Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 6035:a84267233877
SSL: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL.
LibreSSL removed support for export ciphers and a call to
SSL_CTX_set_tmp_rsa_callback() results in an error left in the error
queue. This caused alerts "ignoring stale global SSL error (...called
a function you should not call) while SSL handshaking" on a first connection
in each worker process.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 23 Mar 2015 02:42:34 +0300 |
| parents | 42114bf12da0 |
| children | b2899e7d0ef8 |
comparison
equal
deleted
inserted
replaced
| 6034:3e847964ab55 | 6035:a84267233877 |
|---|---|
| 713 | 713 |
| 714 if (conf->prefer_server_ciphers) { | 714 if (conf->prefer_server_ciphers) { |
| 715 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 715 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
| 716 } | 716 } |
| 717 | 717 |
| 718 #ifndef LIBRESSL_VERSION_NUMBER | |
| 718 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | 719 /* a temporary 512-bit RSA key is required for export versions of MSIE */ |
| 719 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); | 720 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
| 721 #endif | |
| 720 | 722 |
| 721 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 723 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
| 722 return NGX_CONF_ERROR; | 724 return NGX_CONF_ERROR; |
| 723 } | 725 } |
| 724 | 726 |