Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 2996:d6285ff81d35
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 23 Jul 2009 12:54:20 +0000 |
parents | cc07d164f0dc |
children | 82451bc26405 |
comparison
equal
deleted
inserted
replaced
2995:cc07d164f0dc | 2996:d6285ff81d35 |
---|---|
95 | 95 |
96 | 96 |
97 ngx_int_t | 97 ngx_int_t |
98 ngx_ssl_init(ngx_log_t *log) | 98 ngx_ssl_init(ngx_log_t *log) |
99 { | 99 { |
100 #if OPENSSL_VERSION_NUMBER >= 0x00907000 | |
101 OPENSSL_config(NULL); | 100 OPENSSL_config(NULL); |
102 #endif | |
103 | 101 |
104 SSL_library_init(); | 102 SSL_library_init(); |
105 SSL_load_error_strings(); | 103 SSL_load_error_strings(); |
106 | 104 |
107 #if (NGX_SSL_ENGINE) | |
108 ENGINE_load_builtin_engines(); | 105 ENGINE_load_builtin_engines(); |
109 #endif | |
110 | 106 |
111 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 107 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
112 | 108 |
113 if (ngx_ssl_connection_index == -1) { | 109 if (ngx_ssl_connection_index == -1) { |
114 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); | 110 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); |
167 | 163 |
168 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | 164 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); |
169 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | 165 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); |
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | 166 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); |
171 | 167 |
172 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | |
173 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | 168 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); |
174 #endif | |
175 | 169 |
176 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); | 170 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); |
177 | 171 |
178 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 172 if (ngx_ssl_protocols[protocols >> 1] != 0) { |
179 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 173 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); |
2203 | 2197 |
2204 | 2198 |
2205 static char * | 2199 static char * |
2206 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 2200 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
2207 { | 2201 { |
2208 #if (NGX_SSL_ENGINE) | |
2209 ngx_openssl_conf_t *oscf = conf; | 2202 ngx_openssl_conf_t *oscf = conf; |
2210 | 2203 |
2211 ENGINE *engine; | 2204 ENGINE *engine; |
2212 ngx_str_t *value; | 2205 ngx_str_t *value; |
2213 | 2206 |
2238 } | 2231 } |
2239 | 2232 |
2240 ENGINE_free(engine); | 2233 ENGINE_free(engine); |
2241 | 2234 |
2242 return NGX_CONF_OK; | 2235 return NGX_CONF_OK; |
2243 | |
2244 #else | |
2245 | |
2246 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
2247 "\"ssl_engine\" directive is available only in " | |
2248 "OpenSSL 0.9.7 and higher,"); | |
2249 | |
2250 return NGX_CONF_ERROR; | |
2251 | |
2252 #endif | |
2253 } | 2236 } |
2254 | 2237 |
2255 | 2238 |
2256 static void | 2239 static void |
2257 ngx_openssl_exit(ngx_cycle_t *cycle) | 2240 ngx_openssl_exit(ngx_cycle_t *cycle) |
2258 { | 2241 { |
2259 #if (NGX_SSL_ENGINE) | |
2260 ENGINE_cleanup(); | 2242 ENGINE_cleanup(); |
2261 #endif | 2243 } |
2262 } |