Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 2996:d6285ff81d35

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
author Igor Sysoev <igor@sysoev.ru>
date Thu, 23 Jul 2009 12:54:20 +0000
parents cc07d164f0dc
children 82451bc26405
comparison
equal deleted inserted replaced
2995:cc07d164f0dc 2996:d6285ff81d35
95 95
96 96
97 ngx_int_t 97 ngx_int_t
98 ngx_ssl_init(ngx_log_t *log) 98 ngx_ssl_init(ngx_log_t *log)
99 { 99 {
100 #if OPENSSL_VERSION_NUMBER >= 0x00907000
101 OPENSSL_config(NULL); 100 OPENSSL_config(NULL);
102 #endif
103 101
104 SSL_library_init(); 102 SSL_library_init();
105 SSL_load_error_strings(); 103 SSL_load_error_strings();
106 104
107 #if (NGX_SSL_ENGINE)
108 ENGINE_load_builtin_engines(); 105 ENGINE_load_builtin_engines();
109 #endif
110 106
111 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); 107 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
112 108
113 if (ngx_ssl_connection_index == -1) { 109 if (ngx_ssl_connection_index == -1) {
114 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); 110 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");
167 163
168 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); 164 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
169 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); 165 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); 166 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
171 167
172 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
173 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 168 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
174 #endif
175 169
176 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); 170 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
177 171
178 if (ngx_ssl_protocols[protocols >> 1] != 0) { 172 if (ngx_ssl_protocols[protocols >> 1] != 0) {
179 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); 173 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
2203 2197
2204 2198
2205 static char * 2199 static char *
2206 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) 2200 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
2207 { 2201 {
2208 #if (NGX_SSL_ENGINE)
2209 ngx_openssl_conf_t *oscf = conf; 2202 ngx_openssl_conf_t *oscf = conf;
2210 2203
2211 ENGINE *engine; 2204 ENGINE *engine;
2212 ngx_str_t *value; 2205 ngx_str_t *value;
2213 2206
2238 } 2231 }
2239 2232
2240 ENGINE_free(engine); 2233 ENGINE_free(engine);
2241 2234
2242 return NGX_CONF_OK; 2235 return NGX_CONF_OK;
2243
2244 #else
2245
2246 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
2247 "\"ssl_engine\" directive is available only in "
2248 "OpenSSL 0.9.7 and higher,");
2249
2250 return NGX_CONF_ERROR;
2251
2252 #endif
2253 } 2236 }
2254 2237
2255 2238
2256 static void 2239 static void
2257 ngx_openssl_exit(ngx_cycle_t *cycle) 2240 ngx_openssl_exit(ngx_cycle_t *cycle)
2258 { 2241 {
2259 #if (NGX_SSL_ENGINE)
2260 ENGINE_cleanup(); 2242 ENGINE_cleanup();
2261 #endif 2243 }
2262 }