Mercurial > hg > nginx
comparison auto/lib/openssl/conf @ 9137:0ba26c99b3a1
SSL: avoid using OpenSSL config in build directory (ticket #2404).
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself. And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.
Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 21 Jun 2023 01:29:53 +0300 |
parents | 7da4791e0264 |
children |
comparison
equal
deleted
inserted
replaced
9136:85abf534cead | 9137:0ba26c99b3a1 |
---|---|
5 | 5 |
6 if [ $OPENSSL != NONE ]; then | 6 if [ $OPENSSL != NONE ]; then |
7 | 7 |
8 have=NGX_OPENSSL . auto/have | 8 have=NGX_OPENSSL . auto/have |
9 have=NGX_SSL . auto/have | 9 have=NGX_SSL . auto/have |
10 | |
11 have=NGX_OPENSSL_NO_CONFIG . auto/have | |
10 | 12 |
11 if [ $USE_OPENSSL_QUIC = YES ]; then | 13 if [ $USE_OPENSSL_QUIC = YES ]; then |
12 have=NGX_QUIC . auto/have | 14 have=NGX_QUIC . auto/have |
13 have=NGX_QUIC_OPENSSL_COMPAT . auto/have | 15 have=NGX_QUIC_OPENSSL_COMPAT . auto/have |
14 fi | 16 fi |