diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | PKGBUILD | 16 | ||||
-rw-r--r-- | openssl-1.1.patch | 819 |
3 files changed, 835 insertions, 16 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Mon Jun 26 07:39:44 UTC 2017 +# Sat Sep 16 12:34:32 UTC 2017 pkgbase = nginx-mainline-mod-lua pkgdesc = Lua script engine module for mainline nginx - pkgver = 0.10.8 + pkgver = 0.10.10 pkgrel = 1 url = https://github.com/openresty/lua-nginx-module arch = i686 @@ -11,12 +11,12 @@ pkgbase = nginx-mainline-mod-lua depends = nginx-mainline depends = nginx-mainline-mod-ndk depends = luajit - source = https://nginx.org/download/nginx-1.13.0.tar.gz - source = https://github.com/openresty/lua-nginx-module/archive/v0.10.8/lua-0.10.8.tar.gz - source = nginx-mainline-mod-lua-nginx-1.11.11.patch::https://github.com/openresty/lua-nginx-module/commit/0459a285ca0159d45e73da8bd1164edb5c57cde3.patch - sha256sums = 79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7 - sha256sums = d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd - sha256sums = 57867eda9eeee7fe5b55d8916047c8e5ffd156cfed4ca2d64470ae4132784261 + source = https://nginx.org/download/nginx-1.13.4.tar.gz + source = https://github.com/openresty/lua-nginx-module/archive/v0.10.10/lua-0.10.10.tar.gz + source = openssl-1.1.patch + sha256sums = de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba + sha256sums = b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9 + sha256sums = 60aed346397e06f870c7e17798f6e3ce11f078c5ae6e573098d53132c1afdb58 pkgname = nginx-mainline-mod-lua @@ -1,11 +1,11 @@ # Maintainer: Massimiliano Torromeo <massimiliano.torromeo@gmail.com> pkgname=nginx-mainline-mod-lua -pkgver=0.10.8 +pkgver=0.10.10 pkgrel=1 _modname="${pkgname#nginx-mainline-mod-}" -_nginxver=1.13.0 +_nginxver=1.13.4 pkgdesc='Lua script engine module for mainline nginx' arch=('i686' 'x86_64') @@ -16,20 +16,20 @@ license=('BSD') source=( https://nginx.org/download/nginx-$_nginxver.tar.gz https://github.com/openresty/$_modname-nginx-module/archive/v$pkgver/$_modname-$pkgver.tar.gz - $pkgname-nginx-1.11.11.patch::https://github.com/openresty/lua-nginx-module/commit/0459a285ca0159d45e73da8bd1164edb5c57cde3.patch + openssl-1.1.patch ) -sha256sums=('79f52ab6550f854e14439369808105b5780079769d7b8db3856be03c683605d7' - 'd67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd' - '57867eda9eeee7fe5b55d8916047c8e5ffd156cfed4ca2d64470ae4132784261') +sha256sums=('de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba' + 'b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9' + '60aed346397e06f870c7e17798f6e3ce11f078c5ae6e573098d53132c1afdb58') prepare() { cd "$srcdir"/$_modname-nginx-module-$pkgver - patch -p1 -i "$srcdir"/$pkgname-nginx-1.11.11.patch + patch -p1 -i "$srcdir"/openssl-1.1.patch } build() { cd "$srcdir"/nginx-$_nginxver - ./configure $(nginx -V 2>&1 | grep 'configure arguments' | sed -r 's@^[^:]+: @@') --add-dynamic-module=../$_modname-nginx-module-$pkgver + ./configure --with-compat --add-dynamic-module=../$_modname-nginx-module-$pkgver make modules } diff --git a/openssl-1.1.patch b/openssl-1.1.patch new file mode 100644 index 000000000000..bda407c95065 --- /dev/null +++ b/openssl-1.1.patch @@ -0,0 +1,819 @@ +diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c +index 382a94de..07164746 100644 +--- a/src/ngx_http_lua_socket_tcp.c ++++ b/src/ngx_http_lua_socket_tcp.c +@@ -1316,9 +1316,8 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) + return 2; + } + +- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, +- "lua ssl set session: %p:%d", +- *psession, (*psession)->references); ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, ++ "lua ssl set session: %p", *psession); + } + } + +@@ -1583,9 +1582,8 @@ ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, + } else { + *ud = ssl_session; + +- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, +- "lua ssl save session: %p:%d", ssl_session, +- ssl_session->references); ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, ++ "lua ssl save session: %p", ssl_session); + + /* set up the __gc metamethod */ + lua_pushlightuserdata(L, &ngx_http_lua_ssl_session_metatable_key); +@@ -5365,9 +5363,8 @@ ngx_http_lua_ssl_free_session(lua_State *L) + + psession = lua_touserdata(L, 1); + if (psession && *psession != NULL) { +- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, +- "lua ssl free session: %p:%d", *psession, +- (*psession)->references); ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, ++ "lua ssl free session: %p", *psession); + + ngx_ssl_free_session(*psession); + } +diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c +index 31b4f243..9ec8b509 100644 +--- a/src/ngx_http_lua_ssl_ocsp.c ++++ b/src/ngx_http_lua_ssl_ocsp.c +@@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r, + return NGX_ERROR; + } + ++#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE ++ if (SSL_get_tlsext_status_type(ssl_conn) == -1) { ++#else + if (ssl_conn->tlsext_status_type == -1) { ++#endif + dd("no ocsp status req from client"); + return NGX_DECLINED; + } +diff --git a/src/ngx_http_lua_ssl_session_fetchby.c b/src/ngx_http_lua_ssl_session_fetchby.c +index 556b7320..5289cb92 100644 +--- a/src/ngx_http_lua_ssl_session_fetchby.c ++++ b/src/ngx_http_lua_ssl_session_fetchby.c +@@ -171,8 +171,11 @@ ngx_http_lua_ssl_sess_fetch_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, + + /* cached session fetching callback to be set with SSL_CTX_sess_set_get_cb */ + ngx_ssl_session_t * +-ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id, +- int len, int *copy) ++ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++ const ++#endif ++ u_char *id, int len, int *copy) + { + lua_State *L; + ngx_int_t rc; +@@ -284,7 +287,7 @@ ngx_http_lua_ssl_sess_fetch_handler(ngx_ssl_conn_t *ssl_conn, u_char *id, + cctx->exit_code = 1; /* successful by default */ + cctx->connection = c; + cctx->request = r; +- cctx->session_id.data = id; ++ cctx->session_id.data = (u_char *) id; + cctx->session_id.len = len; + cctx->entered_sess_fetch_handler = 1; + cctx->done = 0; +diff --git a/src/ngx_http_lua_ssl_session_fetchby.h b/src/ngx_http_lua_ssl_session_fetchby.h +index 5a6f96f5..50c6616d 100644 +--- a/src/ngx_http_lua_ssl_session_fetchby.h ++++ b/src/ngx_http_lua_ssl_session_fetchby.h +@@ -25,7 +25,11 @@ char *ngx_http_lua_ssl_sess_fetch_by_lua_block(ngx_conf_t *cf, + ngx_command_t *cmd, void *conf); + + ngx_ssl_session_t *ngx_http_lua_ssl_sess_fetch_handler( +- ngx_ssl_conn_t *ssl_conn, u_char *id, int len, int *copy); ++ ngx_ssl_conn_t *ssl_conn, ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++ const ++#endif ++ u_char *id, int len, int *copy); + #endif + + +diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c +index bae8273d..dc1fad9b 100644 +--- a/src/ngx_http_lua_ssl_session_storeby.c ++++ b/src/ngx_http_lua_ssl_session_storeby.c +@@ -172,6 +172,8 @@ int + ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, + ngx_ssl_session_t *sess) + { ++ const u_char *sess_id; ++ unsigned int sess_id_len; + lua_State *L; + ngx_int_t rc; + ngx_connection_t *c, *fc = NULL; +@@ -246,11 +248,13 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, + } + } + ++ sess_id = SSL_SESSION_get_id(sess, &sess_id_len); ++ + cctx->connection = c; + cctx->request = r; + cctx->session = sess; +- cctx->session_id.data = sess->session_id; +- cctx->session_id.len = sess->session_id_length; ++ cctx->session_id.data = (u_char *) sess_id; ++ cctx->session_id.len = sess_id_len; + cctx->done = 0; + + dd("setting cctx"); +diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t +index 1c3f7cd0..daa95005 100644 +--- a/t/129-ssl-socket.t ++++ b/t/129-ssl-socket.t +@@ -108,10 +108,10 @@ sent http request: 59 bytes. + received: HTTP/1.1 (?:200 OK|302 Found) + close: 1 nil + \z +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- no_error_log + lua ssl server name: +@@ -182,8 +182,11 @@ connected: 1 + failed to do SSL handshake: handshake failed + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ +---- grep_error_log_out ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ ++--- grep_error_log_out eval ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) ++$/ + --- no_error_log + lua ssl server name: + SSL reused session +@@ -255,10 +258,10 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "openresty.org" +@@ -343,13 +346,13 @@ sent http request: 56 bytes. + received: HTTP/1.1 200 OK + close: 1 nil + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl set session: \1:2 +-lua ssl save session: \1:3 +-lua ssl free session: \1:2 +-lua ssl free session: \1:1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl set session: \1 ++lua ssl save session: \1 ++lua ssl free session: \1 ++lua ssl free session: \1 + $/ + + --- error_log +@@ -432,7 +435,7 @@ failed to send http request: closed + \z + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "blah.openresty.org" +@@ -512,7 +515,7 @@ failed to send http request: closed + \z + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "blah.openresty.org" +@@ -587,10 +590,10 @@ received: HTTP/1.1 404 Not Found + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + + --- error_log +@@ -672,10 +675,10 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]++/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + + --- error_log +@@ -754,7 +757,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate + failed to send http request: closed + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "openresty.org" +@@ -833,7 +836,7 @@ failed to do SSL handshake: 20: unable to get local issuer certificate + failed to send http request: closed + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "openresty.org" +@@ -923,10 +926,10 @@ sent http request: 59 bytes. + received: HTTP/1.1 (?:200 OK|302 Found) + close: 1 nil + \z +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "www.google.com" +@@ -1013,7 +1016,7 @@ GET /t + connected: 1 + failed to do SSL handshake: 20: unable to get local issuer certificate + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "www.google.com" +@@ -1095,10 +1098,10 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + + --- error_log +@@ -1174,10 +1177,10 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "openresty.org" +@@ -1254,14 +1257,14 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "openresty.org" +-SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-SHA ++SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-SHA + --- no_error_log + SSL reused session + [error] +@@ -1334,14 +1337,14 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "openresty.org" +-SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA ++SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA + --- no_error_log + SSL reused session + [error] +@@ -1412,7 +1415,7 @@ failed to do SSL handshake: handshake failed + failed to send http request: closed + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log eval + [ +@@ -1488,10 +1491,10 @@ ssl handshake: userdata + set keepalive: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: \1:2 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: \1 + $/ + + --- error_log +@@ -1564,14 +1567,14 @@ ssl handshake: userdata + set keepalive: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl save session: \1:3 +-lua ssl save session: \1:4 +-lua ssl free session: \1:4 +-lua ssl free session: \1:3 +-lua ssl free session: \1:2 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl save session: \1 ++lua ssl save session: \1 ++lua ssl free session: \1 ++lua ssl free session: \1 ++lua ssl free session: \1 + $/ + + --- error_log +@@ -1615,7 +1618,7 @@ hello world + --- response_body_like: 500 Internal Server Error + --- error_code: 500 + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + attempt to call method 'sslhandshake' (a nil value) +@@ -1704,7 +1707,7 @@ received: Server: nginx + received: Content-Type: text/plain + received: Content-Length: 4 + received: Connection: close +-received: ++received: + received: foo + close: 1 nil + +@@ -1714,10 +1717,10 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- no_error_log + lua ssl server name: +@@ -1809,7 +1812,7 @@ received: Server: nginx + received: Content-Type: text/plain + received: Content-Length: 4 + received: Connection: close +-received: ++received: + received: foo + close: 1 nil + +@@ -1819,10 +1822,10 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "test.com" +@@ -1912,7 +1915,7 @@ failed to do SSL handshake: handshake failed + ">>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log eval + qr/SSL_do_handshake\(\) failed .*?unknown protocol/ +@@ -2011,7 +2014,7 @@ $::TestCertificate + >>> test.crl + $::TestCRL" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "test.com" +@@ -2090,12 +2093,12 @@ received: HTTP/1.1 302 Moved Temporarily + close: 1 nil + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl save session: ([0-9A-F]+):3 +-lua ssl free session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + lua ssl server name: "openresty.org" +@@ -2149,7 +2152,7 @@ connected: 1 + failed to do SSL handshake: timeout + + --- log_level: debug +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl server name: "openresty.org" +@@ -2221,7 +2224,7 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- no_error_log + lua ssl server name: +@@ -2292,10 +2295,10 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- no_error_log + lua ssl server name: +@@ -2372,7 +2375,7 