details: http://hg.nginx.org/nginx/rev/9b9ae81cd4f0
branches:
changeset: 6725:9b9ae81cd4f0
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue Oct 04 17:26:45 2016 +0300
description:
SSL: use X509_check_host() with LibreSSL.

Explicit checks for OPENSSL_VERSION_NUMBER replaced with checks
for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT, thus allowing X509_check_host()
to be used with other libraries. In particular, X509_check_host() was
introduced in LibreSSL 2.5.0.

diffstat:

src/event/ngx_event_openssl.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)

diffs (30 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_ca
HMAC_CTX *hctx, int enc);
#endif

-#if OPENSSL_VERSION_NUMBER < 0x10002002L
+#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif

@@ -3092,7 +3092,7 @@ ngx_ssl_check_host(ngx_connection_t *c,
return NGX_ERROR;
}

-#if OPENSSL_VERSION_NUMBER >= 0x10002002L
+#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT

/* X509_check_host() is only available in OpenSSL 1.0.2+ */

@@ -3209,7 +3209,7 @@ found:
}


-#if OPENSSL_VERSION_NUMBER < 0x10002002L
+#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT

static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel