aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAxel Ulrich <ulrich.axel@gmail.com>2020-05-19 13:20:51 -0400
committerRasmus Thomsen <oss@cogitri.dev>2020-05-26 20:34:43 +0000
commit33c2125e094c1367bad0c4bd9760c2db12269267 (patch)
tree6e5d4e466264c6b756cb43bbf0568b8f7cf610e9
parent479a259baa0f66bfeb5d11a0d0d4ce4fa3da9260 (diff)
downloadaports-33c2125e094c1367bad0c4bd9760c2db12269267.tar.gz
aports-33c2125e094c1367bad0c4bd9760c2db12269267.tar.bz2
aports-33c2125e094c1367bad0c4bd9760c2db12269267.tar.xz
community/h2o: adding check()
-rw-r--r--community/h2o/APKBUILD28
-rw-r--r--community/h2o/backslashinterpreationintests.patch14
-rw-r--r--community/h2o/cannotlocatetutilpm.patch39
-rw-r--r--community/h2o/disabletls13intls12tests.patch25
-rw-r--r--community/h2o/increasewaitforserverstartintests.patch14
-rw-r--r--community/h2o/largeheadertest.patch19
-rw-r--r--community/h2o/missingsubmodules.patch503
-rw-r--r--community/h2o/proxysessionresumption.patch134
-rw-r--r--community/h2o/sessiontickettest.patch140
-rw-r--r--community/perl-http-entity-parser/APKBUILD (renamed from testing/perl-http-entity-parser/APKBUILD)0
-rw-r--r--community/perl-http-multipartparser/APKBUILD (renamed from testing/perl-http-multipartparser/APKBUILD)0
-rw-r--r--community/perl-protocol-http2/APKBUILD (renamed from testing/perl-protocol-http2/APKBUILD)0
-rw-r--r--community/perl-www-form-urlencoded/APKBUILD (renamed from testing/perl-www-form-urlencoded/APKBUILD)0
13 files changed, 912 insertions, 4 deletions
diff --git a/community/h2o/APKBUILD b/community/h2o/APKBUILD
index 9be25491d4..c46efaf3c0 100644
--- a/community/h2o/APKBUILD
+++ b/community/h2o/APKBUILD
@@ -1,21 +1,30 @@
# Contributor: Bennett Goble <nivardus@gmail.com>
+# Contributor: Axel Ulrich <ulrich.axel@gmail.com>
# Maintainer: Bennett Goble <nivardus@gmail.com>
pkgname=h2o
pkgver=2.2.6
-pkgrel=4
+pkgrel=5
pkgdesc="An optimized HTTP/1, HTTP/2 server written in C"
url="https://h2o.examp1e.net"
arch="all !s390x"
depends="perl openssl"
license="MIT"
makedepends="cmake ruby-dev bison zlib-dev wslay-dev openssl-dev libuv-dev yaml-dev"
-options="!check"
+checkdepends="perl-test-harness-utils perl-test-tcp perl-test-simple perl-json perl-path-tiny perl-scope-guard perl-test-exception perl-protocol-http2 perl-test-requires perl-hash-multivalue perl-plack perl-lwp-protocol-https perl-http-headers-fast perl-cookie-baker perl-http-entity-parser perl-starlet perl-fcgi-procmanager perl-cgi perl-fcgi nodejs wget"
install="$pkgname.pre-install"
subpackages="$pkgname-dev $pkgname-doc $pkgname-openrc"
source="$pkgname-$pkgver.tar.gz::https://github.com/h2o/h2o/archive/v$pkgver.tar.gz
h2o.conf
h2o.initd
h2o.logrotate
+ missingsubmodules.patch
+ backslashinterpreationintests.patch
+ disabletls13intls12tests.patch
+ largeheadertest.patch
+ proxysessionresumption.patch
+ sessiontickettest.patch
+ cannotlocatetutilpm.patch
+ increasewaitforserverstartintests.patch
"
# secfixes:
@@ -32,7 +41,10 @@ build() {
-DCMAKE_INSTALL_PREFIX=/usr \
-DWITH_MRUBY=ON
make -C build
- make -C build libh2o
+}
+
+check() {
+ make -C build check
}
package() {
@@ -56,4 +68,12 @@ package() {
sha512sums="f2f28905c01782a0432c9dfdb2f21054e0a4741ac4c5f26802d4b439d0172840aa215aba5dc7c9af62275dcc24de105674a3819384dc38246e43ce3e8263eb20 h2o-2.2.6.tar.gz
444f55c3eaae1f349223036086e45c983ea8be89e793068537ec25488c4065174bc509d0987ddc65a0357cb8acfec272e90d13ea7cdadf9cf112953d857aa574 h2o.conf
e93e66a6b00b1bff94e37489c5fdf99d9d657adc63975ec54be30f8da23dafe7d7389f02a6452ed819efc9d8398aa716782a7fd6d8509621a975ed954b73bef9 h2o.initd
-3d2c9e36c48cbb974d0691e4af8e9eb8f13e3bebb98a30417cdc87e76a4b5cddc4e4f665ebea26b95174287b95d002fdc3363f30ffcf15247fcd0530fe1abfcc h2o.logrotate"
+3d2c9e36c48cbb974d0691e4af8e9eb8f13e3bebb98a30417cdc87e76a4b5cddc4e4f665ebea26b95174287b95d002fdc3363f30ffcf15247fcd0530fe1abfcc h2o.logrotate
+c03ceeea23a545b948815aeb48872dbac388665f0c79c643e7fa17695580c71260b2227058fe60702d052536e8bdb4d8104d430557ec0c3c4515ed132db7a4a8 missingsubmodules.patch
+cd62b93041f2f9407d3aa82c924aa13a3f38330a3557c230c47f30eb3d8bbb90db95cdd2ff1e8248eadcae711c90d0e33caa221ede46015df92c3fe4148a6f21 backslashinterpreationintests.patch
+28c5a3a8f64391f317c90f826a488e513b25ad3e7c5febffc0f3a0323b361e4b2900d9dd5e542754b0083c30f68f270eb3b17a8b23ad3f43e4b28feb260ad9eb disabletls13intls12tests.patch
+a8b2edff9da782319682ecbf62b93090eedc5503236a7106d0313429b157ec091ddbeb9b8f9f91567ae712a4f2c082b9ba8f84d890b72b54c161c0c4e1cab0ef largeheadertest.patch
+a5df628f200475f5db6eb9d1714e955cd33c2de3081ee5f770929833a4cb9e5030fe338c23bcfb516235c2036c6e6452bb52447da0c3d69e3ea8de8bfa00f420 proxysessionresumption.patch
+9304ea3ebb74eb66f3d8c8facfc8a08366cb35ac8f5ee8090f59202abd13842d4a4565b5cbfcfff3110473a03bb9ff00b0f74311b450113675f0cb6d6b759d90 sessiontickettest.patch
+848b9d20221c2d55b034bd3b9943100fd82f3e32a6032e126868471f9e18f60a9d94bc9024890e4af7ee8ffd6308cc1beb001e3052cb938b14280d331493307b cannotlocatetutilpm.patch
+26c4f34bdcb82cdca00b81e8c3223a1c517f912f433e99ae4a9aa16481db2cd23fc77f65773932f8c6e30cb5e34d5d37e0e7a022518a6a13db75d8e16fee2ab4 increasewaitforserverstartintests.patch"
