Skip to content

nginx

nginx #324

Workflow file for this run

name: nginx
on:
schedule:
- cron: '0 0 * * *'
push:
branches:
- master
pull_request:
jobs:
tests:
runs-on: ubuntu-latest
strategy:
matrix:
openssl: [openssl-3.2, openssl-3.1, openssl-3.0, OpenSSL_1_1_1-stable]
nginx: [release-1.25.3, release-1.24.0, release-1.23.4, release-1.22.1, release-1.21.6, release-1.20.2]
steps:
- name: Clone
run: |
git clone -b ${{ matrix.openssl }} --depth=1 https://github.com/openssl/openssl
git clone -b ${{ matrix.nginx }} --depth=1 https://github.com/nginx/nginx
git clone -b master https://github.com/${GITHUB_REPOSITORY}
- name: Patch
run: |
patch -p1 -d openssl < nginx-ssl-fingerprint/patches/openssl.${{ matrix.openssl }}.patch
patch -p1 -d nginx < nginx-ssl-fingerprint/patches/nginx-$(echo ${{ matrix.nginx }} | cut -b9-12).patch
- name: Build
run: |
cd nginx
ASAN_OPTIONS=symbolize=1 ./auto/configure --with-openssl=$(pwd)/../openssl --add-module=$(pwd)/../nginx-ssl-fingerprint --with-http_ssl_module --with-stream_ssl_module --with-debug --with-stream --with-http_v2_module --with-cc-opt="-fsanitize=address -O -fno-omit-frame-pointer" --with-ld-opt="-L/usr/local/lib -Wl,-E -lasan"
make
- name: Test HTTP module
run: |
nohup nginx/objs/nginx -p . -c nginx-ssl-fingerprint/nginx.conf </dev/null &>nginx.log &
sleep 2
curl -kv https://127.0.0.1:4433
cat nginx.log
- name: Test Stream module
run: |
nohup nginx/objs/nginx -p . -c nginx-ssl-fingerprint/nginx.conf </dev/null &>nginx.log &
sleep 2
curl -kv https://127.0.0.1:4443
cat nginx.log
- name: Fuzzing
run: |
git clone https://github.com/tlsfuzzer/tlsfuzzer
cd tlsfuzzer
python3 -m venv venv
venv/bin/pip install --pre tlslite-ng
for file in scripts/*.py; do
PYTHONPATH=. venv/bin/python $file || true
pgrep nginx
done
curl -kv -sSf https://127.0.0.1:4433
curl -kv -sSf https://127.0.0.1:4443