[mod_openssl] remove ancient preprocessor logic
remove ancient preprocessor logic which might define OPENSSL_NO_TLSEXT The logic was added to base.h in https://redmine.lighttpd.net/issues/386 some 13 years ago, and today might cause more harm than good with other TLS libraries which provide some level of openssl-compatiblity layer, e.g. BoringSSL and LibreSSL If building with an ancient version of openssl and building without support for TLS extensions, then be sure that OPENSSL_NO_TLSEXT is defined. (Alternatively, please consider using modern versions of security libraries for better security.)
This commit is contained in:
parent
a27e55b2dd
commit
aa3cabae3b
|
|
@ -72,10 +72,6 @@
|
|||
#undef OPENSSL_NO_OCSP
|
||||
#endif
|
||||
|
||||
#if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#define OPENSSL_NO_TLSEXT
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
#include <openssl/ecdh.h>
|
||||
|
|
|
|||
Loading…
Reference in New Issue