mirror of
https://github.com/nginx/nginx.git
synced 2024-12-12 18:29:00 +08:00
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
This commit is contained in:
parent
9db0245cda
commit
80c3e8e03b
@ -97,16 +97,12 @@ int ngx_ssl_session_cache_index;
|
||||
ngx_int_t
|
||||
ngx_ssl_init(ngx_log_t *log)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000
|
||||
OPENSSL_config(NULL);
|
||||
#endif
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
#if (NGX_SSL_ENGINE)
|
||||
ENGINE_load_builtin_engines();
|
||||
#endif
|
||||
|
||||
ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
||||
|
||||
@ -169,9 +165,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
|
||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
|
||||
|
||||
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
||||
#endif
|
||||
|
||||
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
|
||||
|
||||
@ -2205,7 +2199,6 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
|
||||
static char *
|
||||
ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
#if (NGX_SSL_ENGINE)
|
||||
ngx_openssl_conf_t *oscf = conf;
|
||||
|
||||
ENGINE *engine;
|
||||
@ -2240,23 +2233,11 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
ENGINE_free(engine);
|
||||
|
||||
return NGX_CONF_OK;
|
||||
|
||||
#else
|
||||
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"ssl_engine\" directive is available only in "
|
||||
"OpenSSL 0.9.7 and higher,");
|
||||
|
||||
return NGX_CONF_ERROR;
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_openssl_exit(ngx_cycle_t *cycle)
|
||||
{
|
||||
#if (NGX_SSL_ENGINE)
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
}
|
||||
|
@ -13,12 +13,8 @@
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/engine.h>
|
||||
#define NGX_SSL_ENGINE 1
|
||||
#endif
|
||||
|
||||
#define NGX_SSL_NAME "OpenSSL"
|
||||
|
||||
|
@ -31,15 +31,6 @@ static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
|
||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
|
||||
static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
|
||||
static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
|
||||
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
|
||||
@ -124,14 +115,10 @@ static ngx_command_t ngx_http_ssl_commands[] = {
|
||||
|
||||
{ ngx_string("ssl_prefer_server_ciphers"),
|
||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
|
||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
ngx_conf_set_flag_slot,
|
||||
NGX_HTTP_SRV_CONF_OFFSET,
|
||||
offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
|
||||
NULL },
|
||||
#else
|
||||
ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
|
||||
#endif
|
||||
|
||||
{ ngx_string("ssl_session_cache"),
|
||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
|
||||
@ -471,14 +458,10 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
|
||||
if (conf->prefer_server_ciphers) {
|
||||
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* a temporary 512-bit RSA key is required for export versions of MSIE */
|
||||
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
@ -636,18 +619,3 @@ invalid:
|
||||
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
|
||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
|
||||
static char *
|
||||
ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"%V\" directive is available only in %s,",
|
||||
&cmd->name, cmd->post);
|
||||
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -22,15 +22,6 @@ static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
|
||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
|
||||
static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
|
||||
static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_conf_enum_t ngx_http_starttls_state[] = {
|
||||
{ ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
|
||||
@ -102,14 +93,10 @@ static ngx_command_t ngx_mail_ssl_commands[] = {
|
||||
|
||||
{ ngx_string("ssl_prefer_server_ciphers"),
|
||||
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
|
||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
ngx_conf_set_flag_slot,
|
||||
NGX_MAIL_SRV_CONF_OFFSET,
|
||||
offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
|
||||
NULL },
|
||||
#else
|
||||
ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 },
|
||||
#endif
|
||||
|
||||
{ ngx_string("ssl_session_cache"),
|
||||
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12,
|
||||
@ -297,14 +284,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
||||
|
||||
if (conf->prefer_server_ciphers) {
|
||||
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
@ -492,18 +475,3 @@ invalid:
|
||||
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
|
||||
#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
|
||||
static char *
|
||||
ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"%V\" directive is available only in %s,",
|
||||
&cmd->name, cmd->post);
|
||||
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user