/
|
|
|
|
-#if (defined SSL_CTX_set1_curves_list || defined SSL_CTRL_SET_CURVES_LIST)
|
|
+#if (defined SSL_CTX_set1_curves_list || defined SSL_CTRL_SET_CURVES_LIST) || \
|
|
+ defined(WOLFSSL_NGINX)
|
|
|
|
/*
|
|
* OpenSSL 1.0.2+ allows configuring a curve list instead of a single
|
|
@@ -3929,7 +3942,8 @@
|
|
return -1;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
|
|
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
|
|
if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
|
|
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
|
|
return -1;
|
|
@@ -3973,7 +3987,8 @@
|
|
size = 32;
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && \
|
|
+ (!defined(WOLFSSL_NGINX) || !defined(HAVE_FIPS))
|
|
if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) {
|
|
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
|
|
return -1;
|
|
diff -ur nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.h nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.h
|
|
--- nginx-1.16.1-wolfssl/src/event/ngx_event_openssl.h 2019-10-17 09:09:02.955768195 +1000
|
|
+++ nginx-1.16.1-wolfssl-debug/src/event/ngx_event_openssl.h 2019-10-17 08:30:33.163460161 +1000
|
|
@@ -14,7 +14,6 @@
|
|
|
|
#ifdef WOLFSSL_NGINX
|
|
#include <wolfssl/options.h>
|
|
-#include <openssl/pem.h>
|
|
#endif
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/err.h>
|
|
Only in nginx-1.16.1-wolfssl/src/event: .ngx_event_openssl.h.swp
|
|
diff -ur nginx-1.16.1-wolfssl/src/http/ngx_http_request.c nginx-1.16.1-wolfssl-debug/src/http/ngx_http_request.c
|
|
--- nginx-1.16.1-wolfssl/src/http/ngx_http_request.c 2019-10-17 08:49:18.234819519 +1000
|
|
+++ nginx-1.16.1-wolfssl-debug/src/http/ngx_http_request.c 2019-10-17 08:30:33.163460161 +1000
|
|
@@ -851,12 +851,6 @@
|
|
|
|
|
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|
-#ifndef SSL_AD_NO_RENEGOTIATION
|
|
-#define SSL_AD_NO_RENEGOTIATION 100
|
|
-#endif
|
|
-#ifndef SSL_AD_INTERNAL_ERROR
|
|
-#define SSL_AD_INTERNAL_ERROR 80
|
|
-#endif
|
|
|
|
int
|
|
ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
|