feat(patch) patch nginx to support stream upstream ssl function (#582)

patch Nginx code to support stream upstream SSL function
FTI-1479

Jenkinsfile

@@ -141,7 +141,7 @@ pipeline {
                         sh 'make PACKAGE_TYPE=deb RESTY_IMAGE_BASE=ubuntu RESTY_IMAGE_TAG=22.04 SSL_PROVIDER=boringssl package-kong test cleanup'
                     }
                 }
-                stage('Kong EE 3.0.0.0'){
+                stage('Kong EE master'){
                     agent {
                         node {
                             label 'bionic'
@@ -150,7 +150,7 @@ pipeline {
                     environment {
                         GITHUB_SSH_KEY = credentials('github_bot_ssh_key')
                         PATH = "/home/ubuntu/bin/:${env.PATH}"
-                        KONG_SOURCE = "3.0.0.0"
+                        KONG_SOURCE = "master"
                     }
                     options {
                         retry(2)

openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_upstream_client_certificate_and_ssl_verify.patch

@@ -0,0 +1,78 @@
+diff --git a/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c b/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
+index b11c288..4ae9e7b 100644
+--- a/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
++++ b/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
+@@ -8,6 +8,9 @@
+ #include <ngx_config.h>
+ #include <ngx_core.h>
+ #include <ngx_stream.h>
++#if (NGX_STREAM_LUA_KONG)
++#include <ngx_stream_lua_kong_module.h>
++#endif
+
+
+ typedef struct {
+@@ -821,8 +824,18 @@ ngx_stream_proxy_init_upstream(ngx_stream_session_t *s)
+
+ #if (NGX_STREAM_SSL)
+
++#if (NGX_STREAM_LUA_KONG)
++
++    if (pc->type == SOCK_STREAM && pscf->ssl
++        && !ngx_stream_lua_kong_get_proxy_ssl_disable(s))
++    {
++
++#else
++
+     if (pc->type == SOCK_STREAM && pscf->ssl) {
+
++#endif
++
+         if (u->proxy_protocol) {
+             if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) {
+                 return;
+@@ -1085,7 +1098,16 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
+         return;
+     }
+
+-    if (pscf->ssl_server_name || pscf->ssl_verify) {
++#if (NGX_STREAM_LUA_KONG)
++
++    if (pscf->ssl_server_name || ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) {    
++
++#else
++
++     if (pscf->ssl_server_name || pscf->ssl_verify) {
++
++#endif
++
+         if (ngx_stream_proxy_ssl_name(s) != NGX_OK) {
+             ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+             return;
+@@ -1110,6 +1132,10 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
+         }
+     }
+
++#if (NGX_STREAM_LUA_KONG)
++    ngx_stream_lua_kong_set_upstream_ssl(s, pc);
++#endif
++
+     s->connection->log->action = "SSL handshaking to upstream";
+
+     rc = ngx_ssl_handshake(pc);
+@@ -1142,7 +1168,15 @@ ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc)
+
+     if (pc->ssl->handshaked) {
+
++#if (NGX_STREAM_LUA_KONG)
++
++		if (ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) {    
++
++#else
++
+         if (pscf->ssl_verify) {
++
++#endif
+             rc = SSL_get_verify_result(pc->ssl->connection);
+
+             if (rc != X509_V_OK) {