OpenResty® Scalable Web Platform by Extending NGINX with Lua

OpenSSL patches by OpenResty

Yichun Zhang (agentzh) , 03 Jun 2019 (created 03 Jun 2019)

If you are using OpenSSL 1.1.0 or older, then to support yielding operations in nginx lua module's ssl_session_fetch_by_lua* and ssl_certificate_by_lua* directives, you need to use OpenResty's own openresty-openssl RPM/DEB packages or just apply our OpenSSL patches to the official OpenSSL source trees and build from source.

It is highly recommended to use OpenResty and OpenResty's official pre-built binary packages to avoid all such troubles.

OpenSSL 1.1.1 or later

You do not need to apply any patches to OpenSSL 1.1.1 or later. They do work out of the box. But keep in mind, you still need to apply Nginx core patches if you are not using OpenResty.

OpenSSL 1.1.0 series

For OpenSSL 1.1.0c or earlier, apply this patch

For OpenSSL 1.1.0d or later, apply this patch

Note that you also need to apply Nginx core patches if you are not using OpenResty.

OpenSSL 1.0.2 series

Apply this patch.

Note that you also need to apply Nginx core patches if you are not using OpenResty.