Mercurial > hg > nginx
comparison auto/lib/openssl/conf @ 9137:0ba26c99b3a1
SSL: avoid using OpenSSL config in build directory (ticket #2404).
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself. And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.
Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 21 Jun 2023 01:29:53 +0300 |
| parents | 7da4791e0264 |
| children |
comparison
equal
deleted
inserted
replaced
| 9136:85abf534cead | 9137:0ba26c99b3a1 |
|---|---|
| 5 | 5 |
| 6 if [ $OPENSSL != NONE ]; then | 6 if [ $OPENSSL != NONE ]; then |
| 7 | 7 |
| 8 have=NGX_OPENSSL . auto/have | 8 have=NGX_OPENSSL . auto/have |
| 9 have=NGX_SSL . auto/have | 9 have=NGX_SSL . auto/have |
| 10 | |
| 11 have=NGX_OPENSSL_NO_CONFIG . auto/have | |
| 10 | 12 |
| 11 if [ $USE_OPENSSL_QUIC = YES ]; then | 13 if [ $USE_OPENSSL_QUIC = YES ]; then |
| 12 have=NGX_QUIC . auto/have | 14 have=NGX_QUIC . auto/have |
| 13 have=NGX_QUIC_OPENSSL_COMPAT . auto/have | 15 have=NGX_QUIC_OPENSSL_COMPAT . auto/have |
| 14 fi | 16 fi |