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- no_error_log + lua ssl server name: +@@ -2464,7 +2467,7 @@ received: Server: nginx + received: Content-Type: text/plain + received: Content-Length: 4 + received: Connection: close +-received: ++received: + received: foo + close: 1 nil + +@@ -2474,10 +2477,10 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out eval +-qr/^lua ssl save session: ([0-9A-F]+):2 +-lua ssl free session: ([0-9A-F]+):1 ++qr/^lua ssl save session: ([0-9A-F]+) ++lua ssl free session: ([0-9A-F]+) + $/ + --- error_log + --- no_error_log +@@ -2570,7 +2573,7 @@ $::TestCertificateKey + >>> test.crt + $::TestCertificate" + +---- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+:\d+/ ++--- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ + --- grep_error_log_out + --- error_log + lua ssl certificate verify error: (18: self signed certificate) +diff --git a/t/142-ssl-session-store.t b/t/142-ssl-session-store.t +index 73b6e197..260fe490 100644 +--- a/t/142-ssl-session-store.t ++++ b/t/142-ssl-session-store.t +@@ -32,7 +32,7 @@ __DATA__ + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -102,7 +102,7 @@ ssl_session_store_by_lua_block:1: ssl session store by lua is running! + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -177,7 +177,7 @@ API disabled in the context of ssl_session_store_by_lua* + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -267,9 +267,9 @@ my timer run! + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; + +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -335,9 +335,9 @@ API disabled in the context of ssl_session_store_by_lua* + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -407,9 +407,9 @@ ngx.exit does not yield and the error code is eaten. + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -480,9 +480,9 @@ ssl_session_store_by_lua*: handler return value: 0, sess new cb exit code: 0 + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -548,9 +548,9 @@ should never reached here + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -621,7 +621,7 @@ get_phase: ssl_session_store + } + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -690,7 +690,7 @@ qr/elapsed in ssl cert by lua: 0.(?:09|1[01])\d+,/, + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -760,7 +760,6 @@ a.lua:1: ssl store session by lua is running! + ssl_session_store_by_lua_block { + print("handler in test.com") + } +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + +@@ -770,7 +769,6 @@ a.lua:1: ssl store session by lua is running! + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; + +@@ -836,7 +834,7 @@ qr/\[emerg\] .*? "ssl_session_store_by_lua_block" directive is not allowed here + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t +index 701ead72..3626f0fb 100644 +--- a/t/143-ssl-session-fetch.t ++++ b/t/143-ssl-session-fetch.t +@@ -33,7 +33,7 @@ __DATA__ + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -114,7 +114,7 @@ qr/ssl_session_fetch_by_lua_block:1: ssl fetch sess by lua is running!/s + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -198,7 +198,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/, + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -297,9 +297,9 @@ qr/my timer run!/s + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -377,9 +377,9 @@ qr/received memc reply: OK/s + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -458,9 +458,9 @@ should never reached here + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -540,9 +540,9 @@ should never reached here + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -621,9 +621,9 @@ should never reached here + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -704,9 +704,9 @@ should never reached here + server { + listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; + server_name test.com; +- ssl_protocols SSLv3; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -787,7 +787,7 @@ should never reached here + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -872,7 +872,7 @@ qr/get_phase: ssl_session_fetch/s + } + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -956,7 +956,7 @@ ssl store session by lua is running! + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } +@@ -1036,7 +1036,7 @@ qr/\S+:\d+: ssl fetch sess by lua is running!/s + server_name test.com; + ssl_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; + ssl_certificate_key $TEST_NGINX_CERT_DIR/cert/test.key; +- ssl_protocols SSLv3; ++ ssl_session_tickets off; + + server_tokens off; + } |