Update nginx strict sni patch.

README.md

@@ -68,7 +68,6 @@ Example of setting TLS 1.3 cipher in nginx:
 | remove_nginx_server_header.patch | Remove nginx server header. (http2, http1.1) |
 | nginx_hpack_remove_server_header_1.15.3.patch | HPACK + Remove nginx server header. (http2, http1.1) |
 | nginx_strict-sni.patch | Enable **Strict-SNI**. Thanks [@JemmyLoveJenny](https://github.com/JemmyLoveJenny). [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872) |
-| nginx_1.15.4_strict-sni.patch | Same nginx_strict-sni.patch. Removes the SSL_read_early_data error. [View issue](https://github.com/hakasenyang/nginx-build/commit/e3932ebe24b3fc723d6cb041c52ae63876154df9#commitcomment-30796507) |
 | nginx_openssl-1.1.x_renegotiation_bugfix.patch | Bugfix **Secure Client-Initiated Renegotiation**. (Check testssl.sh) OpenSSL >= 1.1.x, nginx = 1.15.4<br>[Patched nginx 1.15.5](https://github.com/nginx/nginx/commit/53803b4780be15d8014be183d4161091fd5f3376) |
 
 ## How To Use?

nginx_1.15.4_strict-sni.patch

@@ -1,61 +0,0 @@
-diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 75129134..fd4d3bb1 100644
---- a/src/event/ngx_event_openssl.c
-+++ b/src/event/ngx_event_openssl.c
-@@ -1455,6 +1455,12 @@ ngx_ssl_handshake(ngx_connection_t *c)
- 
-     c->read->error = 1;
- 
-+    if (sslerr == SSL_ERROR_SSL) {
-+        ERR_peek_error();
-+        ERR_clear_error();
-+        return NGX_ERROR;
-+    }
-+
-     ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
- 
-     return NGX_ERROR;
-@@ -1568,6 +1574,12 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
- 
-     c->read->error = 1;
- 
-+    if (sslerr == SSL_ERROR_SSL) {
-+        ERR_peek_error();
-+        ERR_clear_error();
-+        return NGX_ERROR;
-+    }
-+
-     ngx_ssl_connection_error(c, sslerr, err, "SSL_read_early_data() failed");
- 
-     return NGX_ERROR;
-diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
-index 7dd28b8c..5e5bbed1 100644
---- a/src/http/ngx_http_request.c
-+++ b/src/http/ngx_http_request.c
-@@ -849,7 +849,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
-     servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
- 
-     if (servername == NULL) {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     c = ngx_ssl_get_connection(ssl_conn);
-@@ -864,7 +864,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
-     host.len = ngx_strlen(servername);
- 
-     if (host.len == 0) {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     host.data = (u_char *) servername;
-@@ -879,7 +879,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
-                                      NULL, &cscf)
-         != NGX_OK)
-     {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));

nginx_strict-sni.patch

@@ -1,49 +1,30 @@
-diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
---- a/src/http/ngx_http_request.c	2018-09-15 10:02:36.520076032 +0000
-+++ b/src/http/ngx_http_request.c	2018-09-15 10:26:32.826874950 +0000
-@@ -882,7 +882,7 @@
-     servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
- 
-     if (servername == NULL) {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     c = ngx_ssl_get_connection(ssl_conn);
-@@ -897,7 +897,7 @@
-     host.len = ngx_strlen(servername);
- 
-     if (host.len == 0) {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-
-     host.data = (u_char *) servername;
-@@ -912,7 +912,7 @@
-                                      NULL, &cscf)
-         != NGX_OK)
-     {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
-
 diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
---- a/src/event/ngx_event_openssl.c    2018-10-02 15:13:36.414143028 +0000
-+++ b/src/event/ngx_event_openssl.c    2018-10-04 13:58:28.756873433 +0000
-@@ -1456,6 +1456,13 @@ ngx_ssl_handshake(ngx_connection_t *c)
+index 75129134..d0b926fe 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -2547,6 +2547,7 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
+     char *text)
+ {
+     int         n;
++    int         f;
+     ngx_uint_t  level;
  
-     c->read->error = 1;
+     level = NGX_LOG_CRIT;
+@@ -2582,6 +2583,17 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
+     } else if (sslerr == SSL_ERROR_SSL) {
  
+         n = ERR_GET_REASON(ERR_peek_error());
++        f = ERR_GET_FUNC(ERR_peek_error());
 +
-+    if (sslerr == SSL_ERROR_SSL) {
++        /* Strict SNI Error Patch
++         * https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319
++         */
++        if (n == SSL_R_CALLBACK_FAILED
++            && f == SSL_F_FINAL_SERVER_NAME) {
 +            ERR_peek_error();
 +            ERR_clear_error();
-+        return NGX_ERROR;
++            return;
 +        }
-+
-     ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
  
-     return NGX_ERROR;
+             /* handshake failures */
+         if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC                        /*  103 */