From 0dcfca0301d05b3d5d973c5bdcd24acd14bd2a35 Mon Sep 17 00:00:00 2001 From: Piotr Sikora Date: Wed, 30 Jul 2014 04:32:15 -0700 Subject: [PATCH] SSL: let it build against BoringSSL. This change adds support for using BoringSSL as a drop-in replacement for OpenSSL without adding support for any of the BoringSSL-specific features. Signed-off-by: Piotr Sikora --- src/event/ngx_event_openssl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 91c752c71..7ee77754b 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -106,7 +106,9 @@ int ngx_ssl_stapling_index; ngx_int_t ngx_ssl_init(ngx_log_t *log) { +#ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); +#endif SSL_library_init(); SSL_load_error_strings(); @@ -217,7 +219,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); #endif +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); +#endif + SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); @@ -382,8 +387,13 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, if (--tries) { n = ERR_peek_error(); +#ifdef OPENSSL_IS_BORINGSSL + if (ERR_GET_LIB(n) == ERR_LIB_CIPHER + && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) +#else if (ERR_GET_LIB(n) == ERR_LIB_EVP && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) +#endif { ERR_clear_error(); SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);