Date: Wed, 28 Oct 2020 14:06:54 +0000 (UTC) From: "Sergey A. Osokin" <osa@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r553544 - in head/www/nginx-devel: . files Message-ID: <202010281406.09SE6sGU077238@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: osa Date: Wed Oct 28 14:06:53 2020 New Revision: 553544 URL: https://svnweb.freebsd.org/changeset/ports/553544 Log: Update the kernel TLS patch to make all hunks succeeded. Bump PORTREVISION. Modified: head/www/nginx-devel/Makefile head/www/nginx-devel/files/extra-patch-ktls Modified: head/www/nginx-devel/Makefile ============================================================================== --- head/www/nginx-devel/Makefile Wed Oct 28 13:41:33 2020 (r553543) +++ head/www/nginx-devel/Makefile Wed Oct 28 14:06:53 2020 (r553544) @@ -3,6 +3,7 @@ PORTNAME?= nginx PORTVERSION= 1.19.4 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa Modified: head/www/nginx-devel/files/extra-patch-ktls ============================================================================== --- head/www/nginx-devel/files/extra-patch-ktls Wed Oct 28 13:41:33 2020 (r553543) +++ head/www/nginx-devel/files/extra-patch-ktls Wed Oct 28 14:06:53 2020 (r553544) @@ -1,5 +1,5 @@ diff --git a/src/core/ngx_log.h b/src/core/ngx_log.h -index afb73bf7..4c6e9c2c 100644 +index afb73bf..4c6e9c2 100644 --- a/src/core/ngx_log.h +++ b/src/core/ngx_log.h @@ -30,6 +30,7 @@ @@ -11,7 +11,7 @@ index afb73bf7..4c6e9c2c 100644 /* * do not forget to update debug_levels[] in src/core/ngx_log.c diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c -index 7be4fb4c..dd147c42 100644 +index 2eef87e..7aa23c6 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -52,6 +52,10 @@ static void ngx_ssl_shutdown_handler(ngx_event_t *ev); @@ -25,7 +25,7 @@ index 7be4fb4c..dd147c42 100644 static ngx_int_t ngx_ssl_session_id_context(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, ngx_array_t *certificates); -@@ -1022,7 +1026,7 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) +@@ -1024,7 +1028,7 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) iname = X509_get_issuer_name(cert); issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; @@ -34,7 +34,7 @@ index 7be4fb4c..dd147c42 100644 "verify:%d, error:%d, depth:%d, " "subject:\"%s\", issuer:\"%s\"", ok, err, depth, subject, issuer); -@@ -1055,7 +1059,7 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret) +@@ -1057,7 +1061,7 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret) if (c->ssl->handshaked) { c->ssl->renegotiation = 1; @@ -43,7 +43,7 @@ index 7be4fb4c..dd147c42 100644 } } -@@ -1616,7 +1620,7 @@ ngx_ssl_handshake(ngx_connection_t *c) +@@ -1693,7 +1697,7 @@ ngx_ssl_handshake(ngx_connection_t *c) n = SSL_do_handshake(c->ssl->connection); @@ -52,7 +52,7 @@ index 7be4fb4c..dd147c42 100644 if (n == 1) { -@@ -1637,7 +1641,11 @@ ngx_ssl_handshake(ngx_connection_t *c) +@@ -1712,7 +1716,11 @@ ngx_ssl_handshake(ngx_connection_t *c) c->recv = ngx_ssl_recv; c->send = ngx_ssl_write; c->recv_chain = ngx_ssl_recv_chain; @@ -64,10 +64,10 @@ index 7be4fb4c..dd147c42 100644 #ifndef SSL_OP_NO_RENEGOTIATION #if OPENSSL_VERSION_NUMBER < 0x10100000L -@@ -1652,12 +1660,19 @@ ngx_ssl_handshake(ngx_connection_t *c) - #endif - #endif +@@ -1741,12 +1749,19 @@ ngx_ssl_handshake(ngx_connection_t *c) + c->ssl->handshaked = 1; + +#if (NGX_SSL_SENDFILE) + c->ssl->can_use_sendfile = BIO_get_ktls_send(SSL_get_wbio(c->ssl->connection)); + ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, @@ -85,7 +85,7 @@ index 7be4fb4c..dd147c42 100644 if (sslerr == SSL_ERROR_WANT_READ) { c->read->ready = 0; -@@ -1728,7 +1743,7 @@ ngx_ssl_try_early_data(ngx_connection_t *c) +@@ -1825,7 +1840,7 @@ ngx_ssl_try_early_data(ngx_connection_t *c) n = SSL_read_early_data(c->ssl->connection, &buf, 1, &readbytes); @@ -94,7 +94,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_read_early_data: %d, %uz", n, readbytes); if (n == SSL_READ_EARLY_DATA_FINISH) { -@@ -1770,7 +1785,7 @@ ngx_ssl_try_early_data(ngx_connection_t *c) +@@ -1880,7 +1895,7 @@ ngx_ssl_try_early_data(ngx_connection_t *c) sslerr = SSL_get_error(c->ssl->connection, n); @@ -103,7 +103,7 @@ index 7be4fb4c..dd147c42 100644 if (sslerr == SSL_ERROR_WANT_READ) { c->read->ready = 0; -@@ -1861,17 +1876,17 @@ ngx_ssl_handshake_log(ngx_connection_t *c) +@@ -1971,17 +1986,17 @@ ngx_ssl_handshake_log(ngx_connection_t *c) *d = '\0'; @@ -124,7 +124,7 @@ index 7be4fb4c..dd147c42 100644 "SSL no shared ciphers"); } } -@@ -1886,7 +1901,7 @@ ngx_ssl_handshake_handler(ngx_event_t *ev) +@@ -1996,7 +2011,7 @@ ngx_ssl_handshake_handler(ngx_event_t *ev) c = ev->data; @@ -133,7 +133,7 @@ index 7be4fb4c..dd147c42 100644 "SSL handshake handler: %d", ev->write); if (ev->timedout) { -@@ -1996,7 +2011,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) +@@ -2110,7 +2125,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) n = SSL_read(c->ssl->connection, buf, size); @@ -142,8 +142,26 @@ index 7be4fb4c..dd147c42 100644 if (n > 0) { bytes += n; -@@ -2100,7 +2115,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size) +@@ -2145,7 +2160,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) + ngx_post_event(c->read, &ngx_posted_next_events); + } +- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, ++ ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, + "SSL_read: avail:%d", c->read->available); + + } else { +@@ -2159,7 +2174,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) + return NGX_ERROR; + } + +- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, ++ ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, + "SSL_read: avail:%d", c->read->available); + + #endif +@@ -2255,7 +2270,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size) + n = SSL_read_early_data(c->ssl->connection, buf, size, &readbytes); - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, @@ -151,7 +169,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_read_early_data: %d, %uz", n, readbytes); if (n == SSL_READ_EARLY_DATA_SUCCESS) { -@@ -2220,7 +2235,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) +@@ -2375,7 +2390,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; @@ -160,7 +178,7 @@ index 7be4fb4c..dd147c42 100644 if (sslerr == SSL_ERROR_WANT_READ) { -@@ -2243,7 +2258,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) +@@ -2398,7 +2413,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) if (sslerr == SSL_ERROR_WANT_WRITE) { @@ -169,7 +187,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_read: want write"); c->write->ready = 0; -@@ -2268,7 +2283,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) +@@ -2423,7 +2438,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) c->ssl->no_send_shutdown = 1; if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { @@ -178,7 +196,7 @@ index 7be4fb4c..dd147c42 100644 "peer shutdown SSL cleanly"); return NGX_DONE; } -@@ -2286,7 +2301,7 @@ ngx_ssl_write_handler(ngx_event_t *wev) +@@ -2441,7 +2456,7 @@ ngx_ssl_write_handler(ngx_event_t *wev) c = wev->data; @@ -187,7 +205,7 @@ index 7be4fb4c..dd147c42 100644 c->read->handler(c->read); } -@@ -2390,7 +2405,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) +@@ -2545,7 +2560,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) size = (ssize_t) (limit - send); } @@ -196,7 +214,7 @@ index 7be4fb4c..dd147c42 100644 "SSL buf copy: %z", size); ngx_memcpy(buf->last, in->buf->pos, size); -@@ -2454,6 +2469,163 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) +@@ -2609,6 +2624,163 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) return in; } @@ -251,7 +269,7 @@ index 7be4fb4c..dd147c42 100644 + ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, + "ngx_ssl_write returns:%z", n); + } -+ ++ + if (n == NGX_ERROR) { + return NGX_CHAIN_ERROR; + } @@ -360,7 +378,7 @@ index 7be4fb4c..dd147c42 100644 ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) -@@ -2469,11 +2641,11 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) +@@ -2624,11 +2796,11 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) ngx_ssl_clear_error(c->log); @@ -374,7 +392,7 @@ index 7be4fb4c..dd147c42 100644 if (n > 0) { -@@ -2499,7 +2671,7 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) +@@ -2666,7 +2838,7 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; @@ -383,7 +401,7 @@ index 7be4fb4c..dd147c42 100644 if (sslerr == SSL_ERROR_WANT_WRITE) { -@@ -2522,7 +2694,7 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) +@@ -2689,7 +2861,7 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) if (sslerr == SSL_ERROR_WANT_READ) { @@ -392,7 +410,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_write: want read"); c->read->ready = 0; -@@ -2565,13 +2737,13 @@ ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size) +@@ -2732,13 +2904,13 @@ ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size) ngx_ssl_clear_error(c->log); @@ -408,7 +426,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_write_early_data: %d, %uz", n, written); if (n > 0) { -@@ -2603,11 +2775,11 @@ ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size) +@@ -2770,11 +2942,11 @@ ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size) err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; @@ -422,7 +440,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_write_early_data: want write"); if (c->ssl->saved_read_handler) { -@@ -2637,7 +2809,7 @@ ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size) +@@ -2804,7 +2976,7 @@ ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size) if (sslerr == SSL_ERROR_WANT_READ) { @@ -431,7 +449,7 @@ index 7be4fb4c..dd147c42 100644 "SSL_write_early_data: want read"); c->read->ready = 0; -@@ -2678,7 +2850,7 @@ ngx_ssl_read_handler(ngx_event_t *rev) +@@ -2845,7 +3017,7 @@ ngx_ssl_read_handler(ngx_event_t *rev) c = rev->data; @@ -440,25 +458,25 @@ index 7be4fb4c..dd147c42 100644 c->write->handler(c->write); } -@@ -2740,7 +2912,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) +@@ -2920,7 +3092,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) - n = SSL_shutdown(c->ssl->connection); + n = SSL_shutdown(c->ssl->connection); -- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); -+ ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, "SSL_shutdown: %d", n); +- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); ++ ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, "SSL_shutdown: %d", n); - sslerr = 0; + if (n == 1) { + SSL_free(c->ssl->connection); +@@ -2937,7 +3109,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) -@@ -2749,7 +2921,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) - if (n != 1 && ERR_peek_error()) { sslerr = SSL_get_error(c->ssl->connection, n); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + ngx_log_debug1(NGX_LOG_DEBUG_SSL, c->log, 0, "SSL_get_error: %d", sslerr); - } -@@ -2803,7 +2975,7 @@ ngx_ssl_shutdown_handler(ngx_event_t *ev) + if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) { +@@ -2996,7 +3168,7 @@ ngx_ssl_shutdown_handler(ngx_event_t *ev) c->timedout = 1; } @@ -467,7 +485,7 @@ index 7be4fb4c..dd147c42 100644 if (ngx_ssl_shutdown(c) == NGX_AGAIN) { return; -@@ -3404,7 +3576,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) +@@ -3592,7 +3764,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) hash = ngx_crc32_short(session_id, session_id_length); @@ -476,7 +494,7 @@ index 7be4fb4c..dd147c42 100644 "ssl new session: %08XD:%ud:%d", hash, session_id_length, len); -@@ -3471,7 +3643,7 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, +@@ -3656,7 +3828,7 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, c = ngx_ssl_get_connection(ssl_conn); @@ -485,7 +503,7 @@ index 7be4fb4c..dd147c42 100644 "ssl get session: %08XD:%d", hash, len); shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx, -@@ -3591,7 +3763,7 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) +@@ -3767,7 +3939,7 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) hash = ngx_crc32_short(id, len); @@ -494,7 +512,7 @@ index 7be4fb4c..dd147c42 100644 "ssl remove session: %08XD:%ud", hash, len); shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; -@@ -3669,7 +3841,7 @@ ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache, +@@ -3845,7 +4017,7 @@ ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache, ngx_queue_remove(q); @@ -503,7 +521,7 @@ index 7be4fb4c..dd147c42 100644 "expire session: %08Xi", sess_id->node.key); ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node); -@@ -3904,7 +4076,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, +@@ -4080,7 +4252,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, if (enc == 1) { /* encrypt session ticket */ @@ -512,7 +530,7 @@ index 7be4fb4c..dd147c42 100644 "ssl session ticket encrypt, key: \"%*s\" (%s session)", ngx_hex_dump(buf, key[0].name, 16) - buf, buf, SSL_session_reused(ssl_conn) ? "reused" : "new"); -@@ -3951,7 +4123,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, +@@ -4127,7 +4299,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, } } @@ -521,7 +539,7 @@ index 7be4fb4c..dd147c42 100644 "ssl session ticket decrypt, key: \"%*s\" not found", ngx_hex_dump(buf, name, 16) - buf, buf); -@@ -3959,7 +4131,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, +@@ -4135,7 +4307,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, found: @@ -530,7 +548,7 @@ index 7be4fb4c..dd147c42 100644 "ssl session ticket decrypt, key: \"%*s\"%s", ngx_hex_dump(buf, key[i].name, 16) - buf, buf, (i == 0) ? " (default)" : ""); -@@ -4056,12 +4228,12 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) +@@ -4232,12 +4404,12 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) } if (X509_check_host(cert, (char *) name->data, name->len, 0, NULL) != 1) { @@ -545,7 +563,7 @@ index 7be4fb4c..dd147c42 100644 "X509_check_host(): match"); goto found; -@@ -4094,19 +4266,19 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) +@@ -4270,19 +4442,19 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) str = altname->d.dNSName; @@ -568,7 +586,7 @@ index 7be4fb4c..dd147c42 100644 "SSL subjectAltName: no match"); GENERAL_NAMES_free(altnames); -@@ -4136,18 +4308,18 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) +@@ -4312,18 +4484,18 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) entry = X509_NAME_get_entry(sname, i); str = X509_NAME_ENTRY_get_data(entry); @@ -591,11 +609,11 @@ index 7be4fb4c..dd147c42 100644 } #endif diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h -index 61da0c5d..ae1e2b0f 100644 +index 329760d..233b7f2 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h -@@ -99,6 +99,9 @@ struct ngx_ssl_connection_s { - unsigned in_early:1; +@@ -106,6 +106,9 @@ struct ngx_ssl_connection_s { + unsigned in_ocsp:1; unsigned early_preread:1; unsigned write_blocked:1; +#if (NGX_SSL_SENDFILE) @@ -604,7 +622,7 @@ index 61da0c5d..ae1e2b0f 100644 }; -@@ -270,6 +273,10 @@ ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); +@@ -289,6 +292,10 @@ ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t limit); ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); @@ -616,7 +634,7 @@ index 61da0c5d..ae1e2b0f 100644 ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c -index 80c19656..8bc5c4b2 100644 +index 204a939..a6bc928 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -605,7 +605,10 @@ ngx_http_alloc_request(ngx_connection_t *c) @@ -648,10 +666,10 @@ index 80c19656..8bc5c4b2 100644 ngx_http_close_connection(c); return; diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c -index a7391d09..d6a8fce4 100644 +index dda4046..46671ac 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c -@@ -1721,6 +1721,11 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, +@@ -1715,6 +1715,11 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010281406.09SE6sGU077238>