Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6725:9b9ae81cd4f0
SSL: use X509_check_host() with LibreSSL.
Explicit checks for OPENSSL_VERSION_NUMBER replaced with checks
for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT, thus allowing X509_check_host()
to be used with other libraries. In particular, X509_check_host() was
introduced in LibreSSL 2.5.0.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 04 Oct 2016 17:26:45 +0300 |
| parents | 9cf2dce316e5 |
| children | 8081e1f3ab8b |
comparison
equal
deleted
inserted
replaced
| 6724:a6d116645c51 | 6725:9b9ae81cd4f0 |
|---|---|
| 53 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 53 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
| 54 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 54 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
| 55 HMAC_CTX *hctx, int enc); | 55 HMAC_CTX *hctx, int enc); |
| 56 #endif | 56 #endif |
| 57 | 57 |
| 58 #if OPENSSL_VERSION_NUMBER < 0x10002002L | 58 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
| 59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
| 60 #endif | 60 #endif |
| 61 | 61 |
| 62 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 62 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
| 63 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 63 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
| 3090 cert = SSL_get_peer_certificate(c->ssl->connection); | 3090 cert = SSL_get_peer_certificate(c->ssl->connection); |
| 3091 if (cert == NULL) { | 3091 if (cert == NULL) { |
| 3092 return NGX_ERROR; | 3092 return NGX_ERROR; |
| 3093 } | 3093 } |
| 3094 | 3094 |
| 3095 #if OPENSSL_VERSION_NUMBER >= 0x10002002L | 3095 #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
| 3096 | 3096 |
| 3097 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 3097 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
| 3098 | 3098 |
| 3099 if (name->len == 0) { | 3099 if (name->len == 0) { |
| 3100 goto failed; | 3100 goto failed; |
| 3207 X509_free(cert); | 3207 X509_free(cert); |
| 3208 return NGX_OK; | 3208 return NGX_OK; |
| 3209 } | 3209 } |
| 3210 | 3210 |
| 3211 | 3211 |
| 3212 #if OPENSSL_VERSION_NUMBER < 0x10002002L | 3212 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
| 3213 | 3213 |
| 3214 static ngx_int_t | 3214 static ngx_int_t |
| 3215 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) | 3215 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) |
| 3216 { | 3216 { |
| 3217 u_char *s, *p, *end; | 3217 u_char *s, *p, *end; |