SSL: compatibility with OpenSSL master branch.

author Maxim Dounin <mdounin@mdounin.ru>

Thu, 24 Sep 2015 14:19:08 +0000 (17:19 +0300)

committer Maxim Dounin <mdounin@mdounin.ru>

Thu, 24 Sep 2015 14:19:08 +0000 (17:19 +0300)
author Maxim Dounin <mdounin@mdounin.ru>
Thu, 24 Sep 2015 14:19:08 +0000 (17:19 +0300)
committer Maxim Dounin <mdounin@mdounin.ru>
Thu, 24 Sep 2015 14:19:08 +0000 (17:19 +0300)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index 1b789e687f4931ee813f6f8d919fa471cca1a8e3..e9edf314fe53043035467e3efa2473c38452f73b 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1158,6 +1158,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
          c->recv_chain = ngx_ssl_recv_chain;
          c->send_chain = ngx_ssl_send_chain;
  
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
  #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
  
          /* initial handshake done, disable renegotiation (CVE-2009-3555) */
@@ -1165,6 +1166,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
              c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
          }
  
+#endif
  #endif
  
          return NGX_OK;
@@ -2861,7 +2863,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
                         ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
                         SSL_session_reused(ssl_conn) ? "reused" : "new");
  
-        RAND_pseudo_bytes(iv, 16);
+        RAND_bytes(iv, 16);
          EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv);
          HMAC_Init_ex(hctx, key[0].hmac_key, 16,
                       ngx_ssl_session_ticket_md(), NULL);
author	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 24 Sep 2015 14:19:08 +0000 (17:19 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 24 Sep 2015 14:19:08 +0000 (17:19 +0300)