Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6036:4e3f87c02cb4
SSL: use of SSL_MODE_NO_AUTO_CHAIN.
The SSL_MODE_NO_AUTO_CHAIN mode prevents OpenSSL from automatically
building a certificate chain on the fly if there is no certificate chain
explicitly provided. Before this change, certificates provided via the
ssl_client_certificate and ssl_trusted_certificate directives were
used by OpenSSL to automatically build certificate chains, resulting
in unexpected (and in some cases unneeded) chains being sent to clients.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 23 Mar 2015 02:42:35 +0300 |
parents | 3e847964ab55 |
children | b40af2fd1c16 60ae75969588 |
comparison
equal
deleted
inserted
replaced
6035:a84267233877 | 6036:4e3f87c02cb4 |
---|---|
281 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | 281 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); |
282 #endif | 282 #endif |
283 | 283 |
284 #ifdef SSL_MODE_RELEASE_BUFFERS | 284 #ifdef SSL_MODE_RELEASE_BUFFERS |
285 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); | 285 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); |
286 #endif | |
287 | |
288 #ifdef SSL_MODE_NO_AUTO_CHAIN | |
289 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_NO_AUTO_CHAIN); | |
286 #endif | 290 #endif |
287 | 291 |
288 SSL_CTX_set_read_ahead(ssl->ctx, 1); | 292 SSL_CTX_set_read_ahead(ssl->ctx, 1); |
289 | 293 |
290 SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback); | 294 SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback); |