Kong compiled from source not patch openssl patches provided by openresty?


#1

In openresty Installation docs,it points that openresty compiled from source with option --with-openssl shoud patch

cd openssl-1.0.2k/
patch -p1 < /path/to/openresty/patches/openssl-1.0.2h-sess_set_get_cb_yield.patch

And the openresty 1.13.6.2 source code has three different openssl patches:

  • openssl-1.0.2h-sess_set_get_cb_yield.patch
  • openssl-1.1.0c-sess_set_get_cb_yield.patch
  • openssl-1.1.0d-sess_set_get_cb_yield.patch

Since Kong 1.0 uses openssl 1.1.1a, do I need to patch these when installing kong from source?


#2

I converted one of our private repositories to public https://github.com/Kong/kong-build-tools which was on my todo list anyways

It’s not fully in use for building Kong releases (there’s a PR to have it do the daily builds) but I’d still consider it authoritative / good prior art on how to build Kong from source. The openssl specific part within that repository is here https://github.com/Kong/kong-build-tools/blob/master/Dockerfile.openresty#L13-L14

Hopefully the repository README / Makefile greatly simplifies building Kong from source feel free to take it for a spin and ping me any questions / challenges.


#3

Kong does not make use of the OpenResty directives that require these OpenSSL patches. As such, you do not need to apply these patches when installing Kong from source.