Browse Source

[mod_openssl] remove ancient preprocessor logic

remove ancient preprocessor logic which might define OPENSSL_NO_TLSEXT

The logic was added to base.h in https://redmine.lighttpd.net/issues/386
some 13 years ago, and today might cause more harm than good with other
TLS libraries which provide some level of openssl-compatiblity layer,
e.g. BoringSSL and LibreSSL

If building with an ancient version of openssl and building without
support for TLS extensions, then be sure that OPENSSL_NO_TLSEXT is
defined.  (Alternatively, please consider using modern versions of
security libraries for better security.)
master
Glenn Strauss 1 year ago
parent
commit
aa3cabae3b
  1. 4
      src/mod_openssl.c

4
src/mod_openssl.c

@ -72,10 +72,6 @@
#undef OPENSSL_NO_OCSP
#endif
#if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
#define OPENSSL_NO_TLSEXT
#endif
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>

Loading…
Cancel
Save