mirror of
https://github.com/nginx/nginx.git
synced 2024-12-05 06:19:01 +08:00
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
This commit is contained in:
parent
9db0245cda
commit
80c3e8e03b
@ -97,16 +97,12 @@ int ngx_ssl_session_cache_index;
|
|||||||
ngx_int_t
|
ngx_int_t
|
||||||
ngx_ssl_init(ngx_log_t *log)
|
ngx_ssl_init(ngx_log_t *log)
|
||||||
{
|
{
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000
|
|
||||||
OPENSSL_config(NULL);
|
OPENSSL_config(NULL);
|
||||||
#endif
|
|
||||||
|
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
|
|
||||||
#if (NGX_SSL_ENGINE)
|
|
||||||
ENGINE_load_builtin_engines();
|
ENGINE_load_builtin_engines();
|
||||||
#endif
|
|
||||||
|
|
||||||
ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
||||||
|
|
||||||
@ -169,9 +165,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
|||||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
|
||||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
|
||||||
|
|
||||||
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
|
||||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
||||||
#endif
|
|
||||||
|
|
||||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
|
||||||
|
|
||||||
@ -2205,7 +2199,6 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
|
|||||||
static char *
|
static char *
|
||||||
ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||||
{
|
{
|
||||||
#if (NGX_SSL_ENGINE)
|
|
||||||
ngx_openssl_conf_t *oscf = conf;
|
ngx_openssl_conf_t *oscf = conf;
|
||||||
|
|
||||||
ENGINE *engine;
|
ENGINE *engine;
|
||||||
@ -2240,23 +2233,11 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|||||||
ENGINE_free(engine);
|
ENGINE_free(engine);
|
||||||
|
|
||||||
return NGX_CONF_OK;
|
return NGX_CONF_OK;
|
||||||
|
|
||||||
#else
|
|
||||||
|
|
||||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
||||||
"\"ssl_engine\" directive is available only in "
|
|
||||||
"OpenSSL 0.9.7 and higher,");
|
|
||||||
|
|
||||||
return NGX_CONF_ERROR;
|
|
||||||
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ngx_openssl_exit(ngx_cycle_t *cycle)
|
ngx_openssl_exit(ngx_cycle_t *cycle)
|
||||||
{
|
{
|
||||||
#if (NGX_SSL_ENGINE)
|
|
||||||
ENGINE_cleanup();
|
ENGINE_cleanup();
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
@ -13,12 +13,8 @@
|
|||||||
|
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000
|
|
||||||
#include <openssl/conf.h>
|
#include <openssl/conf.h>
|
||||||
#include <openssl/engine.h>
|
#include <openssl/engine.h>
|
||||||
#define NGX_SSL_ENGINE 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define NGX_SSL_NAME "OpenSSL"
|
#define NGX_SSL_NAME "OpenSSL"
|
||||||
|
|
||||||
|
@ -31,15 +31,6 @@ static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
|
|||||||
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||||
void *conf);
|
void *conf);
|
||||||
|
|
||||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
|
||||||
|
|
||||||
static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
|
|
||||||
void *conf);
|
|
||||||
|
|
||||||
static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
|
static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
|
||||||
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
|
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
|
||||||
@ -124,14 +115,10 @@ static ngx_command_t ngx_http_ssl_commands[] = {
|
|||||||
|
|
||||||
{ ngx_string("ssl_prefer_server_ciphers"),
|
{ ngx_string("ssl_prefer_server_ciphers"),
|
||||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
|
||||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
ngx_conf_set_flag_slot,
|
ngx_conf_set_flag_slot,
|
||||||
NGX_HTTP_SRV_CONF_OFFSET,
|
NGX_HTTP_SRV_CONF_OFFSET,
|
||||||
offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
|
offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
|
||||||
NULL },
|
NULL },
|
||||||
#else
|
|
||||||
ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
|
|
||||||
#endif
|
|
||||||
|
|
||||||
{ ngx_string("ssl_session_cache"),
|
{ ngx_string("ssl_session_cache"),
|
||||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
|
||||||
@ -471,14 +458,10 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
|
|
||||||
if (conf->prefer_server_ciphers) {
|
if (conf->prefer_server_ciphers) {
|
||||||
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* a temporary 512-bit RSA key is required for export versions of MSIE */
|
/* a temporary 512-bit RSA key is required for export versions of MSIE */
|
||||||
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
|
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
|
||||||
return NGX_CONF_ERROR;
|
return NGX_CONF_ERROR;
|
||||||
@ -636,18 +619,3 @@ invalid:
|
|||||||
|
|
||||||
return NGX_CONF_ERROR;
|
return NGX_CONF_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
|
||||||
|
|
||||||
static char *
|
|
||||||
ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
||||||
{
|
|
||||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
||||||
"\"%V\" directive is available only in %s,",
|
|
||||||
&cmd->name, cmd->post);
|
|
||||||
|
|
||||||
return NGX_CONF_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
@ -22,15 +22,6 @@ static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
|
|||||||
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||||
void *conf);
|
void *conf);
|
||||||
|
|
||||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
|
||||||
|
|
||||||
static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
|
|
||||||
void *conf);
|
|
||||||
|
|
||||||
static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
static ngx_conf_enum_t ngx_http_starttls_state[] = {
|
static ngx_conf_enum_t ngx_http_starttls_state[] = {
|
||||||
{ ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
|
{ ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
|
||||||
@ -102,14 +93,10 @@ static ngx_command_t ngx_mail_ssl_commands[] = {
|
|||||||
|
|
||||||
{ ngx_string("ssl_prefer_server_ciphers"),
|
{ ngx_string("ssl_prefer_server_ciphers"),
|
||||||
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
|
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
|
||||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
ngx_conf_set_flag_slot,
|
ngx_conf_set_flag_slot,
|
||||||
NGX_MAIL_SRV_CONF_OFFSET,
|
NGX_MAIL_SRV_CONF_OFFSET,
|
||||||
offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
|
offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
|
||||||
NULL },
|
NULL },
|
||||||
#else
|
|
||||||
ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 },
|
|
||||||
#endif
|
|
||||||
|
|
||||||
{ ngx_string("ssl_session_cache"),
|
{ ngx_string("ssl_session_cache"),
|
||||||
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12,
|
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12,
|
||||||
@ -297,14 +284,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
|
|
||||||
if (conf->prefer_server_ciphers) {
|
if (conf->prefer_server_ciphers) {
|
||||||
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
|
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
|
||||||
return NGX_CONF_ERROR;
|
return NGX_CONF_ERROR;
|
||||||
}
|
}
|
||||||
@ -492,18 +475,3 @@ invalid:
|
|||||||
|
|
||||||
return NGX_CONF_ERROR;
|
return NGX_CONF_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
|
||||||
|
|
||||||
static char *
|
|
||||||
ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
||||||
{
|
|
||||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
|
||||||
"\"%V\" directive is available only in %s,",
|
|
||||||
&cmd->name, cmd->post);
|
|
||||||
|
|
||||||
return NGX_CONF_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
Loading…
Reference in New Issue
Block a user