details: https://hg.nginx.org/nginx/rev/ee40e2b1d083
branches:
changeset: 9200:ee40e2b1d083
user: Sergey Kandaurov <pluknet@nginx.com>
date: Mon Dec 25 21:15:48 2023 +0400
description:
SSL: reasonable version for LibreSSL adjusted.

OPENSSL_VERSION_NUMBER is now redefined to 0x1010000fL for LibreSSL 3.5.0
and above. Building with older LibreSSL versions, such as 2.8.0, may now
produce warnings (see cab37803ebb3) and may require appropriate compiler
options to suppress them.

Notably, this allows to start using SSL_get0_verified_chain() appeared
in OpenSSL 1.1.0 and LibreSSL 3.5.0, without additional macro tests.

Prodded by Ilya Shipitsin.

diffstat:

src/event/ngx_event_openssl.h | 2 +-
src/event/ngx_event_openssl_stapling.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diffs (24 lines):

diff -r 875cd36b8617 -r ee40e2b1d083 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Mon Dec 25 21:15:47 2023 +0400
+++ b/src/event/ngx_event_openssl.h Mon Dec 25 21:15:48 2023 +0400
@@ -45,7 +45,7 @@

#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
#undef OPENSSL_VERSION_NUMBER
-#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+#if (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
#define OPENSSL_VERSION_NUMBER 0x1010000fL
#else
#define OPENSSL_VERSION_NUMBER 0x1000107fL
diff -r 875cd36b8617 -r ee40e2b1d083 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c Mon Dec 25 21:15:47 2023 +0400
+++ b/src/event/ngx_event_openssl_stapling.c Mon Dec 25 21:15:48 2023 +0400
@@ -893,7 +893,7 @@ ngx_ssl_ocsp_validate(ngx_connection_t *
ocsp->cert_status = V_OCSP_CERTSTATUS_GOOD;
ocsp->conf = ocf;

-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L

ocsp->certs = SSL_get0_verified_chain(c->ssl->connection);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel