Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6255:b40af2fd1c16
SSL: compatibility with OpenSSL master branch.
RAND_pseudo_bytes() is deprecated in the OpenSSL master branch, so the only
use was changed to RAND_bytes(). Access to internal structures is no longer
possible, so now we don't try to set SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS even
if it's defined.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 24 Sep 2015 17:19:08 +0300 |
parents | 4e3f87c02cb4 |
children | 2f34ea503ac4 |
comparison
equal
deleted
inserted
replaced
6254:74ec27cb67c1 | 6255:b40af2fd1c16 |
---|---|
1156 c->recv = ngx_ssl_recv; | 1156 c->recv = ngx_ssl_recv; |
1157 c->send = ngx_ssl_write; | 1157 c->send = ngx_ssl_write; |
1158 c->recv_chain = ngx_ssl_recv_chain; | 1158 c->recv_chain = ngx_ssl_recv_chain; |
1159 c->send_chain = ngx_ssl_send_chain; | 1159 c->send_chain = ngx_ssl_send_chain; |
1160 | 1160 |
1161 #if OPENSSL_VERSION_NUMBER < 0x10100000L | |
1161 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | 1162 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
1162 | 1163 |
1163 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1164 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
1164 if (c->ssl->connection->s3) { | 1165 if (c->ssl->connection->s3) { |
1165 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; | 1166 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; |
1166 } | 1167 } |
1167 | 1168 |
1169 #endif | |
1168 #endif | 1170 #endif |
1169 | 1171 |
1170 return NGX_OK; | 1172 return NGX_OK; |
1171 } | 1173 } |
1172 | 1174 |
2859 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2861 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2860 "ssl session ticket encrypt, key: \"%*s\" (%s session)", | 2862 "ssl session ticket encrypt, key: \"%*s\" (%s session)", |
2861 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, | 2863 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, |
2862 SSL_session_reused(ssl_conn) ? "reused" : "new"); | 2864 SSL_session_reused(ssl_conn) ? "reused" : "new"); |
2863 | 2865 |
2864 RAND_pseudo_bytes(iv, 16); | 2866 RAND_bytes(iv, 16); |
2865 EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); | 2867 EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); |
2866 HMAC_Init_ex(hctx, key[0].hmac_key, 16, | 2868 HMAC_Init_ex(hctx, key[0].hmac_key, 16, |
2867 ngx_ssl_session_ticket_md(), NULL); | 2869 ngx_ssl_session_ticket_md(), NULL); |
2868 ngx_memcpy(name, key[0].name, 16); | 2870 ngx_memcpy(name, key[0].name, 16); |
2869 | 2871 |