Skip to content

Commit 773a4c1

Browse files
denjidenji
authored
Fix 1.15.3+
1 parent c89d072 commit 773a4c1

File tree

1 file changed

+41
-41
lines changed

1 file changed

+41
-41
lines changed

nginx__dynamic_tls_records_1.15.3+.patch

+41-41
Original file line numberDiff line numberDiff line change
@@ -27,18 +27,18 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
2727

2828
--- a/src/event/ngx_event_openssl.c
2929
+++ b/src/event/ngx_event_openssl.c
30-
@@ -1131,6 +1131,7 @@
31-
30+
@@ -1239,6 +1239,7 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
31+
3232
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
3333
sc->buffer_size = ssl->buffer_size;
3434
+ sc->dyn_rec = ssl->dyn_rec;
35-
35+
3636
sc->session_ctx = ssl->ctx;
37-
38-
@@ -1669,6 +1670,41 @@
39-
37+
38+
@@ -1806,6 +1807,41 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
39+
4040
for ( ;; ) {
41-
41+
4242
+ /* Dynamic record resizing:
4343
+ We want the initial records to fit into one TCP segment
4444
+ so we don't get TCP HoL blocking due to TCP Slow Start.
@@ -77,22 +77,22 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
7777
while (in && buf->last < buf->end && send < limit) {
7878
if (in->buf->last_buf || in->buf->flush) {
7979
flush = 1;
80-
@@ -1770,6 +1806,9 @@
81-
80+
@@ -1907,6 +1943,9 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
81+
8282
if (n > 0) {
83-
83+
8484
+ c->ssl->dyn_rec_records_sent++;
8585
+ c->ssl->dyn_rec_last_write = ngx_current_msec;
8686
+
8787
if (c->ssl->saved_read_handler) {
88-
88+
8989
c->read->handler = c->ssl->saved_read_handler;
9090
--- a/src/event/ngx_event_openssl.h
9191
+++ b/src/event/ngx_event_openssl.h
9292
@@ -64,10 +64,19 @@
9393
#endif
94-
95-
94+
95+
9696
+typedef struct {
9797
+ ngx_msec_t timeout;
9898
+ ngx_uint_t threshold;
@@ -107,35 +107,34 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
107107
size_t buffer_size;
108108
+ ngx_ssl_dyn_rec_t dyn_rec;
109109
};
110-
111-
112-
@@ -95,6 +104,11 @@
110+
111+
112+
@@ -93,6 +102,10 @@ struct ngx_ssl_connection_s {
113113
unsigned no_wait_shutdown:1;
114114
unsigned no_send_shutdown:1;
115115
unsigned handshake_buffer_set:1;
116116
+
117117
+ ngx_ssl_dyn_rec_t dyn_rec;
118118
+ ngx_msec_t dyn_rec_last_write;
119119
+ ngx_uint_t dyn_rec_records_sent;
120-
+
121-
unsigned try_early_data:1;
122-
unsigned in_early:1;
123-
unsigned early_preread:1;
124-
@@ -107,7 +121,7 @@
120+
};
121+
122+
123+
@@ -102,7 +115,7 @@ struct ngx_ssl_connection_s {
125124
#define NGX_SSL_DFLT_BUILTIN_SCACHE -5
126-
127-
125+
126+
128127
-#define NGX_SSL_MAX_SESSION_SIZE 4096
129128
+#define NGX_SSL_MAX_SESSION_SIZE 16384
130-
129+
131130
typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
132-
131+
133132
--- a/src/http/modules/ngx_http_ssl_module.c
134133
+++ b/src/http/modules/ngx_http_ssl_module.c
135-
@@ -233,6 +233,41 @@
136-
offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
134+
@@ -246,6 +246,41 @@ static ngx_command_t ngx_http_ssl_commands[] = {
135+
offsetof(ngx_http_ssl_srv_conf_t, early_data),
137136
NULL },
138-
137+
139138
+ { ngx_string("ssl_dyn_rec_enable"),
140139
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
141140
+ ngx_conf_set_flag_slot,
@@ -173,8 +172,8 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
173172
+
174173
ngx_null_command
175174
};
176-
177-
@@ -533,6 +568,11 @@
175+
176+
@@ -576,6 +611,11 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
178177
sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
179178
sscf->stapling = NGX_CONF_UNSET;
180179
sscf->stapling_verify = NGX_CONF_UNSET;
@@ -183,13 +182,13 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
183182
+ sscf->dyn_rec_size_lo = NGX_CONF_UNSET_SIZE;
184183
+ sscf->dyn_rec_size_hi = NGX_CONF_UNSET_SIZE;
185184
+ sscf->dyn_rec_threshold = NGX_CONF_UNSET_UINT;
186-
185+
187186
return sscf;
188187
}
189-
@@ -598,6 +638,20 @@
188+
@@ -643,6 +683,20 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
190189
ngx_conf_merge_str_value(conf->stapling_responder,
191190
prev->stapling_responder, "");
192-
191+
193192
+ ngx_conf_merge_value(conf->dyn_rec_enable, prev->dyn_rec_enable, 0);
194193
+ ngx_conf_merge_msec_value(conf->dyn_rec_timeout, prev->dyn_rec_timeout,
195194
+ 1000);
@@ -205,12 +204,12 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
205204
+ 40);
206205
+
207206
conf->ssl.log = cf->log;
208-
207+
209208
if (conf->enable) {
210-
@@ -778,6 +832,28 @@
211-
209+
@@ -827,6 +881,28 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
210+
return NGX_CONF_ERROR;
212211
}
213-
212+
214213
+ if (conf->dyn_rec_enable) {
215214
+ conf->ssl.dyn_rec.timeout = conf->dyn_rec_timeout;
216215
+ conf->ssl.dyn_rec.threshold = conf->dyn_rec_threshold;
@@ -235,11 +234,11 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
235234
+
236235
return NGX_CONF_OK;
237236
}
238-
237+
239238
--- a/src/http/modules/ngx_http_ssl_module.h
240239
+++ b/src/http/modules/ngx_http_ssl_module.h
241-
@@ -57,6 +57,12 @@
242-
240+
@@ -58,6 +58,12 @@ typedef struct {
241+
243242
u_char *file;
244243
ngx_uint_t line;
245244
+
@@ -249,4 +248,5 @@ https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_r
249248
+ size_t dyn_rec_size_hi;
250249
+ ngx_uint_t dyn_rec_threshold;
251250
} ngx_http_ssl_srv_conf_t;
252-
251+
252+

0 commit comments

Comments
 (0)