[Pkg-nginx-maintainers] Bug#828453: nginx: FTBFS with openssl 1.1.0
Moritz Muehlenhoff
jmm at debian.org
Wed Nov 2 09:39:29 UTC 2016
On Sat, Oct 29, 2016 at 12:53:54PM +0200, Kurt Roeckx wrote:
> On Sat, Oct 29, 2016 at 12:34:51PM +0300, Christos Trochalakis wrote:
> > On Sat, Oct 29, 2016 at 11:29:12AM +0200, Kurt Roeckx wrote:
> > > On Sat, Oct 29, 2016 at 11:04:33AM +0300, Christos Trochalakis wrote:
> > > >
> > > > I am not sure if the first lua patch is safe (regarding the
> > > > "ssl_conn->tlsext_status_expected = 1;" removal).
> > >
> > > I'm not sure which patch you're talking about. I remember
> > > something about something doing weird things with the state
> > > machine for renegiotation that they never should have done, is
> > > that that?
> > >
> > >
> > > Kurt
> > >
> >
> > I am talking about (src/ngx_http_lua_ssl_ocsp.c):
> > https://github.com/openresty/lua-nginx-module/pull/761/files#diff-50267b7dd63c740bc5c1d29c7387e789L493
>
> So I already commented on that before it seems, but I added a new
> comment saying I think it's correct.
FTR, the Wikimedia Foundation started to use nginx 1.11 with openssl 1.1 and ran into
this problem: https://github.com/openssl/openssl/issues/1799
The issue hasn't been diagnosed upstream, but this will likely also affect nginx
once rebuilt against openssl 1.1.
Cheers,
Moritz
More information about the Pkg-nginx-maintainers
mailing list