diff --git a/community/h2o/backslashinterpreationintests.patch b/community/h2o/backslashinterpreationintests.patch
new file mode 100644
index 0000000000..c8cb4663c8
--- /dev/null
+++ b/community/h2o/backslashinterpreationintests.patch
@@ -0,0 +1,14 @@
+Upstream: Yes
+Reason: Without this patch tests fail on shells backslash escapes disabled
+Url: https://github.com/h2o/h2o/pull/2331
+--- a/t/50mruby.t
++++ b/t/50mruby.t
+@@ -498,7 +498,7 @@
+ EOT
+ my $nc = sub {
+ my $path = shift;
+- my $cmd = "echo 'GET $path HTTP/1.1\\r\\nHost: 127.0.0.1\\r\\n\\r' | nc 127.0.0.1 $server->{port}";
++ my $cmd = "echo 'GET $path HTTP/1.1\r\nHost: 127.0.0.1\r\n\r' | nc 127.0.0.1 $server->{port}";
+ (undef, my $r) = run_prog($cmd);
+ split(/\r\n\r\n/, $r, 2);
+ };
diff --git a/community/h2o/cannotlocatetutilpm.patch b/community/h2o/cannotlocatetutilpm.patch
new file mode 100644
index 0000000000..2897fcdc08
--- /dev/null
+++ b/community/h2o/cannotlocatetutilpm.patch
@@ -0,0 +1,39 @@
+Upstream: Yes
+Reason: Without this patch make check fails
+Url: https://github.com/h2o/h2o/issues/2167
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -386,13 +386,13 @@
+ OUTPUT_NAME h2o
+ VERSION ${LIBRARY_VERSION}
+ SOVERSION ${LIBRARY_SOVERSION})
+-TARGET_LINK_LIBRARIES(libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS})
++TARGET_LINK_LIBRARIES(libh2o ${WSLAY_LIBRARIES} ${LIBUV_LIBRARIES} ${EXTRA_LIBS})
+ SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES
+ OUTPUT_NAME h2o-evloop
+ COMPILE_FLAGS "-DH2O_USE_LIBUV=0"
+ VERSION ${LIBRARY_VERSION}
+ SOVERSION ${LIBRARY_SOVERSION})
+-TARGET_LINK_LIBRARIES(libh2o-evloop ${EXTRA_LIBS})
++TARGET_LINK_LIBRARIES(libh2o-evloop ${WSLAY_LIBRARIES} ${EXTRA_LIBS})
+
+ IF (OPENSSL_FOUND)
+ TARGET_INCLUDE_DIRECTORIES(libh2o PUBLIC ${OPENSSL_INCLUDE_DIR})
+@@ -553,7 +553,7 @@
+ ENDIF (OPENSSL_FOUND)
+ ENDIF (WITH_BUNDLED_SSL)
+
+-ADD_CUSTOM_TARGET(check env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -v t/*.t
++ADD_CUSTOM_TARGET(check env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -I. -v t/*.t
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+ DEPENDS h2o t-00unit-evloop.t)
+ IF (LIBUV_FOUND)
+@@ -563,7 +563,7 @@
+ ENDIF ()
+ ENDIF ()
+
+-ADD_CUSTOM_TARGET(check-as-root env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -v t/90root-*.t
++ADD_CUSTOM_TARGET(check-as-root env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -I. -v t/90root-*.t
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+
+ IF (BUILD_FUZZER)
diff --git a/community/h2o/disabletls13intls12tests.patch b/community/h2o/disabletls13intls12tests.patch
new file mode 100644
index 0000000000..714e9fa4bd
--- /dev/null
+++ b/community/h2o/disabletls13intls12tests.patch
@@ -0,0 +1,25 @@
+Upstream: Yes
+Reason: Without this patch certain TLS1.2 bahavior tests fail as TLS1.3 is chosen by default
+Url: https://github.com/h2o/h2o/commit/442908871b935311c903d2d234708b3de9b40fd5
+--- a/t/40ssl-cipher-suite.t
++++ b/t/40ssl-cipher-suite.t
+@@ -32,7 +32,7 @@
+ );
+
+ # connect to the server with AES256-SHA as the first choice, and check that AES128-SHA was selected
+-my $log = `openssl s_client -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port < /dev/null 2>&1`;
++my $log = `openssl s_client -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port -tls1_2 < /dev/null 2>&1`;
+ like $log, qr/^\s*Cipher\s*:\s*AES128-SHA\s*$/m;
+
+ done_testing;
+--- a/t/50access-log.t
++++ b/t/50access-log.t
+@@ -168,7 +168,7 @@
+ sub {
+ my $server = shift;
+ system("curl --silent http://127.0.0.1:$server->{port}/ > /dev/null");
+- system("curl --silent --insecure @{[curl_supports_http2() ? ' --http1.1' : '']} https://127.0.0.1:$server->{tls_port}/ > /dev/null");
++ system("curl --silent --insecure @{[curl_supports_http2() ? ' --http1.1' : '']} https://127.0.0.1:$server->{tls_port}/ --tls-max 1.2 > /dev/null");
+ if (prog_exists("nghttp")) {
+ system("nghttp -n https://127.0.0.1:$server->{tls_port}/");
+ system("nghttp -n --weight=22 https://127.0.0.1:$server->{tls_port}/");
diff --git a/community/h2o/increasewaitforserverstartintests.patch b/community/h2o/increasewaitforserverstartintests.patch
new file mode 100644
index 0000000000..057341c026
--- /dev/null
+++ b/community/h2o/increasewaitforserverstartintests.patch
@@ -0,0 +1,14 @@
+Upstream: No
+Reason: Without this patch some tests fail as the server is not fully started,
+issue only present on Alpine running in docker
+--- a/t/Util.pm
++++ b/t/Util.pm
+@@ -125,7 +125,7 @@
+ if (waitpid($pid, WNOHANG) == $pid) {
+ die "server failed to start (got $?)\n";
+ }
+- sleep 0.1;
++ sleep 3;
+ }
+ }
+ my $guard = scope_guard(sub {
diff --git a/community/h2o/largeheadertest.patch b/community/h2o/largeheadertest.patch
new file mode 100644
index 0000000000..3c3770b522
--- /dev/null
+++ b/community/h2o/largeheadertest.patch
@@ -0,0 +1,19 @@
+Upstream: No
+Reason: Without this patch tests using curl for large http headers fail, issue not present with curl on other distro's
