Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5767:abd460ece11e
SSL: fix build with recent OpenSSL.
X509_check_host() prototype changed recently:
- http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ced3d91
- http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=297c67f
Bump version requirement, so that OpenSSL-1.0.2-beta1 uses fallback code.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Wed, 09 Jul 2014 12:27:15 -0700 |
parents | 4b668378ad8b |
children | 294d020bbcfe |
comparison
equal
deleted
inserted
replaced
5766:abdb027be9d5 | 5767:abd460ece11e |
---|---|
48 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 48 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
49 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 49 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
50 HMAC_CTX *hctx, int enc); | 50 HMAC_CTX *hctx, int enc); |
51 #endif | 51 #endif |
52 | 52 |
53 #if OPENSSL_VERSION_NUMBER < 0x10002001L | 53 #if OPENSSL_VERSION_NUMBER < 0x10002002L |
54 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 54 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
55 #endif | 55 #endif |
56 | 56 |
57 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 57 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
58 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 58 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
2731 cert = SSL_get_peer_certificate(c->ssl->connection); | 2731 cert = SSL_get_peer_certificate(c->ssl->connection); |
2732 if (cert == NULL) { | 2732 if (cert == NULL) { |
2733 return NGX_ERROR; | 2733 return NGX_ERROR; |
2734 } | 2734 } |
2735 | 2735 |
2736 #if OPENSSL_VERSION_NUMBER >= 0x10002001L | 2736 #if OPENSSL_VERSION_NUMBER >= 0x10002002L |
2737 | 2737 |
2738 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ | 2738 /* X509_check_host() is only available in OpenSSL 1.0.2+ */ |
2739 | 2739 |
2740 if (name->len == 0) { | 2740 if (name->len == 0) { |
2741 goto failed; | 2741 goto failed; |
2742 } | 2742 } |
2743 | 2743 |
2744 if (X509_check_host(cert, name->data, name->len, 0) != 1) { | 2744 if (X509_check_host(cert, (char *) name->data, name->len, 0, NULL) != 1) { |
2745 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2745 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2746 "X509_check_host(): no match"); | 2746 "X509_check_host(): no match"); |
2747 goto failed; | 2747 goto failed; |
2748 } | 2748 } |
2749 | 2749 |
2848 X509_free(cert); | 2848 X509_free(cert); |
2849 return NGX_OK; | 2849 return NGX_OK; |
2850 } | 2850 } |
2851 | 2851 |
2852 | 2852 |
2853 #if OPENSSL_VERSION_NUMBER < 0x10002001L | 2853 #if OPENSSL_VERSION_NUMBER < 0x10002002L |
2854 | 2854 |
2855 static ngx_int_t | 2855 static ngx_int_t |
2856 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) | 2856 ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) |
2857 { | 2857 { |
2858 u_char *s, *p, *end; | 2858 u_char *s, *p, *end; |