ngx_http_ssl_module-1.2.4.patch

diff -Naur nginx-1.2.4/src/http/modules/ngx_http_ssl_module.c nginx-1.2.4-tack/src/http/modules/ngx_http_ssl_module.c
--- nginx-1.2.4/src/http/modules/ngx_http_ssl_module.c	2012-01-18 19:07:43.000000000 +0400
+++ nginx-1.2.4-tack/src/http/modules/ngx_http_ssl_module.c	2012-10-09 23:12:03.705875235 +0400
@@ -51,6 +51,18 @@
     { ngx_null_string, 0 }
 };
 
+#ifndef OPENSSL_NO_TACK
+
+static ngx_conf_enum_t  ngx_http_ssl_tack_activation_flags[] = {
+    { ngx_string("0"), 0 },
+    { ngx_string("1"), 1 },
+    { ngx_string("2"), 2 },
+    { ngx_string("3"), 3 },
+    { ngx_null_string, 0 }
+};
+
+#endif
+
 
 static ngx_command_t  ngx_http_ssl_commands[] = {
 
@@ -152,6 +164,31 @@
       offsetof(ngx_http_ssl_srv_conf_t, crl),
       NULL },
 
+#ifndef OPENSSL_NO_TACK
+
+    { ngx_string("ssl_tack"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, tack),
+      NULL },
+
+    { ngx_string("ssl_tack_file"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, tack_file),
+      NULL },
+
+    { ngx_string("ssl_tack_activation_flags"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_enum_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, tack_activation_flags),
+      ngx_http_ssl_tack_activation_flags },
+
+#endif
+
       ngx_null_command
 };
 
@@ -337,6 +374,11 @@
     sscf->builtin_session_cache = NGX_CONF_UNSET;
     sscf->session_timeout = NGX_CONF_UNSET;
 
+#ifndef OPENSSL_NO_TACK
+    sscf->tack = NGX_CONF_UNSET;
+    sscf->tack_activation_flags = NGX_CONF_UNSET;
+#endif
+
     return sscf;
 }
 
@@ -387,6 +429,11 @@
 
     ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
 
+#ifndef OPENSSL_NO_TACK
+    ngx_conf_merge_value(conf->tack, prev->tack, 0);
+    ngx_conf_merge_str_value(conf->tack_file, prev->tack_file, "");
+    ngx_conf_merge_uint_value(conf->tack_activation_flags, prev->tack_activation_flags, 0);
+#endif
 
     conf->ssl.log = cf->log;
 
@@ -515,6 +562,26 @@
         return NGX_CONF_ERROR;
     }
 
+#ifndef OPENSSL_NO_TACK
+
+    if (conf->tack && conf->tack_file.len) {
+        if (ngx_conf_full_name(cf->cycle, &conf->tack_file, 1) != NGX_OK) {
+            return NGX_CONF_ERROR;
+        }
+        if (SSL_CTX_use_tack_file(conf->ssl.ctx,
+                                    (const char *) conf->tack_file.data,
+                                    conf->tack_activation_flags)
+            == 0)
+        {
+            ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+                            "Unable to initialize TLS TACK extension "
+                            "(incompatible OpenSSL version?)");
+            return NGX_CONF_ERROR;
+        }
+    }
+
+#endif
+
     return NGX_CONF_OK;
 }
 
diff -Naur nginx-1.2.4/src/http/modules/ngx_http_ssl_module.h nginx-1.2.4-tack/src/http/modules/ngx_http_ssl_module.h
--- nginx-1.2.4/src/http/modules/ngx_http_ssl_module.h	2012-01-18 19:07:43.000000000 +0400
+++ nginx-1.2.4-tack/src/http/modules/ngx_http_ssl_module.h	2012-10-09 23:09:59.927431771 +0400
@@ -41,6 +41,12 @@
 
     ngx_shm_zone_t                 *shm_zone;
 
+#ifndef OPENSSL_NO_TACK
+    ngx_flag_t                      tack;
+    ngx_str_t                       tack_file;
+    ngx_uint_t                      tack_activation_flags;
+#endif
+
     u_char                         *file;
     ngx_uint_t                      line;
 } ngx_http_ssl_srv_conf_t;