nginx

changeset 5378:a73678f5f96f

SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING. This option had no effect since 0.9.7h / 0.9.8b and it was removed in recent OpenSSL. Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author Piotr Sikora <piotr@cloudflare.com>
date Mon, 16 Sep 2013 14:24:38 -0700
parents cec155f07c84
children 60e0409b9ec7
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line diff
     1.1 --- a/src/event/ngx_event_openssl.c	Mon Sep 16 18:49:23 2013 +0400
     1.2 +++ b/src/event/ngx_event_openssl.c	Mon Sep 16 14:24:38 2013 -0700
     1.3 @@ -185,8 +185,10 @@
     1.4      SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
     1.5      SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
     1.6  
     1.7 +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
     1.8      /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
     1.9      SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
    1.10 +#endif
    1.11  
    1.12      SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
    1.13      SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);