+Url: https://lists.alpinelinux.org/~alpine/users/%3CCAG5E%3DNdf%3Dc1+Hwt2rY%3DK-kJTtWuMHLnitDoCLrCKkp7n5ksD6w%40mail.gmail.com%3E
+--- a/t/50fastcgi.t
++++ b/t/50fastcgi.t
+@@ -66,7 +66,12 @@
+ my ($proto, $port, $curl) = @_;
+ plan skip_all => "skip due to curl bug #659"
+ if $curl =~ /--http2/;
+- my $content = `$curl --silent --show-error -H foo:@{["0123456789"x7000]} $proto://127.0.0.1:$port/echo-headers`;
++ my $content;
++ if ($curl =~ /--http1.1/) {
++ $content = `wget --no-check-certificate -O - --header="foo:@{["0123456789"x7000]}" https://127.0.0.1:$port/echo-headers`;
++ } else {
++ $content = `$curl --silent --show-error -H foo:@{["0123456789"x7000]} $proto://127.0.0.1:$port/echo-headers`;
++ }
+ like $content, qr/^foo: (0123456789){7000,7000}$/mi;
+ if ($proto eq 'https') {
+ like $content, qr/^https: on$/m;
diff --git a/community/h2o/missingsubmodules.patch b/community/h2o/missingsubmodules.patch
new file mode 100644
index 0000000000..85063bbcc9
--- /dev/null
+++ b/community/h2o/missingsubmodules.patch
@@ -0,0 +1,503 @@
+Upstream: Yes
+Reason: Without this patch certain tests are failing as these files are dependencies for tests
+Url: https://github.com/h2o/h2o/issues/2329
+--- /dev/null
++++ b/misc/cache-digest/cache-digest.js
+@@ -0,0 +1,247 @@
++/*
++ * Copyright (c) 2015,2016 Jxck, DeNA Co., Ltd., Kazuho Oku
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to
++ * deal in the Software without restriction, including without limitation the
++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
++ * sell copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
++ * IN THE SOFTWARE.
++ *
++ *
++ * Includes a minified SHA256 implementation taken from https://gist.github.com/kazuho/bb8aab1a2946bbf42127d8a6197ad18c,
++ * licensed under the following copyright:
++ *
++ * Copyright (c) 2015,2016 Chen Yi-Cyuan, Kazuho Oku
++ *
++ * MIT License
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to
++ * deal in the Software without restriction, including without limitation the
++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
++ * sell copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
++ * IN THE SOFTWARE.
++ */
++"use strict";
++
++if (typeof self !== "undefined" && "ServiceWorkerGlobalScope" in self &&
++ self instanceof ServiceWorkerGlobalScope) {
++
++ /* ServiceWorker */
++ self.addEventListener('fetch', function(evt) {
++ var req = evt.request.clone();
++ if (req.method != "GET" || req.url.match(/\/cache-digests?\.js(?:\?|$)/)) {
++ logInfo(req, "skip");
++ return;
++ }
++ evt.respondWith(caches.open("v1").then(function (cache) {
++ return cache.match(req).then(function (res) {
++ if (res && isFresh(res.headers.entries(), Date.now())) {
++ logInfo(req, "hit");
++ return res;
++ }
++ var requestWithDigests = function (digests) {
++ if (digests != null) {
++ var err = null;
++ try {
++ req = new Request(req);
++ req.headers.append("cache-digest", digests);
++ if (req.headers.get("cache-digest") == null)
++ err = "append failed";
++ } catch (e) {
++ err = e;
++ }
++ if (err)
++ logError(req, e);
++ }
++ return fetch(req).then(function (res) {
++ var cached = false;
++ if (res.status == 200 && isFresh(res.headers.entries(), Date.now())) {
++ cache.put(req, res.clone());
++ cached = true;
++ }
++ logInfo(req, "fetched" + (cached ? " & cached" : "") + " with cache-digest:\"" + digests + "\"");
++ return res;
++ });
++ };
++ if (req.mode == "navigate") {
++ return generateCacheDigests(cache).then(requestWithDigests);
++ } else {
++ return requestWithDigests(null);
++ }
++ });
++ }));
++ });
++
++} else if (typeof navigator !== "undefined") {
++
++ /* bootstrap, loaded via <script src=...> */
++ navigator.serviceWorker.register("/cache-digest.js", {scope: "./"}).then(function(reg) {
++ console.log("registered cache-digest.js service worker");
++ }).catch(function(e) {
++ console.log("failed to register cache-digest.js service worker:" + e);
++ });
++
++}
++
++// returns a promise that returns the cache digest value
++function generateCacheDigests(cache) {
++ var urls = [];
++ return cache.keys().then(function (reqs) {
++ // collect 31-bit hashes of fresh responses
++ return Promise.all(reqs.map(function (req) {
++ var now = Date.now();
++ return cache.match(req).then(function (resp) {
++ if (resp && isFresh(resp.headers.entries(), now))
++ urls.push(req.url);
++ });
++ })).then(function () {
++ var dv = calcDigestValue(urls, 7);
++ return dv != null ? base64Encode(dv) + "; complete" : null;
++ });
++ });
++}
++
++function calcDigestValue(urls, pbits) {
++ var nbits = Math.round(Math.log(Math.max(urls.length, 1)) * 1.4426950408889634); // round log2(urls.length)
++ if (nbits + pbits > 31)
++ return null;
++ var hashes = [];
++ for (var i = 0; i != urls.length; ++i)
++ hashes.push(sha256Truncated(urls[i], nbits + pbits));
++ return (new BitCoder).addBits(nbits, 5).addBits(pbits, 5).gcsEncode(hashes, pbits).value;
++}
++
++function isFresh(headers, now) {
++ var date = 0, maxAge = null;
++ var o;
++ while (!(o = headers.next()).done) {
++ var name = o.value[0], value = o.value[1];
