SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.

This is really just a prerequisite for building against BoringSSL,
which doesn't provide either of those features.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index d037f136702cdbda46366adf8bf5b91ed2c8ad9f..91c752c719fec91e3dcbabfe585937bd4c88058c 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3279,6 +3279,8 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
 static char *
 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
+#ifndef OPENSSL_NO_ENGINE
+
     ngx_openssl_conf_t *oscf = conf;
 
     ENGINE     *engine;
@@ -3313,6 +3315,12 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     ENGINE_free(engine);
 
     return NGX_CONF_OK;
+
+#else
+
+    return "is not supported";
+
+#endif
 }
 
 
@@ -3320,5 +3328,7 @@ static void
 ngx_openssl_exit(ngx_cycle_t *cycle)
 {
     EVP_cleanup();
+#ifndef OPENSSL_NO_ENGINE
     ENGINE_cleanup();
+#endif
 }

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 174c8651dedf5da3ff72aac0d9ba1259b5ef14d2..408694035193effdb09883da33536088c94ecf85 100644 (file)
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -18,9 +18,13 @@
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_OCSP
 #include <openssl/ocsp.h>
+#endif
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/x509.h>

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index 69340b37b02c244b8f188dfe66912e912e34aac8..2fa0673093ea476e1834eda53d07f6fd96751d03 100644 (file)
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -11,7 +11,7 @@
 #include <ngx_event_connect.h>
 
 
-#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+#if (!defined OPENSSL_NO_OCSP && defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB)
 
 
 typedef struct {