Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6485:382fc7069e3a
SSL: reasonable version for LibreSSL.
LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but uses an old
API derived from OpenSSL at the time LibreSSL forked. As a result, every
version check we use to test for new API elements in newer OpenSSL versions
requires an explicit check for LibreSSL.
To reduce clutter, redefine OPENSSL_VERSION_NUMBER to 0x1000107fL if
LibreSSL is used. The same is done by FreeBSD port of LibreSSL.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 31 Mar 2016 23:38:29 +0300 |
| parents | f01ab2dbcfdc |
| children | 978ad80b3732 |
comparison
equal
deleted
inserted
replaced
| 6484:4b420f9c4c5d | 6485:382fc7069e3a |
|---|---|
| 50 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 50 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
| 51 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 51 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
| 52 HMAC_CTX *hctx, int enc); | 52 HMAC_CTX *hctx, int enc); |
| 53 #endif | 53 #endif |
| 54 | 54 |
| 55 #if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) | 55 #if OPENSSL_VERSION_NUMBER < 0x10002002L |
| 56 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 56 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
| 57 #endif | 57 #endif |
| 58 | 58 |
| 59 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 59 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
| 60 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 60 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
| 2942 cert = SSL_get_peer_certificate(c->ssl->connection); | 2942 cert = SSL_get_peer_certificate(c->ssl->connection); |
| 2943 if (cert == NULL) { | 2943 if (cert == NULL) { |
| 2944 return NGX_ERROR; | 2944 return NGX_ERROR; |
| 2945 } | 2945 } |
| 2946 | 2946 |
| 2947 #if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER) | 2947 #if OPENSSL_VERSION_NUMBER >= 0x10002002L |
| 2948 | 2948 |
| 2949 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 2949 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
| 2950 | 2950 |
| 2951 if (name->len == 0) { | 2951 if (name->len == 0) { |
| 2952 goto failed; | 2952 goto failed; |
| 3059 X509_free(cert); | 3059 X509_free(cert); |
| 3060 return NGX_OK; | 3060 return NGX_OK; |
| 3061 } | 3061 } |
| 3062 | 3062 |
| 3063 | 3063 |
| 3064 #if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) | 3064 #if OPENSSL_VERSION_NUMBER < 0x10002002L |
| 3065 | 3065 |
| 3066 static ngx_int_t | 3066 static ngx_int_t |
| 3067 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) | 3067 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) |
| 3068 { | 3068 { |
| 3069 u_char *s, *p, *end; | 3069 u_char *s, *p, *end; |