++ if (name.match(/^expires$/i) != null) {
++ var parsed = Date.parse(value);
++ if (parsed && parsed > now)
++ return true;
++ } else if (name.match(/^cache-control$/i) != null) {
++ var directives = value.split(/\s*,\s*/);
++ for (var i = 0; i != directives.length; ++i) {
++ var d = directives[i];
++ if (d.match(/^\s*no-(?:cache|store)\s*$/) != null) {
++ return false;
++ } else if (d.match(/^\s*max-age\s*=\s*([0-9]+)/) != null) {
++ maxAge = Math.min(RegExp.$1, maxAge || Infinity);
++ }
++ }
++ } else if (name.match(/^date$/i) != null) {
++ date = Date.parse(value);
++ }
++ }
++
++ if (maxAge != null) {
++ if (date + maxAge * 1000 > now)
++ return true;
++ }
++
++ return false;
++}
++
++function BitCoder() {
++ this.value = [];
++ this.leftBits = 0;
++}
++
++BitCoder.prototype.addBit = function (b) {
++ if (this.leftBits == 0) {
++ this.value.push(0);
++ this.leftBits = 8;
++ }
++ --this.leftBits;
++ if (b)
++ this.value[this.value.length - 1] |= 1 << this.leftBits;
++ return this;
++};
++
++BitCoder.prototype.addBits = function (v, nbits) {
++ if (nbits != 0) {
++ do {
++ --nbits;
++ this.addBit(v & (1 << nbits));
++ } while (nbits != 0);
++ }
++ return this;
++};
++
++BitCoder.prototype.gcsEncode = function (values, bits_fixed) {
++ values = values.sort(function (a, b) { return a - b; });
++ var prev = -1;
++ for (var i = 0; i != values.length; ++i) {
++ if (prev == values[i])
++ continue;
++ var v = values[i] - prev - 1;
++ for (var q = v >> bits_fixed; q != 0; --q)
++ this.addBit(0);
++ this.addBit(1);
++ this.addBits(v, bits_fixed);
++ prev = values[i];
++ }
++ return this;
++};
++
++var base64Encode = function (buf) {
++ var TOKENS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
++ return function base64Encode(buf) {
++ var str = '';
++ for (var pos = 0; pos < buf.length; pos += 3) {
++ var quad = buf[pos] << 16 | buf[pos + 1] << 8 | buf[pos + 2];
++ str += TOKENS[(quad >> 18)] + TOKENS[(quad >> 12) & 63] + TOKENS[(quad >> 6) & 63] + TOKENS[quad & 63];
++ }
++ str = str.substring(0, str.length - pos + buf.length);
++ return str;
++ };
++}();
++
++function sha256Truncated(src, bits) {
++ // only supports bits <= 31
++ return ((sha256(src)[0] >> 1) & 0x7fffffff) >> (31 - bits);
++}
++
++var sha256=function(){var r=[-2147483648,8388608,32768,128],o=[24,16,8,0],a=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];return function(n){var t,e,f,h,c,u,v,d,i,l,A,C,g,s=[],w=!0,b=!1,j=0,k=0,m=0,p=n.length,q=1779033703,x=3144134277,y=1013904242,z=2773480762,B=1359893119,D=2600822924,E=528734635,F=1541459225,G=0;do{for(s[0]=G,s[16]=s[1]=s[2]=s[3]=s[4]=s[5]=s[6]=s[7]=s[8]=s[9]=s[10]=s[11]=s[12]=s[13]=s[14]=s[15]=0,e=k;p>j&&64>e;++j)t=n.charCodeAt(j),128>t?s[e>>2]|=t<<o[3&e++]:2048>t?(s[e>>2]|=(192|t>>6)<<o[3&e++],s[e>>2]|=(128|63&t)<<o[3&e++]):55296>t||t>=57344?(s[e>>2]|=(224|t>>12)<<o[3&e++],s[e>>2]|=(128|t>>6&63)<<o[3&e++],s[e>>2]|=(128|63&t)<<o[3&e++]):(t=65536+((1023&t)<<10|1023&n.charCodeAt(++j)),s[e>>2]|=(240|t>>18)<<o[3&e++],s[e>>2]|=(128|t>>12&63)<<o[3&e++],s[e>>2]|=(128|t>>6&63)<<o[3&e++],s[e>>2]|=(128|63&t)<<o[3&e++]);m+=e-k,k=e-64,j==p&&(s[e>>2]|=r[3&e],++j),G=s[16],j>p&&56>e&&(s[15]=m<<3,b=!0);var H=q,I=x,J=y,K=z,L=B,M=D,N=E,O=F;for(f=16;64>f;++f)v=s[f-15],h=(v>>>7|v<<25)^(v>>>18|v<<14)^v>>>3,v=s[f-2],c=(v>>>17|v<<15)^(v>>>19|v<<13)^v>>>10,s[f]=s[f-16]+h+s[f-7]+c<<0;for(g=I&J,f=0;64>f;f+=4)w?(l=704751109,v=s[0]-210244248,O=v-1521486534<<0,K=v+143694565<<0,w=!1):(h=(H>>>2|H<<30)^(H>>>13|H<<19)^(H>>>22|H<<10),c=(L>>>6|L<<26)^(L>>>11|L<<21)^(L>>>25|L<<7),l=H&I,u=l^H&J^g,i=L&M^~L&N,v=O+c+i+a[f]+s[f],d=h+u,O=K+v<<0,K=v+d<<0),h=(K>>>2|K<<30)^(K>>>13|K<<19)^(K>>>22|K<<10),c=(O>>>6|O<<26)^(O>>>11|O<<21)^(O>>>25|O<<7),A=K&H,u=A^K&I^l,i=O&L^~O&M,v=N+c+i+a[f+1]+s[f+1],d=h+u,N=J+v<<0,J=v+d<<0,h=(J>>>2|J<<30)^(J>>>13|J<<19)^(J>>>22|J<<10),c=(N>>>6|N<<26)^(N>>>11|N<<21)^(N>>>25|N<<7),C=J&K,u=C^J&H^A,i=N&O^~N&L,v=M+c+i+a[f+2]+s[f+2],d=h+u,M=I+v<<0,I=v+d<<0,h=(I>>>2|I<<30)^(I>>>13|I<<19)^(I>>>22|I<<10),c=(M>>>6|M<<26)^(M>>>11|M<<21)^(M>>>25|M<<7),g=I&J,u=g^I&K^C,i=M&N^~M&O,v=L+c+i+a[f+3]+s[f+3],d=h+u,L=H+v<<0,H=v+d<<0;q=q+H<<0,x=x+I<<0,y=y+J<<0,z=z+K<<0,B=B+L<<0,D=D+M<<0,E=E+N<<0,F=F+O<<0}while(!b);return[q,x,y,z,B,D,E,F]}}();
++
++function logRequest(req) {
++ var s = req.method + " " + req.url + "\n";
++ var o;
++ for (var iter = req.headers.entries(); !(o = iter.next()).done;)
++ s += o.value[0] + ": " + o.value[1] + "\n";
++ console.log(s);
++}
++function logError(req, msg) {
++ console.log(req.url + ":error:" + msg);
++}
++function logInfo(req, msg) {
++ console.log(req.url + ":info:" + msg);
++}
++function logDebug(req, msg) {
++ console.log(req.url + ":debug:" + msg);
++}
+--- /dev/null
++++ b/misc/cache-digest/cli.js
+@@ -0,0 +1,247 @@
++/*
++ * Copyright (c) 2015,2016 Jxck, DeNA Co., Ltd., Kazuho Oku
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to
++ * deal in the Software without restriction, including without limitation the
++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
++ * sell copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
++ * IN THE SOFTWARE.
