diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2016-10-04 17:26:45 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2016-10-04 17:26:45 +0300 |
| commit | 3c44339bfed78c9ad3549edf2b7408c15d3ae51c (patch) | |
| tree | f6f8e6ef9b1d1a3dc3ca690b9e81415d3ccde1ec /src | |
| parent | 2c84f7af2c97a55bf138a5fcedeb164733dc9bea (diff) | |
| download | nginx-3c44339bfed78c9ad3549edf2b7408c15d3ae51c.tar.gz nginx-3c44339bfed78c9ad3549edf2b7408c15d3ae51c.zip | |
SSL: use X509_check_host() with LibreSSL.
Explicit checks for OPENSSL_VERSION_NUMBER replaced with checks
for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT, thus allowing X509_check_host()
to be used with other libraries. In particular, X509_check_host() was
introduced in LibreSSL 2.5.0.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 90a5cef85..68d02bfef 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -55,7 +55,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, HMAC_CTX *hctx, int enc); #endif -#if OPENSSL_VERSION_NUMBER < 0x10002002L +#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); #endif @@ -3092,7 +3092,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) return NGX_ERROR; } -#if OPENSSL_VERSION_NUMBER >= 0x10002002L +#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT /* X509_check_host() is only available in OpenSSL 1.0.2+ */ @@ -3209,7 +3209,7 @@ found: } -#if OPENSSL_VERSION_NUMBER < 0x10002002L +#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) |