# HG changeset patch # User Maxim Dounin # Date 1443104348 -10800 # Node ID b40af2fd1c1665bc79bd6c50233dd6c834f60b6b # Parent 74ec27cb67c1b08363340c66f2704a048ffa2aa8 SSL: compatibility with OpenSSL master branch. RAND_pseudo_bytes() is deprecated in the OpenSSL master branch, so the only use was changed to RAND_bytes(). Access to internal structures is no longer possible, so now we don't try to set SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS even if it's defined. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1158,6 +1158,7 @@ ngx_ssl_handshake(ngx_connection_t *c) c->recv_chain = ngx_ssl_recv_chain; c->send_chain = ngx_ssl_send_chain; +#if OPENSSL_VERSION_NUMBER < 0x10100000L #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS /* initial handshake done, disable renegotiation (CVE-2009-3555) */ @@ -1166,6 +1167,7 @@ ngx_ssl_handshake(ngx_connection_t *c) } #endif +#endif return NGX_OK; } @@ -2861,7 +2863,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ ngx_hex_dump(buf, key[0].name, 16) - buf, buf, SSL_session_reused(ssl_conn) ? "reused" : "new"); - RAND_pseudo_bytes(iv, 16); + RAND_bytes(iv, 16); EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); HMAC_Init_ex(hctx, key[0].hmac_key, 16, ngx_ssl_session_ticket_md(), NULL);