++ *
++ *
++ * Includes a minified SHA256 implementation taken from https://gist.github.com/kazuho/bb8aab1a2946bbf42127d8a6197ad18c,
++ * licensed under the following copyright:
++ *
++ * Copyright (c) 2015,2016 Chen Yi-Cyuan, Kazuho Oku
++ *
++ * MIT License
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to
++ * deal in the Software without restriction, including without limitation the
++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
++ * sell copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
++ * IN THE SOFTWARE.
++ */
++"use strict";
++
++if (typeof self !== "undefined" && "ServiceWorkerGlobalScope" in self &&
++ self instanceof ServiceWorkerGlobalScope) {
++
++ /* ServiceWorker */
++ self.addEventListener('fetch', function(evt) {
++ var req = evt.request.clone();
++ if (req.method != "GET" || req.url.match(/\/cache-digests?\.js(?:\?|$)/)) {
++ logInfo(req, "skip");
++ return;
++ }
++ evt.respondWith(caches.open("v1").then(function (cache) {
++ return cache.match(req).then(function (res) {
++ if (res && isFresh(res.headers.entries(), Date.now())) {
++ logInfo(req, "hit");
++ return res;
++ }
++ var requestWithDigests = function (digests) {
++ if (digests != null) {
++ var err = null;
++ try {
++ req = new Request(req);
++ req.headers.append("cache-digest", digests);
++ if (req.headers.get("cache-digest") == null)
++ err = "append failed";
++ } catch (e) {
++ err = e;
++ }
++ if (err)
++ logError(req, e);
++ }
++ return fetch(req).then(function (res) {
++ var cached = false;
++ if (res.status == 200 && isFresh(res.headers.entries(), Date.now())) {
++ cache.put(req, res.clone());
++ cached = true;
++ }
++ logInfo(req, "fetched" + (cached ? " & cached" : "") + " with cache-digest:\"" + digests + "\"");
++ return res;
++ });
++ };
++ if (req.mode == "navigate") {
++ return generateCacheDigests(cache).then(requestWithDigests);
++ } else {
++ return requestWithDigests(null);
++ }
++ });
++ }));
++ });
++
++} else if (typeof navigator !== "undefined") {
++
++ /* bootstrap, loaded via <script src=...> */
++ navigator.serviceWorker.register("/cache-digest.js", {scope: "./"}).then(function(reg) {
++ console.log("registered cache-digest.js service worker");
++ }).catch(function(e) {
++ console.log("failed to register cache-digest.js service worker:" + e);
++ });
++
++}
++
++// returns a promise that returns the cache digest value
++function generateCacheDigests(cache) {
++ var urls = [];
++ return cache.keys().then(function (reqs) {
++ // collect 31-bit hashes of fresh responses
++ return Promise.all(reqs.map(function (req) {
++ var now = Date.now();
++ return cache.match(req).then(function (resp) {
++ if (resp && isFresh(resp.headers.entries(), now))
++ urls.push(req.url);
++ });
++ })).then(function () {
++ var dv = calcDigestValue(urls, 7);
++ return dv != null ? base64Encode(dv) + "; complete" : null;
++ });
++ });
++}
++
++function calcDigestValue(urls, pbits) {
++ var nbits = Math.round(Math.log(Math.max(urls.length, 1)) * 1.4426950408889634); // round log2(urls.length)
++ if (nbits + pbits > 31)
++ return null;
++ var hashes = [];
++ for (var i = 0; i != urls.length; ++i)
++ hashes.push(sha256Truncated(urls[i], nbits + pbits));
++ return (new BitCoder).addBits(nbits, 5).addBits(pbits, 5).gcsEncode(hashes, pbits).value;
++}
++
++function isFresh(headers, now) {
++ var date = 0, maxAge = null;
++ var o;
++ while (!(o = headers.next()).done) {
++ var name = o.value[0], value = o.value[1];
++ if (name.match(/^expires$/i) != null) {
++ var parsed = Date.parse(value);
++ if (parsed && parsed > now)
++ return true;
++ } else if (name.match(/^cache-control$/i) != null) {
++ var directives = value.split(/\s*,\s*/);
++ for (var i = 0; i != directives.length; ++i) {
++ var d = directives[i];
++ if (d.match(/^\s*no-(?:cache|store)\s*$/) != null) {
++ return false;
++ } else if (d.match(/^\s*max-age\s*=\s*([0-9]+)/) != null) {
++ maxAge = Math.min(RegExp.$1, maxAge || Infinity);
++ }
++ }
++ } else if (name.match(/^date$/i) != null) {
++ date = Date.parse(value);
++ }
++ }
++
++ if (maxAge != null) {
++ if (date + maxAge * 1000 > now)
++ return true;
++ }
++
++ return false;
++}
++
++function BitCoder() {
++ this.value = [];
++ this.leftBits = 0;
++}
++
++BitCoder.prototype.addBit = function (b) {
++ if (this.leftBits == 0) {
++ this.value.push(0);
