unfortunately this was as far as i got with version git $ patch -p0 < nginx_multiple_certs_and_stapling_V2.patch patching file a/src/event/ngx_event_openssl.c Hunk #1 succeeded at 96 with fuzz 2 (offset 12 lines). Hunk #2 succeeded at 162 (offset 14 lines). Hunk #3 FAILED at 191. Hunk #4 FAILED at 236. 2 out of 4 hunks FAILED -- saving rejects to file a/src/event/ngx_event_openssl.c.rej patching file a/src/event/ngx_event_openssl.h Hunk #1 FAILED at 104. Hunk #2 succeeded at 203 (offset 22 lines). 1 out of 2 hunks FAILED -- saving rejects to file a/src/event/ngx_event_openssl.h.rej patching file a/src/event/ngx_event_openssl_stapling.c Hunk #1 FAILED at 11. Hunk #12 succeeded at 1793 (offset 13 lines). 1 out of 12 hunks FAILED -- saving rejects to file a/src/event/ngx_event_openssl_stapling.c.rej patching file a/src/http/modules/ngx_http_ssl_module.c Hunk #1 FAILED at 66. Hunk #2 succeeded at 209 (offset 31 lines). Hunk #3 FAILED at 404. Hunk #4 FAILED at 463. Hunk #5 FAILED at 550. Hunk #6 succeeded at 702 (offset 110 lines). Hunk #7 succeeded at 762 (offset 118 lines). 4 out of 7 hunks FAILED -- saving rejects to file a/src/http/modules/ngx_http_ssl_module.c.rej patching file a/src/http/modules/ngx_http_ssl_module.h Hunk #1 FAILED at 25. 1 out of 1 hunk FAILED -- saving rejects to file a/src/http/modules/ngx_http_ssl_module.h.rej patching file a/src/mail/ngx_mail_ssl_module.c Hunk #1 FAILED at 57. Hunk #2 FAILED at 173. Hunk #3 FAILED at 215. Hunk #4 FAILED at 243. 4 out of 4 hunks FAILED -- saving rejects to file a/src/mail/ngx_mail_ssl_module.c.rej patching file a/src/mail/ngx_mail_ssl_module.h Hunk #1 FAILED at 27. 1 out of 1 hunk FAILED -- saving rejects to file a/src/mail/ngx_mail_ssl_module.h.rej
and this was as far as i got with version 1.6.2 just renaming dirs beyond that its all greek to me ... $ patch -p0 < nginx_multiple_certs_and_stapling_V2.patch patching file nginx-1.6.2/src/event/ngx_event_openssl.c Hunk #1 succeeded at 86 with fuzz 2 (offset 2 lines). Hunk #2 succeeded at 150 (offset 2 lines). Hunk #3 FAILED at 191. Hunk #4 succeeded at 240 (offset 4 lines). 1 out of 4 hunks FAILED -- saving rejects to file nginx-1.6.2/src/event/ngx_event_openssl.c.rej patching file nginx-1.6.2/src/event/ngx_event_openssl.h Hunk #1 succeeded at 108 (offset 4 lines). Hunk #2 succeeded at 191 (offset 6 lines). patching file nginx-1.6.2/src/event/ngx_event_openssl_stapling.c Hunk #1 FAILED at 11. Hunk #12 succeeded at 1791 (offset 11 lines). 1 out of 12 hunks FAILED -- saving rejects to file nginx-1.6.2/src/event/ngx_event_openssl_stapling.c.rej patching file nginx-1.6.2/src/http/modules/ngx_http_ssl_module.c Hunk #1 succeeded at 74 (offset 8 lines). Hunk #2 succeeded at 200 (offset 22 lines). Hunk #3 FAILED at 404. Hunk #4 FAILED at 463. Hunk #5 succeeded at 640 (offset 90 lines). Hunk #6 succeeded at 677 (offset 92 lines). Hunk #7 succeeded at 737 (offset 100 lines). 2 out of 7 hunks FAILED -- saving rejects to file nginx-1.6.2/src/http/modules/ngx_http_ssl_module.c.rej patching file nginx-1.6.2/src/http/modules/ngx_http_ssl_module.h Hunk #1 FAILED at 25. 1 out of 1 hunk FAILED -- saving rejects to file nginx-1.6.2/src/http/modules/ngx_http_ssl_module.h.rej patching file nginx-1.6.2/src/mail/ngx_mail_ssl_module.c Hunk #2 FAILED at 173. Hunk #3 succeeded at 223 (offset 8 lines). Hunk #4 succeeded at 253 (offset 8 lines). 1 out of 4 hunks FAILED -- saving rejects to file nginx-1.6.2/src/mail/ngx_mail_ssl_module.c.rej patching file nginx-1.6.2/src/mail/ngx_mail_ssl_module.h Hunk #1 succeeded at 27 with fuzz 1. Rob Stradling wrote: > On 19/09/14 15:37, [email protected] wrote: >> many thanks for that rob >> >> this in addition to an already successful boring ssl patch could be >> quite exciting if it works ! > > :-) > >> cheers >> >> Rob Stradling wrote: >>> Patch attached. >>> >>> -------- Forwarded Message -------- >>> Subject: Re: [PATCH] RSA+DSA+ECC bundles >>> Date: Thu, 31 Oct 2013 21:58:01 +0000 >>> From: Rob Stradling <[email protected]> >>> Reply-To: [email protected] >>> To: [email protected] >>> >>> On 31/10/13 20:58, Rob Stradling wrote: >>>> On 24/10/13 01:26, Maxim Dounin wrote: >>>> <snip> >>>>> As for multiple certs per se, I don't think it should be limited >>>>> to recent OpenSSL versions only. As far as I can tell, current >>>>> versions of OpenSSL will work just fine (well, mostly) as long as >>>>> both ECDSA and RSA certs use the same certificate chain. I >>>>> believe at least some CAs issue ECDSA certs this way, and this >>>>> should work. >>>>> >>>>> Limiting support for multiple certs with separate certificate >>>>> chains to only recent OpenSSL versions seems reasonable for me, >>>>> but if Rob wants to try to make it work with older versions - I >>>>> don't really object. If it won't be too hacky it might worth >>>>> supporting. >>>> >>>> Updated patch attached. This implements multiple certs and makes OCSP >>>> Stapling work correctly with them. It works with all of the active >>>> OpenSSL branches (including 0_9_8). >>> >>> That patch caused problems with ssl_stapling_file. Fixed in the >>> attached V2 patch. >>> >>>> I'm afraid it's a much larger patch than I anticipated it would be when >>>> I started working on it! >>>> >>>> Maxim, does this patch look commit-able? >>> >> > _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
