diff --git a/.gitignore b/.gitignore index 05127f9..c99aca9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/nginx-1.22.1.tar.gz +SOURCES/nginx-1.24.0.tar.gz SOURCES/nginx-logo.png diff --git a/.nginx.metadata b/.nginx.metadata index 02c4570..1694920 100644 --- a/.nginx.metadata +++ b/.nginx.metadata @@ -1,2 +1,2 @@ -45a89797f7c789287c7f663811efbbd19e84f154 SOURCES/nginx-1.22.1.tar.gz +fec561c95c0320f1860c0d55a8724cd45e5cc238 SOURCES/nginx-1.24.0.tar.gz e28dd656984cc2894d8124c5278789c656f6a9cb SOURCES/nginx-logo.png diff --git a/SOURCES/0007-Enable-TLSv1.3-by-default.patch b/SOURCES/0007-Enable-TLSv1.3-by-default.patch index c8bac0b..b1ef664 100644 --- a/SOURCES/0007-Enable-TLSv1.3-by-default.patch +++ b/SOURCES/0007-Enable-TLSv1.3-by-default.patch @@ -1,21 +1,8 @@ -From cc7b92c61a2833ff9dc2b4dfba4591966769da78 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= -Date: Tue, 21 Jun 2022 13:55:04 +0200 -Subject: [PATCH] Enable TLSv1.3 by default in nginx - ---- - src/event/ngx_event_openssl.c | 77 ++++++++++++++------------ - src/event/ngx_event_openssl.h | 1 + - src/http/modules/ngx_http_ssl_module.c | 3 +- - src/mail/ngx_mail_ssl_module.c | 3 +- - src/stream/ngx_stream_ssl_module.c | 3 +- - 5 files changed, 46 insertions(+), 41 deletions(-) - diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c -index f813458..2e6a6c0 100644 +index 948497c..c6dda52 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c -@@ -258,6 +258,8 @@ ngx_ssl_init(ngx_log_t *log) +@@ -266,6 +266,8 @@ ngx_ssl_init(ngx_log_t *log) ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) { @@ -24,7 +11,7 @@ index f813458..2e6a6c0 100644 ssl->ctx = SSL_CTX_new(SSLv23_method()); if (ssl->ctx == NULL) { -@@ -322,49 +324,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) +@@ -325,49 +327,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); @@ -76,16 +63,16 @@ index f813458..2e6a6c0 100644 + if (protocols & NGX_SSL_TLSv1) { + prot = TLS1_VERSION; + } -+ + +-#ifdef SSL_CTX_set_min_proto_version +- SSL_CTX_set_min_proto_version(ssl->ctx, 0); +- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION); + if (prot == NGX_SSL_NO_PROT) { + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, + "No SSL protocols available [hint: ssl_protocols]"); + return NGX_ERROR; + } - --#ifdef SSL_CTX_set_min_proto_version -- SSL_CTX_set_min_proto_version(ssl->ctx, 0); -- SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION); ++ + SSL_CTX_set_max_proto_version(ssl->ctx, prot); + + /* Now, we have to scan for minimal protocol version, @@ -115,11 +102,11 @@ index f813458..2e6a6c0 100644 #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h -index 329760d..5cee113 100644 +index 41f4501..a346792 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h -@@ -152,6 +152,7 @@ typedef struct { - #endif +@@ -175,6 +175,7 @@ typedef struct { + } ngx_ssl_session_cache_t; +#define NGX_SSL_NO_PROT 0x0000 @@ -127,47 +114,50 @@ index 329760d..5cee113 100644 #define NGX_SSL_SSLv3 0x0004 #define NGX_SSL_TLSv1 0x0008 diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c -index a47d696..94f30db 100644 +index a147054..ad7e3fe 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c -@@ -671,8 +671,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -646,10 +646,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) + ngx_conf_merge_value(conf->early_data, prev->early_data, 0); ngx_conf_merge_value(conf->reject_handshake, prev->reject_handshake, 0); - ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, -- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 -- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); -+ 0) +- ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, +- (NGX_CONF_BITMASK_SET +- |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 +- |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3)); ++ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 0); ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, NGX_SSL_BUFSIZE); diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c -index 7eae83e..8328560 100644 +index 728181d..066aef8 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c -@@ -306,8 +306,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -371,10 +371,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) + ngx_conf_merge_value(conf->prefer_server_ciphers, prev->prefer_server_ciphers, 0); - ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, -- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 -- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); -+ 0); +- ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, +- (NGX_CONF_BITMASK_SET +- |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 +- |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3)); ++ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 0); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c -index d8c0471..cef590d 100644 +index ba70547..a4c14ec 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c -@@ -641,8 +641,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -715,10 +715,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) + ngx_conf_merge_value(conf->prefer_server_ciphers, prev->prefer_server_ciphers, 0); - ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, -- (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 -- |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); -+ 0); +- ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, +- (NGX_CONF_BITMASK_SET +- |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 +- |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3)); ++ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 0); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); --- -2.31.1 - diff --git a/SOURCES/0008-add-ssl-pass-phrase-dialog.patch b/SOURCES/0008-add-ssl-pass-phrase-dialog.patch index bdb48eb..b698cc8 100644 --- a/SOURCES/0008-add-ssl-pass-phrase-dialog.patch +++ b/SOURCES/0008-add-ssl-pass-phrase-dialog.patch @@ -1,6 +1,6 @@ -From c0f75dac24544bdae1ccfccf3d6a05c1b9243d8a Mon Sep 17 00:00:00 2001 +From a8cae4e95ba8b5f38c68f23502f1603af8a76c58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= -Date: Thu, 23 May 2024 14:09:05 +0200 +Date: Thu, 23 May 2024 16:18:35 +0200 Subject: [PATCH] Add ssl-pass-phrase-dialog --- @@ -20,10 +20,10 @@ Subject: [PATCH] Add ssl-pass-phrase-dialog 13 files changed, 344 insertions(+), 25 deletions(-) diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim -index 6828cd3..9df0a53 100644 +index 7d587fc..15b21e2 100644 --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim -@@ -624,6 +624,7 @@ syn keyword ngxDirective contained ssl_ocsp +@@ -617,6 +617,7 @@ syn keyword ngxDirective contained ssl_ocsp syn keyword ngxDirective contained ssl_ocsp_cache syn keyword ngxDirective contained ssl_ocsp_responder syn keyword ngxDirective contained ssl_password_file @@ -32,7 +32,7 @@ index 6828cd3..9df0a53 100644 syn keyword ngxDirective contained ssl_preread syn keyword ngxDirective contained ssl_protocols diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c -index d6fe5bc..fb05ab9 100644 +index 7b69f3f..3519831 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -9,9 +9,8 @@ @@ -57,7 +57,7 @@ index d6fe5bc..fb05ab9 100644 static int ngx_ssl_password_callback(char *buf, int size, int rwflag, void *userdata); static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); -@@ -87,6 +86,12 @@ static time_t ngx_ssl_parse_time( +@@ -88,6 +87,12 @@ static time_t ngx_ssl_parse_time( #endif ASN1_TIME *asn1time, ngx_log_t *log); @@ -70,7 +70,7 @@ index d6fe5bc..fb05ab9 100644 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static void ngx_openssl_exit(ngx_cycle_t *cycle); -@@ -404,7 +409,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) +@@ -405,7 +410,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, @@ -79,7 +79,7 @@ index d6fe5bc..fb05ab9 100644 { ngx_str_t *cert, *key; ngx_uint_t i; -@@ -414,7 +419,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, +@@ -415,7 +420,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, for (i = 0; i < certs->nelts; i++) { @@ -88,7 +88,7 @@ index d6fe5bc..fb05ab9 100644 != NGX_OK) { return NGX_ERROR; -@@ -427,12 +432,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, +@@ -428,12 +433,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, @@ -103,7 +103,7 @@ index d6fe5bc..fb05ab9 100644 x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain); if (x509 == NULL) { -@@ -522,8 +528,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, +@@ -523,8 +529,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, } #endif @@ -129,7 +129,7 @@ index d6fe5bc..fb05ab9 100644 if (err != NULL) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "cannot load certificate key \"%s\": %s", -@@ -593,7 +614,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool, +@@ -594,7 +615,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool, #endif @@ -138,7 +138,7 @@ index d6fe5bc..fb05ab9 100644 if (pkey == NULL) { if (err != NULL) { ngx_ssl_error(NGX_LOG_ERR, c->log, 0, -@@ -771,10 +792,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert, +@@ -772,10 +793,81 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert, return x509; } @@ -222,7 +222,7 @@ index d6fe5bc..fb05ab9 100644 { BIO *bio; EVP_PKEY *pkey; -@@ -870,11 +962,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, +@@ -871,11 +963,26 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, tries = 1; pwd = NULL; cb = NULL; @@ -251,7 +251,7 @@ index d6fe5bc..fb05ab9 100644 break; } diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h -index eb3288b..b275a38 100644 +index 7759e1a..a346792 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -74,9 +74,19 @@ @@ -282,7 +282,7 @@ index eb3288b..b275a38 100644 struct ngx_ssl_connection_s { ngx_ssl_conn_t *connection; SSL_CTX *session_ctx; -@@ -184,9 +193,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log); +@@ -185,9 +194,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log); ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data); ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, @@ -295,10 +295,10 @@ index eb3288b..b275a38 100644 ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords); diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c -index 864fc4f..c1b5fb4 100644 +index dfe49c5..904263d 100644 --- a/src/http/modules/ngx_http_grpc_module.c +++ b/src/http/modules/ngx_http_grpc_module.c -@@ -4925,7 +4925,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) +@@ -4983,7 +4983,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) if (ngx_ssl_certificate(cf, glcf->upstream.ssl, &glcf->upstream.ssl_certificate->value, &glcf->upstream.ssl_certificate_key->value, @@ -308,10 +308,10 @@ index 864fc4f..c1b5fb4 100644 { return NGX_ERROR; diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c -index 7c4061c..e971396 100644 +index 9cc202c..2c938d7 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c -@@ -4974,7 +4974,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf) +@@ -5032,7 +5032,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf) if (ngx_ssl_certificate(cf, plcf->upstream.ssl, &plcf->upstream.ssl_certificate->value, &plcf->upstream.ssl_certificate_key->value, @@ -321,7 +321,7 @@ index 7c4061c..e971396 100644 { return NGX_ERROR; diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c -index e765a50..6af69d1 100644 +index f1fae50..ad7e3fe 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -17,8 +17,9 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, @@ -386,7 +386,7 @@ index e765a50..6af69d1 100644 ngx_pool_cleanup_t *cln; -@@ -672,6 +687,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -671,6 +686,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_str_value(conf->stapling_responder, prev->stapling_responder, ""); @@ -396,7 +396,7 @@ index e765a50..6af69d1 100644 conf->ssl.log = cf->log; if (conf->enable) { -@@ -734,6 +752,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -733,6 +751,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) cln->handler = ngx_ssl_cleanup_ctx; cln->data = &conf->ssl; @@ -427,7 +427,7 @@ index e765a50..6af69d1 100644 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, -@@ -784,7 +826,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -783,7 +825,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) /* configure certificates */ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, @@ -436,7 +436,7 @@ index e765a50..6af69d1 100644 != NGX_OK) { return NGX_CONF_ERROR; -@@ -1333,3 +1375,31 @@ ngx_http_ssl_init(ngx_conf_t *cf) +@@ -1332,3 +1374,31 @@ ngx_http_ssl_init(ngx_conf_t *cf) return NGX_OK; } @@ -482,10 +482,10 @@ index 7ab0f7e..2f83d75 100644 diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c -index d46741a..d728874 100644 +index e4f721b..61efa99 100644 --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c -@@ -2461,7 +2461,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) +@@ -2564,7 +2564,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->upstream.ssl_certificate->value, &uwcf->upstream.ssl_certificate_key->value, @@ -495,7 +495,7 @@ index d46741a..d728874 100644 { return NGX_ERROR; diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c -index 63af775..b3cd38e 100644 +index 01a04c8..066aef8 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -13,6 +13,7 @@ @@ -538,7 +538,7 @@ index 63af775..b3cd38e 100644 char *mode; ngx_pool_cleanup_t *cln; -@@ -386,6 +398,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -385,6 +397,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL); @@ -547,7 +547,7 @@ index 63af775..b3cd38e 100644 conf->ssl.log = cf->log; -@@ -447,6 +461,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -446,6 +460,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) cln->handler = ngx_ssl_cleanup_ctx; cln->data = &conf->ssl; @@ -577,7 +577,7 @@ index 63af775..b3cd38e 100644 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL); #endif -@@ -459,7 +496,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -458,7 +495,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) } if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, @@ -586,7 +586,7 @@ index 63af775..b3cd38e 100644 != NGX_OK) { return NGX_CONF_ERROR; -@@ -743,3 +780,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) +@@ -742,3 +779,32 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) return NGX_CONF_OK; #endif } @@ -633,10 +633,10 @@ index a0a6113..3d87d50 100644 diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c -index 934e7d8..34d0195 100644 +index ed275c0..1747aed 100644 --- a/src/stream/ngx_stream_proxy_module.c +++ b/src/stream/ngx_stream_proxy_module.c -@@ -2248,7 +2248,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) +@@ -2305,7 +2305,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) if (ngx_ssl_certificate(cf, pscf->ssl, &pscf->ssl_certificate->value, &pscf->ssl_certificate_key->value, @@ -646,7 +646,7 @@ index 934e7d8..34d0195 100644 { return NGX_ERROR; diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c -index f922ac4..66b4b67 100644 +index c692884..a4c14ec 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, @@ -690,7 +690,7 @@ index f922ac4..66b4b67 100644 ngx_pool_cleanup_t *cln; -@@ -730,6 +743,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -729,6 +742,8 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL); @@ -699,7 +699,7 @@ index f922ac4..66b4b67 100644 conf->ssl.log = cf->log; -@@ -777,6 +792,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -776,6 +791,23 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) cln->handler = ngx_ssl_cleanup_ctx; cln->data = &conf->ssl; @@ -723,7 +723,7 @@ index f922ac4..66b4b67 100644 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, ngx_stream_ssl_servername); -@@ -821,7 +853,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) +@@ -820,7 +852,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) /* configure certificates */ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, @@ -732,7 +732,7 @@ index f922ac4..66b4b67 100644 != NGX_OK) { return NGX_CONF_ERROR; -@@ -1207,3 +1239,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf) +@@ -1206,3 +1238,31 @@ ngx_stream_ssl_init(ngx_conf_t *cf) return NGX_OK; } diff --git a/SOURCES/404.html b/SOURCES/404.html index de97ec6..c6014a7 100644 --- a/SOURCES/404.html +++ b/SOURCES/404.html @@ -7,7 +7,7 @@