Commit Graph

58 Commits

Author SHA1 Message Date
Maxim Dounin
bdea5b703f SSL: avoid using OpenSSL config in build directory (ticket #2404).
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself.  And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.

Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
2023-06-21 01:29:53 +03:00
Sergey Kandaurov
e8fbc96747 Merged with the default branch. 2023-03-29 11:14:25 +04:00
Maxim Dounin
dad6ec3aa6 Win32: OpenSSL compilation for x64 targets with MSVC.
To ensure proper target selection the NGX_MACHINE variable is now set
based on the MSVC compiler output, and the OpenSSL target is set based
on it.

This is not important as long as "no-asm" is used (as in misc/GNUmakefile
and win32 build instructions), but might be beneficial if someone is trying
to build OpenSSL with assembler code.
2023-02-23 18:16:08 +03:00
Roman Arutyunyan
a36ebf7e95 QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.
2023-02-22 19:16:53 +04:00
Maxim Dounin
fb0890aee6 Win32: disabled threads support in OpenSSL builds.
Threads are disabled during UNIX builds (see b329c0ab1a48), and also not
needed for Windows builds.

This used to be the default before OpenSSL 1.1.0.
2022-09-07 00:47:31 +03:00
Sergey Kandaurov
3123fac3e7 Merged with the default branch. 2022-10-20 16:41:36 +04:00
Ruslan Ermilov
f2859767d4 Configure: fixed QUIC support test.
OpenSSL library QUIC support cannot be tested at configure time when
using the --with-openssl option so assume it's present if requested.
While here, fixed the error message in case QUIC support is missing.
2021-09-27 10:10:38 +03:00
Ruslan Ermilov
8ce1c2c7e9 Configure: check for QUIC 0-RTT support at compile time. 2021-09-27 10:10:37 +03:00
Ruslan Ermilov
3321ca0c83 Configure: simplified condition. 2021-09-21 14:46:17 +03:00
Ruslan Ermilov
bd89c448b7 Removed NGX_OPENSSL_QUIC macro, NGX_QUIC is enough. 2021-09-14 12:09:13 +03:00
Ruslan Ermilov
7a45071cb6 Changed the OpenSSL QUIC support detection.
As was changed in 253cf267f95a.
2021-09-09 15:34:00 +03:00
Roman Arutyunyan
b813b9ec35 QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there
2020-07-21 23:09:22 +03:00
Sergey Kandaurov
0a11fdbb28 Compatibility with BoringSSL master branch.
Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
2020-06-01 19:53:13 +03:00
Sergey Kandaurov
1a6fc01fb8 Configure: fixed static compilation with OpenSSL 1.1.1 / BoringSSL.
See 7246:04ebf29eaf5b for details.
2020-05-01 13:02:30 +03:00
Sergey Kandaurov
b7b3aca704 Configure: unbreak with old OpenSSL, --with-http_v3_module added. 2020-04-30 15:47:43 +03:00
Sergey Kandaurov
e92cb24f40 HTTP UDP layer, QUIC support autotest. 2020-02-28 13:09:51 +03:00
Maxim Dounin
78386faf7e Configure: restored "no-threads" in OpenSSL builds.
This was previously used, but was incorrectly removed in 83d54192e97b
while removing old threads remnants.  Instead of using it conditionally
when threads are not used, we now set in unconditionally, as even with
thread pools enabled we never call OpenSSL functions in threads.

This fixes resulting binary when using --with-openssl with OpenSSL 1.1.0+
and without -lpthread linked (notably on FreeBSD without PCRE).
2018-03-22 15:56:07 +03:00
Maxim Dounin
90ca1071b7 Configure: fixed static compilation with OpenSSL 1.1.1.
OpenSSL now uses pthread_atfork(), and this requires -lpthread on Linux
to compile.  Introduced NGX_LIBPTHREAD to add it as appropriate, similar
to existing NGX_LIBDL.
2018-03-22 15:55:57 +03:00
Maxim Dounin
77471dbdbb Win32: compatiblity with OpenSSL 1.1.0.
OpenSSL 1.1.0 now uses normal "nmake; nmake install" instead of using
custom "ms\do_ms.bat" script and "ms\nt.mak" makefile.  And Configure
now requires --prefix to be absolute, and no longer derives --openssldir
from prefix (so it's specified explicitly).  Generated libraries are now
called "libcrypto.lib" and "libssl.lib" instead of "libeay32.lib"
and "ssleay32.lib".  Appropriate tests added to support both old and new
variants.

Additionally, openssl/lhash.h now triggers warning C4090 ('function' :
different 'const' qualifiers), so the warning was disabled.
2016-12-24 18:01:14 +03:00
Maxim Dounin
e6f04424af SSL: initialization changes for OpenSSL 1.1.0.
OPENSSL_config() deprecated in OpenSSL 1.1.0.  Additionally,
SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_all_algorithms()
are no longer available if OPENSSL_API_COMPAT is set to 0x10100000L.

The OPENSSL_init_ssl() function is now used instead with appropriate
arguments to trigger the same behaviour.  The configure test changed to
use SSL_CTX_set_options().

