|
|
|
@ -1066,11 +1066,13 @@ mod_openssl_cert_cb (SSL *ssl, void *arg)
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000 \ |
|
|
|
|
&& !defined(LIBRESSL_VERSION_NUMBER) |
|
|
|
|
/* libressl >= 0x3000000fL has SSL_set1_chain(), but not other APIs below)*/ |
|
|
|
|
&& (!defined(LIBRESSL_VERSION_NUMBER) \
|
|
|
|
|
|| LIBRESSL_VERSION_NUMBER >= 0x3000000fL) |
|
|
|
|
if (pc->ssl_pemfile_chain) |
|
|
|
|
SSL_set1_chain(ssl, pc->ssl_pemfile_chain); |
|
|
|
|
#ifndef BORINGSSL_API_VERSION /* BoringSSL limitation */ |
|
|
|
|
#if defined(BORINGSSL_API_VERSION) \ |
|
|
|
|
|| defined(LIBRESSL_VERSION_NUMBER) |
|
|
|
|
/* (missing SSL_set1_chain_cert_store() and SSL_build_cert_chain()) */ |
|
|
|
|
else if (hctx->conf.ssl_ca_file) { |
|
|
|
|
/* preserve legacy behavior whereby openssl will reuse CAs trusted for
|
|
|
|
|
* certificate verification (set by SSL_CTX_load_verify_locations() in |
|
|
|
@ -1921,7 +1923,8 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
|
|
|
|
|
|
|
|
|
|
#ifndef OPENSSL_NO_DH |
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L \ |
|
|
|
|
|| defined(LIBRESSL_VERSION_NUMBER) |
|
|
|
|
|| (defined(LIBRESSL_VERSION_NUMBER) \
|
|
|
|
|
&& LIBRESSL_VERSION_NUMBER < 0x2070000fL) |
|
|
|
|
#define DH_set0_pqg(dh, dh_p, NULL, dh_g) \ |
|
|
|
|
((dh)->p = (dh_p), (dh)->g = (dh_g), (dh_p) != NULL && (dh_g) != NULL) |
|
|
|
|
#endif |
|
|
|
|