Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6725:9b9ae81cd4f0
SSL: use X509_check_host() with LibreSSL.
Explicit checks for OPENSSL_VERSION_NUMBER replaced with checks
for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT, thus allowing X509_check_host()
to be used with other libraries. In particular, X509_check_host() was
introduced in LibreSSL 2.5.0.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 04 Oct 2016 17:26:45 +0300 |
parents | 9cf2dce316e5 |
children | 8081e1f3ab8b |
comparison
equal
deleted
inserted
replaced
6724:a6d116645c51 | 6725:9b9ae81cd4f0 |
---|---|
53 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 53 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
54 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 54 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
55 HMAC_CTX *hctx, int enc); | 55 HMAC_CTX *hctx, int enc); |
56 #endif | 56 #endif |
57 | 57 |
58 #if OPENSSL_VERSION_NUMBER < 0x10002002L | 58 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
60 #endif | 60 #endif |
61 | 61 |
62 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 62 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
63 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 63 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
3090 cert = SSL_get_peer_certificate(c->ssl->connection); | 3090 cert = SSL_get_peer_certificate(c->ssl->connection); |
3091 if (cert == NULL) { | 3091 if (cert == NULL) { |
3092 return NGX_ERROR; | 3092 return NGX_ERROR; |
3093 } | 3093 } |
3094 | 3094 |
3095 #if OPENSSL_VERSION_NUMBER >= 0x10002002L | 3095 #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
3096 | 3096 |
3097 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 3097 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
3098 | 3098 |
3099 if (name->len == 0) { | 3099 if (name->len == 0) { |
3100 goto failed; | 3100 goto failed; |
3207 X509_free(cert); | 3207 X509_free(cert); |
3208 return NGX_OK; | 3208 return NGX_OK; |
3209 } | 3209 } |
3210 | 3210 |
3211 | 3211 |
3212 #if OPENSSL_VERSION_NUMBER < 0x10002002L | 3212 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
3213 | 3213 |
3214 static ngx_int_t | 3214 static ngx_int_t |
3215 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) | 3215 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) |
3216 { | 3216 { |
3217 u_char *s, *p, *end; | 3217 u_char *s, *p, *end; |