commit | 03a7cdd5940c933156d162e43f506301d43513dd | [log] [download] |
---|---|---|
author | WHR <msl0000023508@gmail.com> | Sat May 16 17:14:33 2020 +0800 |
committer | WHR <msl0000023508@gmail.com> | Sat May 16 17:14:33 2020 +0800 |
tree | 9efeb41a4b38fe62178794a2dfef0bec78b64655 | |
parent | c286c86d1acc8d40e8a43d5385993b26fa088e9a [diff] |
Update ngx_http_ssl_polarssl_sni and ngx_http_ssl_mbedtls_sni to be compatible with current version of nginx
nginx with support for PolarSSL.
This is a fork of the nginx development branch that allows the user to use PolarSSL instead of OpenSSL. This may be useful for those seeking to further minimise the memory footprint of the webserver, or for those that happen to dislike OpenSSL for some reason.
PolarSSL seemed like an amazing library and the author felt that a simple project to get used to the APIs was the best way to learn it's internals. Additionally there are not many webservers that use SSL libraries other than OpenSSL (Hiawatha is a notable exception), and there should be more.
Import my gpg public-key:
wget -O http://alinefr-ubuntu.s3.amazonaws.com/conf/aline.gpg.key|sudo apt-key add -
Then add this line in your /etc/apt/sources.list
deb http://alinefr-ubuntu.s3.amazonaws.com saucy main
Then you just need to
sudo aptitude install nginx-polarssl
You could choose one of the default flavours, which works in the same way as the nginx official packages, which are light
, full
, extras
or naxsi
, for example:
sudo aptitude install nginx-polarssl-extras
See nginx's installation options for how to configure/install nginx.
This fork adds:
--with-polarssl - Attempt to use the system PolarSSL installation. --with-polarssl=path - Compile nginx statically with the PolarSSL source code located at "path".
For example:
./configure --with-http_ssl_module --with-polarssl=~/Packages/polarssl-1.2.5 gmake gmake install
Note that due to the Makefiles shipped by PolarSSL using GNU make style conditionals, GNU make must be used if --with-polarssl=path is used.
With a few exceptions configuration is identical to the standard SSL support.
Note: This depends on what ciphers were compiled into PolarSSL at build time. Additionally certain extremely weak ciphersuites are explicitly not supported by nginx-polarssl.
nginx-polarssl Issues:
PolarSSL Issues:
Implementation differences:
The changes added by nginx-polarssl are distrubuted under the nginx license (Also see https://polarssl.org/foss-license-exception and https://twitter.com/polarssl/status/302083038261678080).