Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: reasonable version for LibreSSL.

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
March 31, 2016 07:58PM
details: http://hg.nginx.org/nginx/rev/382fc7069e3a
branches:
changeset: 6485:382fc7069e3a
user: Maxim Dounin <mdounin@mdounin.ru>
date: Thu Mar 31 23:38:29 2016 +0300
description:
SSL: reasonable version for LibreSSL.

LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but uses an old
API derived from OpenSSL at the time LibreSSL forked. As a result, every
version check we use to test for new API elements in newer OpenSSL versions
requires an explicit check for LibreSSL.

To reduce clutter, redefine OPENSSL_VERSION_NUMBER to 0x1000107fL if
LibreSSL is used. The same is done by FreeBSD port of LibreSSL.

diffstat:

src/event/ngx_event_openssl.c | 6 +++---
src/event/ngx_event_openssl.h | 6 ++++++
2 files changed, 9 insertions(+), 3 deletions(-)

diffs (46 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -52,7 +52,7 @@ static int ngx_ssl_session_ticket_key_ca
HMAC_CTX *hctx, int enc);
#endif

-#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10002002L
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif

@@ -2944,7 +2944,7 @@ ngx_ssl_check_host(ngx_connection_t *c,
return NGX_ERROR;
}

-#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10002002L

/* X509_check_host() is only available in OpenSSL 1.0.2+ */

@@ -3061,7 +3061,7 @@ found:
}


-#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10002002L

static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -33,6 +33,12 @@
#define NGX_SSL_NAME "OpenSSL"


+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif
+
+
#define ngx_ssl_session_t SSL_SESSION
#define ngx_ssl_conn_t SSL


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] SSL: reasonable version for LibreSSL.

Maxim Dounin 801 March 31, 2016 07:58PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

toft6633
Guests: 239
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready