forked from rpms/nginx
Compare commits
No commits in common. "c8-beta-stream-1.18" and "c8-stream-1.16" have entirely different histories.
c8-beta-st
...
c8-stream-
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/nginx-1.18.0.tar.gz
|
||||
SOURCES/nginx-1.16.1.tar.gz
|
||||
SOURCES/poweredby.png
|
||||
|
@ -1,2 +1,2 @@
|
||||
47b2c5ccd12e2a7088b03d629ff6b9ab18215180 SOURCES/nginx-1.18.0.tar.gz
|
||||
77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
|
||||
2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png
|
||||
|
@ -1,76 +0,0 @@
|
||||
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
|
||||
index 0a2f260..606b6e2 100644
|
||||
--- a/src/event/ngx_event_openssl.c
|
||||
+++ b/src/event/ngx_event_openssl.c
|
||||
@@ -616,6 +616,71 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
|
||||
X509 *x509, *temp;
|
||||
u_long n;
|
||||
|
||||
+ if (ngx_strncmp(cert->data, "engine:", sizeof("engine:") - 1) == 0) {
|
||||
+
|
||||
+#ifndef OPENSSL_NO_ENGINE
|
||||
+
|
||||
+ u_char *p, *last;
|
||||
+ ENGINE *engine;
|
||||
+
|
||||
+ p = cert->data + sizeof("engine:") - 1;
|
||||
+ last = (u_char *) ngx_strchr(p, ':');
|
||||
+
|
||||
+ if (last == NULL) {
|
||||
+ *err = "invalid syntax";
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ *last = '\0';
|
||||
+
|
||||
+ engine = ENGINE_by_id((char *) p);
|
||||
+
|
||||
+ if (engine == NULL) {
|
||||
+ *err = "ENGINE_by_id() failed";
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (!ENGINE_init(engine)) {
|
||||
+ *err = "ENGINE_init() failed";
|
||||
+ ENGINE_free(engine);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ *last++ = ':';
|
||||
+
|
||||
+ struct {
|
||||
+ const char *cert_id;
|
||||
+ X509 *cert;
|
||||
+ } params = { (char *) last, NULL };
|
||||
+
|
||||
+ if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, ¶ms, NULL, 1)) {
|
||||
+ *err = "ENGINE_ctrl_cmd() failed - Unable to get the certificate";
|
||||
+ ENGINE_free(engine);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ ENGINE_finish(engine);
|
||||
+ ENGINE_free(engine);
|
||||
+
|
||||
+ /* set chain to null */
|
||||
+
|
||||
+ *chain = sk_X509_new_null();
|
||||
+ if (*chain == NULL) {
|
||||
+ *err = "sk_X509_new_null() failed";
|
||||
+ X509_free(params.cert);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return params.cert;
|
||||
+
|
||||
+#else
|
||||
+
|
||||
+ *err = "loading \"engine:...\" certificate is not supported";
|
||||
+ return NULL;
|
||||
+
|
||||
+#endif
|
||||
+ }
|
||||
+
|
||||
if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
|
||||
|
||||
bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
|
@ -25,7 +25,7 @@ http {
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 4096;
|
||||
types_hash_max_size 2048;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
@ -36,14 +36,17 @@ http {
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
# Load configuration files for the default server block.
|
||||
include /etc/nginx/default.d/*.conf;
|
||||
|
||||
location / {
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
@ -56,8 +59,8 @@ http {
|
||||
# Settings for a TLS enabled server.
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl http2;
|
||||
# listen [::]:443 ssl http2;
|
||||
# listen 443 ssl http2 default_server;
|
||||
# listen [::]:443 ssl http2 default_server;
|
||||
# server_name _;
|
||||
# root /usr/share/nginx/html;
|
||||
#
|
||||
@ -71,6 +74,9 @@ http {
|
||||
# # Load configuration files for the default server block.
|
||||
# include /etc/nginx/default.d/*.conf;
|
||||
#
|
||||
# location / {
|
||||
# }
|
||||
#
|
||||
# error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
# }
|
||||
|
@ -18,8 +18,8 @@
|
||||
|
||||
Name: nginx
|
||||
Epoch: 1
|
||||
Version: 1.18.0
|
||||
Release: 2%{?dist}
|
||||
Version: 1.16.1
|
||||
Release: 1%{?dist}
|
||||
|
||||
Summary: A high performance web server and reverse proxy server
|
||||
Group: System Environment/Daemons
|
||||
@ -59,9 +59,6 @@ Patch3: nginx-1.14.1-perl-module-hardening.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1643647
|
||||
Patch4: nginx-1.16.0-enable-tls1v3-by-default.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1668717
|
||||
Patch5: nginx-1.18.0-pkcs11-cert.patch
|
||||
|
||||
%if 0%{?with_gperftools}
|
||||
BuildRequires: gperftools-devel
|
||||
%endif
|
||||
@ -192,7 +189,6 @@ Requires: nginx
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
|
||||
|
||||
@ -465,14 +461,6 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Apr 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:1.18.0-2
|
||||
- new version 1.18.0
|
||||
- Resolves: #1668717 - [RFE] Support loading certificates from hardware token
|
||||
(PKCS#11)
|
||||
- Increased types_hash_max_size to 4096 in default config
|
||||
- Drop location / from default config (rhbz#1564768)
|
||||
- Drop default_sever from default config (rhbz#1373822)
|
||||
|
||||
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.16.1-1
|
||||
- update to 1.16.1
|
||||
- Resolves: #1745697 - CVE-2019-9511 nginx:1.16/nginx: HTTP/2: large amount
|
||||
|
Loading…
Reference in New Issue
Block a user