Updated nginx_dynamic_tls_records.patch, FreeBSD build

robvanoostenrijk · Oct 20, 2024 · 5069f2c · 5069f2c
1 parent c77b982
commit 5069f2c
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 44 deletions.
diff --git a/build-freebsd.sh b/build-freebsd.sh
@@ -3,13 +3,13 @@
 BASE_DIR="$(cd "$(dirname "$0")"; pwd)";
 echo "[i] BASE_DIR => $BASE_DIR"
 
-AWS_LC_TAG=v1.36.0
+AWS_LC_TAG=v1.37.0
 MODULE_NGINX_COOKIE_FLAG=v1.1.0
 MODULE_NGINX_DEVEL_KIT=v0.3.3
 MODULE_NGINX_ECHO=v0.63
 MODULE_NGINX_HEADERS_MORE=v0.37
 MODULE_NGINX_MISC=v0.33
-MODULE_NGINX_NJS=0.8.4
+MODULE_NGINX_NJS=0.8.6
 MODULE_NGINX_VTS=v0.2.2
 NGINX=1.27.1
 

diff --git a/nginx_dynamic_tls_records.patch b/nginx_dynamic_tls_records.patch
@@ -24,20 +24,20 @@ records again).
 
 
 diff --color -uNr a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
---- a/src/event/ngx_event_openssl.c	2023-06-13 23:08:10.000000000 +0800
-+++ b/src/event/ngx_event_openssl.c	2023-06-14 15:43:05.834243714 +0800
-@@ -1674,6 +1674,7 @@
- 
+--- a/src/event/ngx_event_openssl.c     2024-10-02 23:13:19.000000000 +0800
++++ b/src/event/ngx_event_openssl.c     2024-10-03 00:39:06.785676329 +0800
+@@ -1594,6 +1594,7 @@
+
      sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
      sc->buffer_size = ssl->buffer_size;
 +    sc->dyn_rec = ssl->dyn_rec;
- 
+
      sc->session_ctx = ssl->ctx;
- 
-@@ -2645,6 +2646,41 @@
- 
+
+@@ -2565,6 +2566,41 @@
+
      for ( ;; ) {
- 
+
 +        /* Dynamic record resizing:
 +           We want the initial records to fit into one TCP segment
 +           so we don't get TCP HoL blocking due to TCP Slow Start.
@@ -76,23 +76,23 @@ diff --color -uNr a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.
          while (in && buf->last < buf->end && send < limit) {
              if (in->buf->last_buf || in->buf->flush) {
                  flush = 1;
-@@ -2784,6 +2820,9 @@
- 
+@@ -2704,6 +2740,9 @@
+
      if (n > 0) {
- 
+
 +        c->ssl->dyn_rec_records_sent++;
 +        c->ssl->dyn_rec_last_write = ngx_current_msec;
 +
          if (c->ssl->saved_read_handler) {
- 
+
              c->read->handler = c->ssl->saved_read_handler;
 diff --color -uNr a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
---- a/src/event/ngx_event_openssl.h	2023-06-13 23:08:10.000000000 +0800
-+++ b/src/event/ngx_event_openssl.h	2023-06-14 15:43:05.834243714 +0800
-@@ -86,10 +86,19 @@
+--- a/src/event/ngx_event_openssl.h     2024-10-02 23:13:19.000000000 +0800
++++ b/src/event/ngx_event_openssl.h     2024-10-03 00:41:22.785252479 +0800
+@@ -86,6 +86,14 @@
  typedef struct ngx_ssl_ocsp_s  ngx_ssl_ocsp_t;
- 
- 
+
+
 +typedef struct {
 +    ngx_msec_t                  timeout;
 +    ngx_uint_t                  threshold;
@@ -104,12 +104,16 @@ diff --color -uNr a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.
  struct ngx_ssl_s {
      SSL_CTX                    *ctx;
      ngx_log_t                  *log;
-     size_t                      buffer_size;
+@@ -95,6 +103,8 @@
+
+     ngx_rbtree_t                staple_rbtree;
+     ngx_rbtree_node_t           staple_sentinel;
++
 +    ngx_ssl_dyn_rec_t           dyn_rec;
  };
- 
- 
-@@ -128,6 +137,10 @@
+
+
+@@ -133,6 +143,10 @@
      unsigned                    in_ocsp:1;
      unsigned                    early_preread:1;
      unsigned                    write_blocked:1;
@@ -118,24 +122,24 @@ diff --color -uNr a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.
 +    ngx_msec_t                  dyn_rec_last_write;
 +    ngx_uint_t                  dyn_rec_records_sent;
  };
- 
- 
-@@ -137,7 +150,7 @@
+
+
+@@ -142,7 +156,7 @@
  #define NGX_SSL_DFLT_BUILTIN_SCACHE  -5
- 
- 
+
+
 -#define NGX_SSL_MAX_SESSION_SIZE  4096
 +#define NGX_SSL_MAX_SESSION_SIZE  16384
- 
+
  typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;
- 
+
 diff --color -uNr a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
---- a/src/http/modules/ngx_http_ssl_module.c	2023-06-13 23:08:10.000000000 +0800
-+++ b/src/http/modules/ngx_http_ssl_module.c	2023-06-14 15:43:05.834243714 +0800
+--- a/src/http/modules/ngx_http_ssl_module.c    2024-10-02 23:13:19.000000000 +0800
++++ b/src/http/modules/ngx_http_ssl_module.c    2024-10-03 00:39:06.788676408 +0800
 @@ -290,6 +290,41 @@
        offsetof(ngx_http_ssl_srv_conf_t, reject_handshake),
        NULL },
- 
+
 +    { ngx_string("ssl_dyn_rec_enable"),
 +      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
 +      ngx_conf_set_flag_slot,
@@ -173,7 +177,7 @@ diff --color -uNr a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ng
 +
        ngx_null_command
  };
- 
+
 @@ -629,6 +664,11 @@
      sscf->ocsp_cache_zone = NGX_CONF_UNSET_PTR;
      sscf->stapling = NGX_CONF_UNSET;
@@ -183,13 +187,13 @@ diff --color -uNr a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ng
 +    sscf->dyn_rec_size_lo = NGX_CONF_UNSET_SIZE;
 +    sscf->dyn_rec_size_hi = NGX_CONF_UNSET_SIZE;
 +    sscf->dyn_rec_threshold = NGX_CONF_UNSET_UINT;
- 
+
      return sscf;
  }
 @@ -694,6 +734,20 @@
      ngx_conf_merge_str_value(conf->stapling_responder,
                           prev->stapling_responder, "");
- 
+
 +    ngx_conf_merge_value(conf->dyn_rec_enable, prev->dyn_rec_enable, 0);
 +    ngx_conf_merge_msec_value(conf->dyn_rec_timeout, prev->dyn_rec_timeout,
 +                             1000);
@@ -205,12 +209,12 @@ diff --color -uNr a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ng
 +                             40);
 +
      conf->ssl.log = cf->log;
- 
+
      if (conf->certificates) {
-@@ -890,6 +944,28 @@
+@@ -894,6 +948,28 @@
          return NGX_CONF_ERROR;
      }
- 
+
 +    if (conf->dyn_rec_enable) {
 +        conf->ssl.dyn_rec.timeout = conf->dyn_rec_timeout;
 +        conf->ssl.dyn_rec.threshold = conf->dyn_rec_threshold;
@@ -235,10 +239,10 @@ diff --color -uNr a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ng
 +
      return NGX_CONF_OK;
  }
- 
+
 diff --color -uNr a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
---- a/src/http/modules/ngx_http_ssl_module.h	2023-06-13 23:08:10.000000000 +0800
-+++ b/src/http/modules/ngx_http_ssl_module.h	2023-06-14 15:43:38.264102815 +0800
+--- a/src/http/modules/ngx_http_ssl_module.h    2024-10-02 23:13:19.000000000 +0800
++++ b/src/http/modules/ngx_http_ssl_module.h    2024-10-03 00:39:06.789676434 +0800
 @@ -62,6 +62,12 @@
      ngx_flag_t                      stapling_verify;
      ngx_str_t                       stapling_file;
@@ -251,4 +255,3 @@ diff --color -uNr a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ng
 +    ngx_uint_t                      dyn_rec_threshold;
  } ngx_http_ssl_srv_conf_t;
 
-