Deinitialization now happens automatically in OPENSSL_cleanup() called
via atexit(3), so we no longer call EVP_cleanup() and ENGINE_cleanup()
directly.
2016-03-31 23:38:33 +03:00
Sergey Kandaurov
fef872a9ba Configure: skip building OpenSSL documentation to conserve time.
The install_sw target first appeared in OpenSSL 0.9.7e and is documented since
OpenSSL 1.0.0 as the way to install the OpenSSL software without documentation.
2016-02-19 13:31:55 +03:00
Ruslan Ermilov
6fccc00aa8 Configure: fixed static nginx build with OpenSSL (ticket #903).
Before 7142b04337d6, it was possible to build the OpenSSL library
along with nginx, and link nginx statically with this library
(--with-openssl=DIR --with-ld-opt=-static --with-http_ssl_module).
This was broken on Linux by not adding -ldl after -lcrypto.

The fix also makes it possible to link nginx statically on Linux
with the system OpenSSL library, which never worked before.
2016-02-18 11:39:57 +03:00
Maxim Dounin
86cc342a26 Dynamic modules: dlopen() support. 2016-02-04 18:30:21 +03:00
Maxim Dounin
0d3cad3864 Configure: fixed using OpenSSL include paths. 2015-11-23 22:48:31 +03:00
Ruslan Ermilov
72125c7a22 Configure: search OpenSSL in a bunch of standard places. 2015-06-10 12:25:45 +03:00
Ruslan Ermilov
08e05a4042 Configure: removed obsolete threads bits. 2015-03-13 19:08:27 +03:00
Piotr Sikora
49282c8e9d Configure: call "make clean" for OpenSSL only if Makefile exists.
This change allows to build nginx against git checkout of OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-11-04 17:00:25 -08:00
Maxim Dounin
48d96ced6f Win32: MinGW GCC compatibility.
Several warnings silenced, notably (ngx_socket_t) -1 is now checked
on socket operations instead of -1, as ngx_socket_t is unsigned on win32
and gcc complains on comparison.

With this patch, it's now possible to compile nginx using mingw gcc,
with options we normally compile on win32.
2013-09-04 20:48:28 +04:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Igor Sysoev
59bb78b951 stop ./configure on Win32 if no library sources was specified,
the bug has been introduced in r2894
2010-07-08 15:57:36 +00:00
Igor Sysoev
db0efa8052 do not use prebuild OpenSSL Win32 libraries 2010-07-08 15:51:47 +00:00
Igor Sysoev
4a529e9aec fix building OpenSSL-1.0.0 on 64-bit Linux:
make installs the libraries in lib64 directory
2010-04-02 14:19:45 +00:00
Igor Sysoev
502252d43a MSVC8 compatibility with OpenSSL 1.0.0 2010-04-01 15:18:29 +00:00
Igor Sysoev
920c00dcb5 allow "make clean" for OpenSSL, the bug was introduced in r2874 2009-09-28 12:24:09 +00:00
Igor Sysoev
0022826d18 *) use no-threads for Unix builds only
*) style fix
2009-05-28 15:30:45 +00:00
Igor Sysoev
da85fe6d5f stop ./configure at once on library failure 2009-05-26 14:28:49 +00:00
Igor Sysoev
082ce96023 allow absolute path in --with-openssl= 2009-05-24 14:14:08 +00:00
Igor Sysoev
a7021768a7 use -ldl for any OS that needs it 2009-05-22 09:22:28 +00:00
Igor Sysoev
8407ff24ab fix building OpenSSL on Unix 2009-05-19 12:12:36 +00:00
Igor Sysoev
2d252980ed fix building OpenSSL on Win32 2009-05-14 15:46:34 +00:00
Igor Sysoev
d2af69adc6 backout r2833: CURDIR was set to Unix style path
instead, do chdir inside Makefile
2009-05-12 13:15:43 +00:00
Igor Sysoev
3d746ac4f0 use $(CURDIR) instead of "..\..\.." because the later does not allow to use
options as --with-zlib=../zlib-1.2.3.  It seems there is no common way
to learn the current directory in Win32 make's: although nmake has MAKEDIR
variable, nevertheless Borland make's MAKEDIR is the directory where make
is installed, and OpenWatcom wmake has no MAKEDIR at all.
2009-05-11 18:02:06 +00:00
Igor Sysoev
f794318d60 test whether libdl is required for dynamic linking:
Solaris 10 has dlopen()/etc. in libc
2009-05-08 09:39:53 +00:00
Igor Sysoev
890467c1c4 *) move advapi32.lib to core libs since it's required for Registry and Event Log
*) delete shell32.lib since we do not use tray icon anymore
2009-04-21 14:31:40 +00:00
Igor Sysoev
60798fbea5 OpenSSL building by MSVC and BCC from sources 2009-04-15 19:46:24 +00:00
Igor Sysoev
673382f2aa do not build OpenSSL with threads, if they are not used 2007-01-10 15:21:44 +00:00
Igor Sysoev
0ec09f9196 test PCRE in FreeBSD, Linux, and NetBSD 2006-11-27 11:07:09 +00:00
Igor Sysoev
d3283ff922 nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
784522377e nginx-0.3.2-RELEASE import
*) Feature: the Sun Studio 10 C compiler support.

    *) Feature: the "proxy_upstream_max_fails",
       "proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails", and
       "fastcgi_upstream_fail_timeout" directives.
2005-10-12 13:50:36 +00:00