mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-04 22:09:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

delete OpenSSL pre-0.9.7 compatibility: the sources were not actually

Browse Source 
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
This commit is contained in:
Igor Sysoev 2009-07-23 12:54:20 +00:00
parent 9db0245cda
commit 80c3e8e03b
4 changed files with 0 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/event/ngx_event_openssl.c
View File

@ -97,16 +97,12 @@ int ngx_ssl_session_cache_index;
ngx_int_t ngx_int_t
ngx_ssl_init(ngx_log_t *log) ngx_ssl_init(ngx_log_t *log)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x00907000
OPENSSL_config(NULL); OPENSSL_config(NULL);
#endif
SSL_library_init(); SSL_library_init();
SSL_load_error_strings(); SSL_load_error_strings();
#if (NGX_SSL_ENGINE)
ENGINE_load_builtin_engines(); ENGINE_load_builtin_engines();
#endif
ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
@ -169,9 +165,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
#endif
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
@ -2205,7 +2199,6 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
static char * static char *
ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{ {
#if (NGX_SSL_ENGINE)
ngx_openssl_conf_t *oscf = conf; ngx_openssl_conf_t *oscf = conf;
ENGINE *engine; ENGINE *engine;
@ -2240,23 +2233,11 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ENGINE_free(engine); ENGINE_free(engine);
return NGX_CONF_OK; return NGX_CONF_OK;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"ssl_engine\" directive is available only in "
"OpenSSL 0.9.7 and higher,");
return NGX_CONF_ERROR;
#endif
} }
static void static void
ngx_openssl_exit(ngx_cycle_t *cycle) ngx_openssl_exit(ngx_cycle_t *cycle)
{ {
#if (NGX_SSL_ENGINE)
ENGINE_cleanup(); ENGINE_cleanup();
#endif
} }

4
src/event/ngx_event_openssl.h
View File

@ -13,12 +13,8 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#if OPENSSL_VERSION_NUMBER >= 0x00907000
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/engine.h> #include <openssl/engine.h>
#define NGX_SSL_ENGINE 1
#endif
#define NGX_SSL_NAME "OpenSSL" #define NGX_SSL_NAME "OpenSSL"

32
src/http/modules/ngx_http_ssl_module.c
View File

@ -31,15 +31,6 @@ static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf); void *conf);
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
#endif
static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 }, { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
@ -124,14 +115,10 @@ static ngx_command_t ngx_http_ssl_commands[] = {
{ ngx_string("ssl_prefer_server_ciphers"), { ngx_string("ssl_prefer_server_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
ngx_conf_set_flag_slot, ngx_conf_set_flag_slot,
NGX_HTTP_SRV_CONF_OFFSET, NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
NULL }, NULL },
#else
ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
#endif
{ ngx_string("ssl_session_cache"), { ngx_string("ssl_session_cache"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
@ -471,14 +458,10 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
} }
} }
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
if (conf->prefer_server_ciphers) { if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
} }
#endif
/* a temporary 512-bit RSA key is required for export versions of MSIE */ /* a temporary 512-bit RSA key is required for export versions of MSIE */
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
@ -636,18 +619,3 @@ invalid:
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
static char *
ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"%V\" directive is available only in %s,",
&cmd->name, cmd->post);
return NGX_CONF_ERROR;
}
#endif

32
src/mail/ngx_mail_ssl_module.c
View File

@ -22,15 +22,6 @@ static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf); void *conf);
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
#endif
static ngx_conf_enum_t ngx_http_starttls_state[] = { static ngx_conf_enum_t ngx_http_starttls_state[] = {
{ ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
@ -102,14 +93,10 @@ static ngx_command_t ngx_mail_ssl_commands[] = {
{ ngx_string("ssl_prefer_server_ciphers"), { ngx_string("ssl_prefer_server_ciphers"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
ngx_conf_set_flag_slot, ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET, NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
NULL }, NULL },
#else
ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 },
#endif
{ ngx_string("ssl_session_cache"), { ngx_string("ssl_session_cache"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12,
@ -297,14 +284,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
} }
} }
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
if (conf->prefer_server_ciphers) { if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
} }
#endif
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
@ -492,18 +475,3 @@ invalid:
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
static char *
ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"%V\" directive is available only in %s,",
&cmd->name, cmd->post);
return NGX_CONF_ERROR;
}
#endif