jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Add remove server header, Update README.md

openssl-1.1.1
Hakase 2018-06-24 23:31:13 +09:00
parent 85c21e5b65
commit d350e6c944
2 changed files with 168 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -47,6 +47,14 @@ Example of setting TLS 1.3 cipher in nginx (pre7 or higher):
| Fullname Cipher | TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 |
| TLS 1.3 + 1.2 ciphers | TLS13+AESGCM+AES128:EECDH+AES128 |
## Not OpenSSL patch files
| Patch file name | Patch list |
| :--- | :--- |
| nginx_hpack_push.patch | _Patch both_ the HPACK patch and the **PUSH ERROR**. |
| nginx_hpack_push_fix.patch | _Patch only_ the **PUSH ERROR** of the hpack patch. (If the HPACK patch has already been completed) |
| remove_nginx_server_header.patch | Remove nginx server header. (http2, http1.1) |
## nginx Configuration
### HPACK Patch

160
remove_nginx_server_header.patch Normal file
View File

@ -0,0 +1,160 @@
diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c
index 9b894059..1a07dace 100644
--- a/src/http/ngx_http_header_filter_module.c
+++ b/src/http/ngx_http_header_filter_module.c
@@ -46,11 +46,6 @@ ngx_module_t ngx_http_header_filter_module = {
};
-static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
-static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
-static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
-
-
static ngx_str_t ngx_http_status_lines[] = {
ngx_string("200 OK"),
@@ -279,18 +274,6 @@ ngx_http_header_filter(ngx_http_request_t *r)
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
- if (r->headers_out.server == NULL) {
- if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
- len += sizeof(ngx_http_server_full_string) - 1;
-
- } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
- len += sizeof(ngx_http_server_build_string) - 1;
-
- } else {
- len += sizeof(ngx_http_server_string) - 1;
- }
- }
-
if (r->headers_out.date == NULL) {
len += sizeof("Date: Mon, 28 Sep 1970 06:00:00 GMT" CRLF) - 1;
}
@@ -448,23 +431,6 @@ ngx_http_header_filter(ngx_http_request_t *r)
}
*b->last++ = CR; *b->last++ = LF;
- if (r->headers_out.server == NULL) {
- if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
- p = ngx_http_server_full_string;
- len = sizeof(ngx_http_server_full_string) - 1;
-
- } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
- p = ngx_http_server_build_string;
- len = sizeof(ngx_http_server_build_string) - 1;
-
- } else {
- p = ngx_http_server_string;
- len = sizeof(ngx_http_server_string) - 1;
- }
-
- b->last = ngx_cpymem(b->last, p, len);
- }
-
if (r->headers_out.date == NULL) {
b->last = ngx_cpymem(b->last, "Date: ", sizeof("Date: ") - 1);
b->last = ngx_cpymem(b->last, ngx_cached_http_time.data,
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 2c1ff174..34f3b5c5 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -19,21 +19,18 @@ static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r);
static u_char ngx_http_error_full_tail[] =
-"<hr><center>" NGINX_VER "</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;
static u_char ngx_http_error_build_tail[] =
-"<hr><center>" NGINX_VER_BUILD "</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;
static u_char ngx_http_error_tail[] =
-"<hr><center>nginx</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index 853faefd..71480853 100644
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -148,19 +148,11 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
ngx_http_core_srv_conf_t *cscf;
u_char addr[NGX_SOCKADDR_STRLEN];
- static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7";
#if (NGX_HTTP_GZIP)
static const u_char accept_encoding[12] =
"\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f";
#endif
- static size_t nginx_ver_len = ngx_http_v2_literal_size(NGINX_VER);
- static u_char nginx_ver[ngx_http_v2_literal_size(NGINX_VER)];
-
- static size_t nginx_ver_build_len =
- ngx_http_v2_literal_size(NGINX_VER_BUILD);
- static u_char nginx_ver_build[ngx_http_v2_literal_size(NGINX_VER_BUILD)];
-
stream = r->stream;
if (!stream) {
@@ -259,19 +251,6 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
- if (r->headers_out.server == NULL) {
-
- if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
- len += 1 + nginx_ver_len;
-
- } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
- len += 1 + nginx_ver_build_len;
-
- } else {
- len += 1 + sizeof(nginx);
- }
- }
-
if (r->headers_out.date == NULL) {
len += 1 + ngx_http_v2_literal_size("Wed, 31 Dec 1986 18:00:00 GMT");
}
@@ -480,30 +459,6 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
"http2 output header: \"server: nginx\"");
}
- *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SERVER_INDEX);
-
- if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
- if (nginx_ver[0] == '\0') {
- p = ngx_http_v2_write_value(nginx_ver, (u_char *) NGINX_VER,
- sizeof(NGINX_VER) - 1, tmp);
- nginx_ver_len = p - nginx_ver;
- }
-
- pos = ngx_cpymem(pos, nginx_ver, nginx_ver_len);
-
- } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
- if (nginx_ver_build[0] == '\0') {
- p = ngx_http_v2_write_value(nginx_ver_build,
- (u_char *) NGINX_VER_BUILD,
- sizeof(NGINX_VER_BUILD) - 1, tmp);
- nginx_ver_build_len = p - nginx_ver_build;
- }
-
- pos = ngx_cpymem(pos, nginx_ver_build, nginx_ver_build_len);
-
- } else {
- pos = ngx_cpymem(pos, nginx, sizeof(nginx));
- }
}
if (r->headers_out.date == NULL) {