Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 5767:abd460ece11e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: fix build with recent OpenSSL. X509_check_host() prototype changed recently: - http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ced3d91 - http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=297c67f Bump version requirement, so that OpenSSL-1.0.2-beta1 uses fallback code. Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author Piotr Sikora <piotr@cloudflare.com>
date Wed, 09 Jul 2014 12:27:15 -0700
parents 4b668378ad8b
children 294d020bbcfe
comparison
equal deleted inserted replaced
5766:abdb027be9d5 5767:abd460ece11e
48 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, 48 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
49 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, 49 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
50 HMAC_CTX *hctx, int enc); 50 HMAC_CTX *hctx, int enc);
51 #endif 51 #endif
52 52
53 #if OPENSSL_VERSION_NUMBER < 0x10002001L 53 #if OPENSSL_VERSION_NUMBER < 0x10002002L
54 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); 54 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
55 #endif 55 #endif
56 56
57 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); 57 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
58 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); 58 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
2731 cert = SSL_get_peer_certificate(c->ssl->connection); 2731 cert = SSL_get_peer_certificate(c->ssl->connection);
2732 if (cert == NULL) { 2732 if (cert == NULL) {
2733 return NGX_ERROR; 2733 return NGX_ERROR;
2734 } 2734 }
2735 2735
2736 #if OPENSSL_VERSION_NUMBER >= 0x10002001L 2736 #if OPENSSL_VERSION_NUMBER >= 0x10002002L
2737 2737
2738 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ 2738 /* X509_check_host() is only available in OpenSSL 1.0.2+ */
2739 2739
2740 if (name->len == 0) { 2740 if (name->len == 0) {
2741 goto failed; 2741 goto failed;
2742 } 2742 }
2743 2743
2744 if (X509_check_host(cert, name->data, name->len, 0) != 1) { 2744 if (X509_check_host(cert, (char *) name->data, name->len, 0, NULL) != 1) {
2745 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, 2745 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
2746 "X509_check_host(): no match"); 2746 "X509_check_host(): no match");
2747 goto failed; 2747 goto failed;
2748 } 2748 }
2749 2749
2848 X509_free(cert); 2848 X509_free(cert);
2849 return NGX_OK; 2849 return NGX_OK;
2850 } 2850 }
2851 2851
2852 2852
2853 #if OPENSSL_VERSION_NUMBER < 0x10002001L 2853 #if OPENSSL_VERSION_NUMBER < 0x10002002L
2854 2854
2855 static ngx_int_t 2855 static ngx_int_t
2856 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) 2856 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
2857 { 2857 {
2858 u_char *s, *p, *end; 2858 u_char *s, *p, *end;