diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2015-03-23 02:42:34 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2015-03-23 02:42:34 +0300 |
| commit | a20c6d202edea3f56f90c9c4c75439e6d834623b (patch) | |
| tree | a16b83d39ff8d8be62237c195f272b47e7a509e5 /src/mail/ngx_mail_ssl_module.c | |
| parent | b0d8ff55a1560f4f373319075cd452992de8c74b (diff) | |
| download | nginx-a20c6d202edea3f56f90c9c4c75439e6d834623b.tar.gz nginx-a20c6d202edea3f56f90c9c4c75439e6d834623b.zip | |
SSL: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL.
LibreSSL removed support for export ciphers and a call to
SSL_CTX_set_tmp_rsa_callback() results in an error left in the error
queue. This caused alerts "ignoring stale global SSL error (...called
a function you should not call) while SSL handshaking" on a first connection
in each worker process.
Diffstat (limited to 'src/mail/ngx_mail_ssl_module.c')
| -rw-r--r-- | src/mail/ngx_mail_ssl_module.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c index 7dc642a6c..e1efb61d6 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -421,7 +421,9 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); } +#ifndef LIBRESSL_VERSION_NUMBER SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); +#endif if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { return NGX_CONF_ERROR; |