++ this.leftBits = 8;
++ }
++ --this.leftBits;
++ if (b)
++ this.value[this.value.length - 1] |= 1 << this.leftBits;
++ return this;
++};
++
++BitCoder.prototype.addBits = function (v, nbits) {
++ if (nbits != 0) {
++ do {
++ --nbits;
++ this.addBit(v & (1 << nbits));
++ } while (nbits != 0);
++ }
++ return this;
++};
++
++BitCoder.prototype.gcsEncode = function (values, bits_fixed) {
++ values = values.sort(function (a, b) { return a - b; });
++ var prev = -1;
++ for (var i = 0; i != values.length; ++i) {
++ if (prev == values[i])
++ continue;
++ var v = values[i] - prev - 1;
++ for (var q = v >> bits_fixed; q != 0; --q)
++ this.addBit(0);
++ this.addBit(1);
++ this.addBits(v, bits_fixed);
++ prev = values[i];
++ }
++ return this;
++};
++
++var base64Encode = function (buf) {
++ var TOKENS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
++ return function base64Encode(buf) {
++ var str = '';
++ for (var pos = 0; pos < buf.length; pos += 3) {
++ var quad = buf[pos] << 16 | buf[pos + 1] << 8 | buf[pos + 2];
++ str += TOKENS[(quad >> 18)] + TOKENS[(quad >> 12) & 63] + TOKENS[(quad >> 6) & 63] + TOKENS[quad & 63];
++ }
++ str = str.substring(0, str.length - pos + buf.length);
++ return str;
++ };
++}();
++
++function sha256Truncated(src, bits) {
++ // only supports bits <= 31
++ return ((sha256(src)[0] >> 1) & 0x7fffffff) >> (31 - bits);
++}
++
++var sha256=function(){var r=[-2147483648,8388608,32768,128],o=[24,16,8,0],a=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];return function(n){var t,e,f,h,c,u,v,d,i,l,A,C,g,s=[],w=!0,b=!1,j=0,k=0,m=0,p=n.length,q=1779033703,x=3144134277,y=1013904242,z=2773480762,B=1359893119,D=2600822924,E=528734635,F=1541459225,G=0;do{for(s[0]=G,s[16]=s[1]=s[2]=s[3]=s[4]=s[5]=s[6]=s[7]=s[8]=s[9]=s[10]=s[11]=s[12]=s[13]=s[14]=s[15]=0,e=k;p>j&&64>e;++j)t=n.charCodeAt(j),128>t?s[e>>2]|=t<<o[3&e++]:2048>t?(s[e>>2]|=(192|t>>6)<<o[3&e++],s[e>>2]|=(128|63&t)<<o[3&e++]):55296>t||t>=57344?(s[e>>2]|=(224|t>>12)<<o[3&e++],s[e>>2]|=(128|t>>6&63)<<o[3&e++],s[e>>2]|=(128|63&t)<<o[3&e++]):(t=65536+((1023&t)<<10|1023&n.charCodeAt(++j)),s[e>>2]|=(240|t>>18)<<o[3&e++],s[e>>2]|=(128|t>>12&63)<<o[3&e++],s[e>>2]|=(128|t>>6&63)<<o[3&e++],s[e>>2]|=(128|63&t)<<o[3&e++]);m+=e-k,k=e-64,j==p&&(s[e>>2]|=r[3&e],++j),G=s[16],j>p&&56>e&&(s[15]=m<<3,b=!0);var H=q,I=x,J=y,K=z,L=B,M=D,N=E,O=F;for(f=16;64>f;++f)v=s[f-15],h=(v>>>7|v<<25)^(v>>>18|v<<14)^v>>>3,v=s[f-2],c=(v>>>17|v<<15)^(v>>>19|v<<13)^v>>>10,s[f]=s[f-16]+h+s[f-7]+c<<0;for(g=I&J,f=0;64>f;f+=4)w?(l=704751109,v=s[0]-210244248,O=v-1521486534<<0,K=v+143694565<<0,w=!1):(h=(H>>>2|H<<30)^(H>>>13|H<<19)^(H>>>22|H<<10),c=(L>>>6|L<<26)^(L>>>11|L<<21)^(L>>>25|L<<7),l=H&I,u=l^H&J^g,i=L&M^~L&N,v=O+c+i+a[f]+s[f],d=h+u,O=K+v<<0,K=v+d<<0),h=(K>>>2|K<<30)^(K>>>13|K<<19)^(K>>>22|K<<10),c=(O>>>6|O<<26)^(O>>>11|O<<21)^(O>>>25|O<<7),A=K&H,u=A^K&I^l,i=O&L^~O&M,v=N+c+i+a[f+1]+s[f+1],d=h+u,N=J+v<<0,J=v+d<<0,h=(J>>>2|J<<30)^(J>>>13|J<<19)^(J>>>22|J<<10),c=(N>>>6|N<<26)^(N>>>11|N<<21)^(N>>>25|N<<7),C=J&K,u=C^J&H^A,i=N&O^~N&L,v=M+c+i+a[f+2]+s[f+2],d=h+u,M=I+v<<0,I=v+d<<0,h=(I>>>2|I<<30)^(I>>>13|I<<19)^(I>>>22|I<<10),c=(M>>>6|M<<26)^(M>>>11|M<<21)^(M>>>25|M<<7),g=I&J,u=g^I&K^C,i=M&N^~M&O,v=L+c+i+a[f+3]+s[f+3],d=h+u,L=H+v<<0,H=v+d<<0;q=q+H<<0,x=x+I<<0,y=y+J<<0,z=z+K<<0,B=B+L<<0,D=D+M<<0,E=E+N<<0,F=F+O<<0}while(!b);return[q,x,y,z,B,D,E,F]}}();
++
++function logRequest(req) {
++ var s = req.method + " " + req.url + "\n";
++ var o;
++ for (var iter = req.headers.entries(); !(o = iter.next()).done;)
++ s += o.value[0] + ": " + o.value[1] + "\n";
++ console.log(s);
++}
++function logError(req, msg) {
++ console.log(req.url + ":error:" + msg);
++}
++function logInfo(req, msg) {
++ console.log(req.url + ":info:" + msg);
++}
++function logDebug(req, msg) {
++ console.log(req.url + ":debug:" + msg);
++}
diff --git a/community/h2o/proxysessionresumption.patch b/community/h2o/proxysessionresumption.patch
new file mode 100644
index 0000000000..c7d45336a7
--- /dev/null
+++ b/community/h2o/proxysessionresumption.patch
@@ -0,0 +1,134 @@
+Upstream: Yes
+Reason: Without this patch proxy ssl session resumptions fails
+Url: https://github.com/h2o/h2o/pull/2088
+--- a/include/h2o/socket.h
++++ b/include/h2o/socket.h
+@@ -71,6 +71,9 @@
+
+ #define H2O_SOCKET_INITIAL_INPUT_BUFFER_SIZE 4096
+
++#define H2O_SESSID_CTX ((const uint8_t*)"h2o")
