mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-24 21:59:06 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: use X509_check_host() with LibreSSL.

Browse Source 
Explicit checks for OPENSSL_VERSION_NUMBER replaced with checks
for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT, thus allowing X509_check_host()
to be used with other libraries.  In particular, X509_check_host() was
introduced in LibreSSL 2.5.0.
This commit is contained in:
Maxim Dounin 2016-10-04 17:26:45 +03:00
parent 2c84f7af2c
commit 3c44339bfe
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/event/ngx_event_openssl.c
View File

@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
HMAC_CTX *hctx, int enc);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10002002L
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
#endif
@ -3092,7 +3092,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name)
return NGX_ERROR;
}
#if OPENSSL_VERSION_NUMBER >= 0x10002002L
#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
/* X509_check_host() is only available in OpenSSL 1.0.2+ */
@ -3209,7 +3209,7 @@ found:
}
#if OPENSSL_VERSION_NUMBER < 0x10002002L
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
static ngx_int_t
ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern)