Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5778:45ed2f1f0a6a
SSL: let it build against BoringSSL.
This change adds support for using BoringSSL as a drop-in replacement
for OpenSSL without adding support for any of the BoringSSL-specific
features.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Wed, 30 Jul 2014 04:32:15 -0700 |
| parents | 4d092aa2f463 |
| children | e0eaf2d92a8c |
comparison
equal
deleted
inserted
replaced
| 5777:4d092aa2f463 | 5778:45ed2f1f0a6a |
|---|---|
| 104 | 104 |
| 105 | 105 |
| 106 ngx_int_t | 106 ngx_int_t |
| 107 ngx_ssl_init(ngx_log_t *log) | 107 ngx_ssl_init(ngx_log_t *log) |
| 108 { | 108 { |
| 109 #ifndef OPENSSL_IS_BORINGSSL | |
| 109 OPENSSL_config(NULL); | 110 OPENSSL_config(NULL); |
| 111 #endif | |
| 110 | 112 |
| 111 SSL_library_init(); | 113 SSL_library_init(); |
| 112 SSL_load_error_strings(); | 114 SSL_load_error_strings(); |
| 113 | 115 |
| 114 OpenSSL_add_all_algorithms(); | 116 OpenSSL_add_all_algorithms(); |
| 215 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING | 217 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING |
| 216 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | 218 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ |
| 217 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | 219 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); |
| 218 #endif | 220 #endif |
| 219 | 221 |
| 222 #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG | |
| 220 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | 223 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); |
| 224 #endif | |
| 225 | |
| 221 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | 226 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); |
| 222 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | 227 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); |
| 223 | 228 |
| 224 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | 229 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); |
| 225 | 230 |
| 380 } | 385 } |
| 381 | 386 |
| 382 if (--tries) { | 387 if (--tries) { |
| 383 n = ERR_peek_error(); | 388 n = ERR_peek_error(); |
| 384 | 389 |
| 390 #ifdef OPENSSL_IS_BORINGSSL | |
| 391 if (ERR_GET_LIB(n) == ERR_LIB_CIPHER | |
| 392 && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) | |
| 393 #else | |
| 385 if (ERR_GET_LIB(n) == ERR_LIB_EVP | 394 if (ERR_GET_LIB(n) == ERR_LIB_EVP |
| 386 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) | 395 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) |
| 396 #endif | |
| 387 { | 397 { |
| 388 ERR_clear_error(); | 398 ERR_clear_error(); |
| 389 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); | 399 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); |
| 390 continue; | 400 continue; |
| 391 } | 401 } |