diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2016-03-31 23:38:29 +0300 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2016-03-31 23:38:29 +0300 |
commit | bad99ee0047282fd5a8e5730d440a032eb2452ed (patch) | |
tree | 14436be2e5c36209f85c5e0b488400859732bbb0 | |
parent | 5afd74bed6b9a93b800bf0b5cc8b4e82990e1e9e (diff) | |
download | nginx-bad99ee0047282fd5a8e5730d440a032eb2452ed.tar.gz |
SSL: reasonable version for LibreSSL.
LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but uses an old
API derived from OpenSSL at the time LibreSSL forked. As a result, every
version check we use to test for new API elements in newer OpenSSL versions
requires an explicit check for LibreSSL.
To reduce clutter, redefine OPENSSL_VERSION_NUMBER to 0x1000107fL if
LibreSSL is used. The same is done by FreeBSD port of LibreSSL.
-rw-r--r-- | src/event/ngx_event_openssl.c | 6 | ||||
-rw-r--r-- | src/event/ngx_event_openssl.h | 6 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 743928f78..7f435b473 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -52,7 +52,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, HMAC_CTX *hctx, int enc); #endif -#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10002002L static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); #endif @@ -2944,7 +2944,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) return NGX_ERROR; } -#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER >= 0x10002002L /* X509_check_host() is only available in OpenSSL 1.0.2+ */ @@ -3061,7 +3061,7 @@ found: } -#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10002002L static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index c86be2ac2..8ad87bbfa 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -33,6 +33,12 @@ #define NGX_SSL_NAME "OpenSSL" +#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) +#undef OPENSSL_VERSION_NUMBER +#define OPENSSL_VERSION_NUMBER 0x1000107fL +#endif + + #define ngx_ssl_session_t SSL_SESSION #define ngx_ssl_conn_t SSL |