ngx_http_ssl_module-1.3.7.patch

diff -Naur nginx-1.3.7/src/http/modules/ngx_http_ssl_module.c nginx-1.3.7-tack/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.3.7/src/http/modules/ngx_http_ssl_module.c	2012-10-09 22:37:52.591661245 +0400
+++ nginx-1.3.7-tack/src/http/modules/ngx_http_ssl_module.c	2012-10-09 22:57:47.220642726 +0400
@@ -53,6 +53,18 @@
     { ngx_null_string, 0 }
 };
 
+#ifndef OPENSSL_NO_TACK
+
+static ngx_conf_enum_t  ngx_http_ssl_tack_activation_flags[] = {
+    { ngx_string("0"), 0 },
+    { ngx_string("1"), 1 },
+    { ngx_string("2"), 2 },
+    { ngx_string("3"), 3 },
+    { ngx_null_string, 0 }
+};
+
+#endif
+
 
 static ngx_command_t  ngx_http_ssl_commands[] = {
 
@@ -189,6 +201,31 @@
       offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
       NULL },
 
+#ifndef OPENSSL_NO_TACK
+
+    { ngx_string("ssl_tack"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, tack),
+      NULL },
+
+    { ngx_string("ssl_tack_file"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, tack_file),
+      NULL },
+
+    { ngx_string("ssl_tack_activation_flags"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_enum_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, tack_activation_flags),
+      ngx_http_ssl_tack_activation_flags },
+
+#endif
+
       ngx_null_command
 };
 
@@ -379,6 +416,11 @@
     sscf->stapling = NGX_CONF_UNSET;
     sscf->stapling_verify = NGX_CONF_UNSET;
 
+#ifndef OPENSSL_NO_TACK
+    sscf->tack = NGX_CONF_UNSET;
+    sscf->tack_activation_flags = NGX_CONF_UNSET;
+#endif
+
     return sscf;
 }
 
@@ -437,6 +479,12 @@
     ngx_conf_merge_str_value(conf->stapling_responder,
                          prev->stapling_responder, "");
 
+#ifndef OPENSSL_NO_TACK
+    ngx_conf_merge_value(conf->tack, prev->tack, 0);
+    ngx_conf_merge_str_value(conf->tack_file, prev->tack_file, "");
+    ngx_conf_merge_uint_value(conf->tack_activation_flags, prev->tack_activation_flags, 0);
+#endif
+
     conf->ssl.log = cf->log;
 
     if (conf->enable) {
@@ -583,6 +631,26 @@
 
     }
 
+#ifndef OPENSSL_NO_TACK
+
+    if (conf->tack && conf->tack_file.len) {
+        if (ngx_conf_full_name(cf->cycle, &conf->tack_file, 1) != NGX_OK) {
+            return NGX_CONF_ERROR;
+        }
+        if (SSL_CTX_use_tack_file(conf->ssl.ctx,
+                                    (const char *) conf->tack_file.data,
+                                    conf->tack_activation_flags)
+            == 0)
+        {
+            ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+                            "Unable to initialize TLS TACK extension "
+                            "(incompatible OpenSSL version?)");
+            return NGX_CONF_ERROR;
+        }
+    }
+
+#endif
+
     return NGX_CONF_OK;
 }
 
diff -Naur nginx-1.3.7/src/http/modules/ngx_http_ssl_module.h nginx-1.3.7-tack/src/http/modules/ngx_http_ssl_module.h
--- nginx-1.3.7/src/http/modules/ngx_http_ssl_module.h	2012-10-09 22:37:52.599661145 +0400
+++ nginx-1.3.7-tack/src/http/modules/ngx_http_ssl_module.h	2012-10-09 22:53:49.995625094 +0400
@@ -47,6 +47,12 @@
     ngx_str_t                       stapling_file;
     ngx_str_t                       stapling_responder;
 
+#ifndef OPENSSL_NO_TACK
+    ngx_flag_t                      tack;
+    ngx_str_t                       tack_file;
+    ngx_uint_t                      tack_activation_flags;
+#endif
+
     u_char                         *file;
     ngx_uint_t                      line;
 } ngx_http_ssl_srv_conf_t;