++#define H2O_SESSID_CTX_LEN (sizeof("h2o") - 1)
++
+ typedef struct st_h2o_socket_t h2o_socket_t;
+
+ typedef void (*h2o_socket_cb)(h2o_socket_t *sock, const char *err);
+@@ -266,6 +269,7 @@
+ static h2o_iovec_t h2o_socket_log_ssl_cipher(h2o_socket_t *sock, h2o_mem_pool_t *pool);
+ h2o_iovec_t h2o_socket_log_ssl_cipher_bits(h2o_socket_t *sock, h2o_mem_pool_t *pool);
+ h2o_iovec_t h2o_socket_log_ssl_session_id(h2o_socket_t *sock, h2o_mem_pool_t *pool);
++int h2o_socket_ssl_new_session_cb(SSL *s, SSL_SESSION *sess);
+
+ /**
+ * compares socket addresses
+--- a/lib/common/socket.c
++++ b/lib/common/socket.c
+@@ -916,6 +916,8 @@
+ static void create_ossl(h2o_socket_t *sock)
+ {
+ sock->ssl->ossl = SSL_new(sock->ssl->ssl_ctx);
++ /* set app data to be used in h2o_socket_ssl_new_session_cb */
++ SSL_set_app_data(sock->ssl->ossl, sock);
+ setup_bio(sock);
+ }
+
+@@ -942,6 +944,26 @@
+ }
+ }
+
++int h2o_socket_ssl_new_session_cb(SSL *s, SSL_SESSION *sess)
++{
++ h2o_socket_t *sock = (h2o_socket_t *)SSL_get_app_data(s);
++ assert(sock != NULL);
++ assert(sock->ssl != NULL);
++
++ if (!SSL_is_server(s) && sock->ssl->handshake.client.session_cache != NULL
++#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL
++ && SSL_SESSION_is_resumable(sess)
++#endif
++ ) {
++ h2o_cache_set(sock->ssl->handshake.client.session_cache, h2o_now(h2o_socket_get_loop(sock)),
++ sock->ssl->handshake.client.session_cache_key, sock->ssl->handshake.client.session_cache_key_hash,
++ h2o_iovec_init(sess, 1));
++ return 1; /* retain ref count */
++ }
++
++ return 0; /* drop ref count */
++}
++
+ static int on_async_resumption_new(SSL *ssl, SSL_SESSION *session)
+ {
+ h2o_iovec_t data;
+@@ -992,16 +1014,6 @@
+ sock->ssl->record_overhead = 32; /* sufficiently large number that can hold most payloads */
+ break;
+ }
+- }
+- }
+-
+- /* set ssl session into the cache */
+- if (sock->ssl->ossl != NULL && !SSL_is_server(sock->ssl->ossl) && sock->ssl->handshake.client.session_cache != NULL) {
+- if (err == NULL || err == h2o_socket_error_ssl_cert_name_mismatch) {
+- SSL_SESSION *session = SSL_get1_session(sock->ssl->ossl);
+- h2o_cache_set(sock->ssl->handshake.client.session_cache, h2o_now(h2o_socket_get_loop(sock)),
+- sock->ssl->handshake.client.session_cache_key, sock->ssl->handshake.client.session_cache_key_hash,
+- h2o_iovec_init(session, 1));
+ }
+ }
+
+--- a/lib/handler/configurator/proxy.c
++++ b/lib/handler/configurator/proxy.c
+@@ -27,6 +27,7 @@
+ #include <openssl/ssl.h>
+ #include "h2o.h"
+ #include "h2o/configurator.h"
++#include "h2o/socket.h"
+
+ struct proxy_configurator_t {
+ h2o_configurator_t super;
+@@ -86,6 +87,9 @@
+ {
+ SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());
+ SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++ SSL_CTX_set_session_id_context(ctx, H2O_SESSID_CTX, H2O_SESSID_CTX_LEN);
++ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE);
++ SSL_CTX_sess_set_new_cb(ctx, h2o_socket_ssl_new_session_cb);
+ return ctx;
+ }
+
+@@ -119,6 +123,7 @@
+
+ /* create new ctx */
+ *ctx = create_ssl_ctx();
++ SSL_CTX_set_session_id_context(*ctx, H2O_SESSID_CTX, H2O_SESSID_CTX_LEN);
+ SSL_CTX_set_cert_store(*ctx, cert_store);
+ SSL_CTX_set_verify(*ctx, verify_mode, NULL);
+ if (new_session_cache != NULL)
+--- a/src/main.c
++++ b/src/main.c
+@@ -674,9 +674,15 @@
+ ssl_options |= SSL_OP_NO_COMPRESSION;
+ #endif
+
++#ifdef SSL_OP_NO_RENEGOTIATION
++ ssl_options |= SSL_OP_NO_RENEGOTIATION;
++#endif
++
+ /* setup */
+ ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+ SSL_CTX_set_options(ssl_ctx, ssl_options);
++
++ SSL_CTX_set_session_id_context(ssl_ctx, H2O_SESSID_CTX, H2O_SESSID_CTX_LEN);
+
+ setup_ecc_key(ssl_ctx);
+ if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certificate_file->data.scalar) != 1) {
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -116,6 +116,7 @@
+ size_t i;
+ for (i = 0; i != num_contexts; ++i) {
+ SSL_CTX_set_session_cache_mode(contexts[i], SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
++ SSL_CTX_set_session_id_context(contexts[i], H2O_SESSID_CTX, H2O_SESSID_CTX_LEN);
+ SSL_CTX_set_timeout(contexts[i], conf.lifetime);
+ }
+ spawn_cache_cleanup_thread(contexts, num_contexts);
diff --git a/community/h2o/sessiontickettest.patch b/community/h2o/sessiontickettest.patch
new file mode 100644
index 0000000000..86ea5ba4ca
