WolfSSL
/
wolfssl-nginx
mirror of https://github.com/wolfSSL/wolfssl-nginx.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Adds wolfSSL support to Nginx.
60 Commits
2 Branches
0 Tags
440 KiB
Shell 72.6%
Perl 23.5%
HTML 3.9%
 
 
 
Go to file
David Garske c0f3e543ef Spelling fix. 2021-09-13 11:57:39 -07:00
conf Test with TLS 1.3 2019-11-06 13:51:11 +01:00
html Update tests 2017-01-20 11:06:40 +10:00
wolfssl For proxy testing 2017-02-27 08:04:33 +10:00
.gitignore
README.md Spelling fix. 2021-09-13 11:57:39 -07:00
cp_certs.sh Update for nginx-1.15.0 2018-06-25 14:53:59 +10:00
nginx-1.7.7-wolfssl-debug.patch nginx 1.7.7 patches 2020-12-02 11:33:53 +01:00
nginx-1.7.7-wolfssl.patch Update 1.7.7 patch and remove copyrighted file 2020-12-14 16:26:26 +01:00
nginx-1.10.3-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.10.3-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.11.7-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.11.7-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.11.10-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.11.10-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.11.13-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.11.13-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.12.0-wolfssl-debug.patch Working with newest and patched wolfSSL 2018-02-09 11:54:17 +10:00
nginx-1.12.0-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.12.1-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.12.1-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.12.2-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.12.2-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.0-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.13.0-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.2-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.13.2-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.8-wolfssl-debug.patch Support for wolfSSL 3.14 2018-03-15 11:03:21 +10:00
nginx-1.13.8-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.13.12-wolfssl-debug.patch Patches for versions 1.14.0 and 1.13.12 2018-04-18 15:07:32 +10:00
nginx-1.13.12-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.14.0-wolfssl-debug.patch Patches for versions 1.14.0 and 1.13.12 2018-04-18 15:07:32 +10:00
nginx-1.14.0-wolfssl.patch Add WOLFSSL/include to ngx_feature_path 2018-06-15 14:29:04 -07:00
nginx-1.15.0-wolfssl-debug.patch Update for nginx-1.15.0 2018-06-25 14:53:59 +10:00
nginx-1.15.0-wolfssl.patch Reuse sessions 2019-10-22 13:56:27 +02:00
nginx-1.16.1-wolfssl-debug.patch Remove tabs and fix debug patch 2019-10-29 17:38:15 +01:00
nginx-1.16.1-wolfssl.patch Use SSL_SESSION_dup 2019-11-05 22:44:55 +01:00
nginx-1.17.5-wolfssl-debug.patch 1.17.5 patches 2019-11-04 22:48:48 +01:00
nginx-1.17.5-wolfssl.patch Use SSL_SESSION_dup 2019-11-06 13:51:01 +01:00
nginx-1.19.6-wolfssl-debug.patch Add 1.19.6 support 2021-01-22 11:37:41 +01:00
nginx-1.19.6-wolfssl.patch Add 1.19.6 support 2021-01-22 11:37:41 +01:00
ssl_ecc.t Improvements to patching 2017-04-13 10:49:03 +10:00
ssl_stapling.t.patch Update 1.7.7 patch and remove copyrighted file 2020-12-14 16:26:26 +01:00
test.sh Use SSL_SESSION_dup 2019-11-06 13:51:01 +01:00
wolfssl-3.13.0-nginx.patch Patch file for wolfSSL 3.13.0 2018-04-17 10:07:17 +10:00

README.md

wolfssl-nginx

wolfSSL Support in Nginx

wolfSSL is supported in Nginx. There are minor changes to the Nginx code base and recompilation is required.

The tested versions:

  • wolfSSL 3.14
  • wolfSSL 3.13.0 (with patch applied: wolfssl-3.13.0-nginx.patch)
  • Nginx 1.17.5
  • Nginx 1.16.1
  • Nginx 1.15.0
  • Nginx 1.14.0
  • Nginx 1.13.12
  • Nginx 1.13.8
  • Nginx 1.13.2
  • Nginx 1.13.0
  • Nginx 1.12.2
  • Nginx 1.12.1
  • Nginx 1.12.0
  • Nginx 1.11.13
  • Nginx 1.11.10
  • Nginx 1.11.7
  • Nginx 1.10.3
  • Nginx 1.7.7

Building

First you will need Nginx source package and wolfSSL source code.

Now build and install wolfSSL. Please make sure to configure wolfSSL with ./configure --enable-nginx. The default installation directory is: /usr/local.

To enable wolfSSL support in Nginx the source code must be patched:

  1. Change into the Nginx source directory.
  2. Apply patch: patch -p1 < /nginx--wolfssl.patch

Now rebuild Nginx:

  1. Configure Nginx with this command (extra options may be added as required):
  • ./configure --with-wolfssl=/usr/local --with-http_ssl_module
  1. Build Nginx: make

Testing

Nginx has a repository of tests that can be obtained with the following command:

To run the tests see the README. Tests are expected to pass with exceptions. An example of running the tests:

  1. Change into nginx-tests directory.
  2. Run tests: TEST_NGINX_BINARY=../nginx--wolfssl/objs/nginx prove .

There will be failures of SSL tests for the following reasons:

  • using non-default, insecure cipher suites, multiple certificate chains not supported (ssl_certificate.t)
  • using non-default, insecure cipher suites (ssl_stapling.t)

Note: the file ssl_ecc.t in wolfssl-nginx can be used with the Nginx test system. Note: the file ssl_stapling.t.patch can be used to patch the ssl_stapling.t file in nginx-tests to work with wolfSSL. The version available in the testing repository uses different certs on the same server. This is not supported by wolfSSL so this patch moves the certs to separate server instances.

There are additional tests available in wolfssl-nginx. These are in addition to the Nginx tests. The OpenSSL's superapp is required for OCSP Stapling testing. To test:

  1. Change into wolfssl-nginx directory.
  2. Run the script: ./test.sh (If using IPv6 then set IPV6=yes.)
  3. When working, the number of FAIL and UNKNOWN will be 0.

Testing is only supported on Linux with bash.

Licensing

wolfSSL and wolfCrypt are either licensed for use under the GPLv3 (or at your option any later version) or a standard commercial license. For users who cannot use wolfSSL under GPLv3 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. For license inquiries, please contact wolfSSL Inc. directly at licensing@wolfssl.com.

The NGINX patches in this repository are licensed under their respective project licenses.

Support

For support or build issues, please contact the wolfSSL support team at support@wolfssl.com.