Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 5778:45ed2f1f0a6a
SSL: let it build against BoringSSL.
This change adds support for using BoringSSL as a drop-in replacement
for OpenSSL without adding support for any of the BoringSSL-specific
features.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Wed, 30 Jul 2014 04:32:15 -0700 |
parents | 4d092aa2f463 |
children | e0eaf2d92a8c |
comparison
equal
deleted
inserted
replaced
5777:4d092aa2f463 | 5778:45ed2f1f0a6a |
---|---|
104 | 104 |
105 | 105 |
106 ngx_int_t | 106 ngx_int_t |
107 ngx_ssl_init(ngx_log_t *log) | 107 ngx_ssl_init(ngx_log_t *log) |
108 { | 108 { |
109 #ifndef OPENSSL_IS_BORINGSSL | |
109 OPENSSL_config(NULL); | 110 OPENSSL_config(NULL); |
111 #endif | |
110 | 112 |
111 SSL_library_init(); | 113 SSL_library_init(); |
112 SSL_load_error_strings(); | 114 SSL_load_error_strings(); |
113 | 115 |
114 OpenSSL_add_all_algorithms(); | 116 OpenSSL_add_all_algorithms(); |
215 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING | 217 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING |
216 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | 218 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ |
217 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | 219 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); |
218 #endif | 220 #endif |
219 | 221 |
222 #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG | |
220 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | 223 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); |
224 #endif | |
225 | |
221 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | 226 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); |
222 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | 227 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); |
223 | 228 |
224 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | 229 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); |
225 | 230 |
380 } | 385 } |
381 | 386 |
382 if (--tries) { | 387 if (--tries) { |
383 n = ERR_peek_error(); | 388 n = ERR_peek_error(); |
384 | 389 |
390 #ifdef OPENSSL_IS_BORINGSSL | |
391 if (ERR_GET_LIB(n) == ERR_LIB_CIPHER | |
392 && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) | |
393 #else | |
385 if (ERR_GET_LIB(n) == ERR_LIB_EVP | 394 if (ERR_GET_LIB(n) == ERR_LIB_EVP |
386 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) | 395 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) |
396 #endif | |
387 { | 397 { |
388 ERR_clear_error(); | 398 ERR_clear_error(); |
389 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); | 399 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); |
390 continue; | 400 continue; |
391 } | 401 } |