Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6255:b40af2fd1c16
SSL: compatibility with OpenSSL master branch.
RAND_pseudo_bytes() is deprecated in the OpenSSL master branch, so the only
use was changed to RAND_bytes(). Access to internal structures is no longer
possible, so now we don't try to set SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS even
if it's defined.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 24 Sep 2015 17:19:08 +0300 |
| parents | 4e3f87c02cb4 |
| children | 2f34ea503ac4 |
comparison
equal
deleted
inserted
replaced
| 6254:74ec27cb67c1 | 6255:b40af2fd1c16 |
|---|---|
| 1156 c->recv = ngx_ssl_recv; | 1156 c->recv = ngx_ssl_recv; |
| 1157 c->send = ngx_ssl_write; | 1157 c->send = ngx_ssl_write; |
| 1158 c->recv_chain = ngx_ssl_recv_chain; | 1158 c->recv_chain = ngx_ssl_recv_chain; |
| 1159 c->send_chain = ngx_ssl_send_chain; | 1159 c->send_chain = ngx_ssl_send_chain; |
| 1160 | 1160 |
| 1161 #if OPENSSL_VERSION_NUMBER < 0x10100000L | |
| 1161 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | 1162 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
| 1162 | 1163 |
| 1163 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1164 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
| 1164 if (c->ssl->connection->s3) { | 1165 if (c->ssl->connection->s3) { |
| 1165 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; | 1166 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; |
| 1166 } | 1167 } |
| 1167 | 1168 |
| 1169 #endif | |
| 1168 #endif | 1170 #endif |
| 1169 | 1171 |
| 1170 return NGX_OK; | 1172 return NGX_OK; |
| 1171 } | 1173 } |
| 1172 | 1174 |
| 2859 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2861 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 2860 "ssl session ticket encrypt, key: \"%*s\" (%s session)", | 2862 "ssl session ticket encrypt, key: \"%*s\" (%s session)", |
| 2861 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, | 2863 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, |
| 2862 SSL_session_reused(ssl_conn) ? "reused" : "new"); | 2864 SSL_session_reused(ssl_conn) ? "reused" : "new"); |
| 2863 | 2865 |
| 2864 RAND_pseudo_bytes(iv, 16); | 2866 RAND_bytes(iv, 16); |
| 2865 EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); | 2867 EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); |
| 2866 HMAC_Init_ex(hctx, key[0].hmac_key, 16, | 2868 HMAC_Init_ex(hctx, key[0].hmac_key, 16, |
| 2867 ngx_ssl_session_ticket_md(), NULL); | 2869 ngx_ssl_session_ticket_md(), NULL); |
| 2868 ngx_memcpy(name, key[0].name, 16); | 2870 ngx_memcpy(name, key[0].name, 16); |
| 2869 | 2871 |