--- /dev/null
+++ b/community/h2o/sessiontickettest.patch
@@ -0,0 +1,140 @@
+Upstream: Yes
+Reason: Without this patch the session ticket test fails
+Url: https://github.com/h2o/h2o/pull/2334
+--- a/t/40session-ticket.t
++++ b/t/40session-ticket.t
+@@ -3,6 +3,7 @@
+ use File::Temp qw(tempdir);
+ use Net::EmptyPort qw(check_port empty_port);
+ use Test::More;
++use Time::HiRes qw(sleep);
+ use t::Util;
+
+ plan skip_all => "could not find openssl"
+@@ -17,16 +18,16 @@
+ mode: ticket
+ EOT
+ sub {
+- is test(), "New";
+- test(); # openssl 0.9.8 seems to return "New" (maybe because in the first run we did not specify -sess_in)
+- is test(), "Reused";
+- is test(), "Reused";
++ sleep 5;
++ is test("new"), "New";
++ is test("reuse"), "Reused";
++ is test("reuse"), "Reused";
+ });
+ spawn_with(<< "EOT",
+ mode: ticket
+ EOT
+ sub {
+- is test(), "New";
++ is test("reuse"), "New";
+ });
+ };
+
+@@ -36,11 +37,13 @@
+ mode: ticket
+ ticket-store: file
+ ticket-file: $tickets_file
++num-threads: 1
+ EOT
+ sub {
+- is test(), "New";
+- is test(), "Reused";
+- is test(), "Reused";
++ sleep 5; # wait for tickets file to be loaded
++ is test("new"), "New";
++ is test("reuse"), "Reused";
++ is test("reuse"), "Reused";
+ });
+ spawn_with(<< "EOT",
+ mode: ticket
+@@ -48,8 +51,8 @@
+ ticket-file: $tickets_file
+ EOT
+ sub {
+- sleep 1;
+- is test(), "Reused";
++ sleep 5; # wait for tickets file to be loaded
++ is test("reuse"), "Reused";
+ });
+ };
+
+@@ -59,11 +62,13 @@
+ mode: ticket
+ ticket-store: file
+ ticket-file: $tickets_file
++num-threads: 1
+ EOT
+ sub {
+- is test(), "New";
+- is test(), "New";
+- is test(), "New";
++ sleep 5; # wait for tickets file to be loaded
++ is test("new"), "New";
++ is test("reuse"), "New";
++ is test("reuse"), "New";
+ });
+ };
+
+@@ -86,15 +91,17 @@
+ host: 127.0.0.1
+ port: $memc_port
+ protocol: $memc_proto
++num-threads: 1
+ EOT
+ spawn_with($conf, sub {
+- is test(), "New";
+- is test(), "Reused";
+- is test(), "Reused";
++ sleep 5;
++ is test("new"), "New";
++ is test("reuse"), "Reused";
++ is test("reuse"), "Reused";
+ });
+ spawn_with($conf, sub {
+- sleep 1;
+- is test(), "Reused";
++ sleep 5;
++ is test("reuse"), "Reused";
+ });
+ };
+ $doit->("binary");
+@@ -120,14 +127,33 @@
+ }
+
+ sub test {
++ my $sess_mode = shift @_; # reuse or new
++
++ # 'openssl -sess_out' writes a session file ONLY if
++ # a session was handed out by the server!
++
++ my $cmd_opts;
++ if ( $sess_mode eq 'new' ) {
++ unlink "$tempdir/session";
++ $cmd_opts = "-sess_out $tempdir/session";
++ } else {
++ return "no session to reuse $tempdir/session does no exist" unless ( -e "$tempdir/session" );
++ $cmd_opts = "-sess_in $tempdir/session";
++ }
++
+ my $lines = do {
+- my $cmd_opts = (-e "$tempdir/session" ? "-sess_in $tempdir/session" : "") . " -sess_out $tempdir/session";
+- open my $fh, "-|", "openssl s_client $cmd_opts -connect 127.0.0.1:$server->{tls_port} 2>&1 < /dev/null"
++ open my $fh, "-|", "openssl s_client $cmd_opts -prexit -servername 127.0.0.1 -connect 127.0.0.1:$server->{tls_port} -tls1_2 2>&1"
+ or die "failed to open pipe:$!";
+ local $/;
+ <$fh>;
+ };
++ print $lines;
+ $lines =~ m{---\n(New|Reused),}s
+ or die "failed to parse the output of s_client:{{{$lines}}}";
+- $1;
++
++ if ( $sess_mode eq 'new' ) {
++ -e "$tempdir/session" ? $1 : "no session created $tempdir/session does no exist";
++ } else {
++ $1;
++ }
+ }
diff --git a/testing/perl-http-entity-parser/APKBUILD b/community/perl-http-entity-parser/APKBUILD
index f5541a00ab..f5541a00ab 100644
--- a/testing/perl-http-entity-parser/APKBUILD
+++ b/community/perl-http-entity-parser/APKBUILD
diff --git a/testing/perl-http-multipartparser/APKBUILD b/community/perl-http-multipartparser/APKBUILD
index 262cd14b43..262cd14b43 100644
--- a/testing/perl-http-multipartparser/APKBUILD
+++ b/community/perl-http-multipartparser/APKBUILD
diff --git a/testing/perl-protocol-http2/APKBUILD b/community/perl-protocol-http2/APKBUILD
index 11bd53dd6c..11bd53dd6c 100644
--- a/testing/perl-protocol-http2/APKBUILD
+++ b/community/perl-protocol-http2/APKBUILD
diff --git a/testing/perl-www-form-urlencoded/APKBUILD b/community/perl-www-form-urlencoded/APKBUILD
index 57ab9bb2d3..57ab9bb2d3 100644
--- a/testing/perl-www-form-urlencoded/APKBUILD
+++ b/community/perl-www-form-urlencoded/APKBUILD