Nginx + boringSSL
Alex Hunsaker
badalex at gmail.com
Mon Jul 14 01:58:23 UTC 2014
I've started playing around with boringssl with nginx.
Mostly everything works except OCSP. Seems like either openssl 1.0.2
which boringssl was forked from does not have it, or the boringssl
folk ripped it out. I have not investigated.
Anyway, I'm please to report everything seems to work!
--
# first boringssl
git clone https://boringssl.googlesource.com/boringssl
cd boringssl
# for when building on openbsd, also enables -O2, boringssl is a debug
build by default
cat boringssl_openbsd.patch | patch -p1 -N -s
mkdir build && cd build && cmake ../ && cd ..
# setup stuff for nginx
mkdir -p .openssl/lib
ln -s include .openssl/
cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib
# now for nginx
tar xvzf nginx-1.6.0.tar.gz
cd nginx-1.6.0
cat ../boringssl_nginx.patch | patch -p1 -N -s
./configure --with-openssl=../boringssl ...
# update timestamp so nginx won't try to build openssl
touch ../boringssl/.openssl/include/ssl.h
make
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boringssl_nginx.patch
Type: application/octet-stream
Size: 3157 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140713/ab62ee60/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boringssl_openbsd.patch
Type: application/octet-stream
Size: 1133 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140713/ab62ee60/attachment-0001.obj>
More information about the nginx
mailing list