Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6485:382fc7069e3a
SSL: reasonable version for LibreSSL.
LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but uses an old
API derived from OpenSSL at the time LibreSSL forked. As a result, every
version check we use to test for new API elements in newer OpenSSL versions
requires an explicit check for LibreSSL.
To reduce clutter, redefine OPENSSL_VERSION_NUMBER to 0x1000107fL if
LibreSSL is used. The same is done by FreeBSD port of LibreSSL.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 31 Mar 2016 23:38:29 +0300 |
parents | f01ab2dbcfdc |
children | 978ad80b3732 |
comparison
equal
deleted
inserted
replaced
6484:4b420f9c4c5d | 6485:382fc7069e3a |
---|---|
50 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 50 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
51 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 51 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
52 HMAC_CTX *hctx, int enc); | 52 HMAC_CTX *hctx, int enc); |
53 #endif | 53 #endif |
54 | 54 |
55 #if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) | 55 #if OPENSSL_VERSION_NUMBER < 0x10002002L |
56 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 56 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
57 #endif | 57 #endif |
58 | 58 |
59 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 59 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
60 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 60 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
2942 cert = SSL_get_peer_certificate(c->ssl->connection); | 2942 cert = SSL_get_peer_certificate(c->ssl->connection); |
2943 if (cert == NULL) { | 2943 if (cert == NULL) { |
2944 return NGX_ERROR; | 2944 return NGX_ERROR; |
2945 } | 2945 } |
2946 | 2946 |
2947 #if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER) | 2947 #if OPENSSL_VERSION_NUMBER >= 0x10002002L |
2948 | 2948 |
2949 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 2949 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
2950 | 2950 |
2951 if (name->len == 0) { | 2951 if (name->len == 0) { |
2952 goto failed; | 2952 goto failed; |
3059 X509_free(cert); | 3059 X509_free(cert); |
3060 return NGX_OK; | 3060 return NGX_OK; |
3061 } | 3061 } |
3062 | 3062 |
3063 | 3063 |
3064 #if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) | 3064 #if OPENSSL_VERSION_NUMBER < 0x10002002L |
3065 | 3065 |
3066 static ngx_int_t | 3066 static ngx_int_t |
3067 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) | 3067 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) |
3068 { | 3068 { |
3069 u_char *s, *p, *end; | 3069 u_char *s, *p, *end; |