Mercurial > hg > nginx-quic
diff src/mail/ngx_mail_ssl_module.c @ 6035:a84267233877
SSL: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL.
LibreSSL removed support for export ciphers and a call to
SSL_CTX_set_tmp_rsa_callback() results in an error left in the error
queue. This caused alerts "ignoring stale global SSL error (...called
a function you should not call) while SSL handshaking" on a first connection
in each worker process.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 23 Mar 2015 02:42:34 +0300 |
parents | ec01b1d1fff1 |
children | b2899e7d0ef8 |
line wrap: on
line diff
--- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -421,7 +421,9 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); } +#ifndef LIBRESSL_VERSION_NUMBER SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); +#endif if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { return NGX_CONF_ERROR;