summaryrefslogtreecommitdiff
path: root/src/network.c
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2016-05-07 12:41:05 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2016-05-07 12:50:41 -0400
commit1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1 (patch)
treef2909dafbfbf144494132e6c67a57fe1245be991 /src/network.c
parent873eaf3f4ad9b56150d2c370c4a3ab98e5b7ce90 (diff)
downloadlighttpd1.4-1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1.tar.gz
lighttpd1.4-1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1.zip
build with libressl
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0 (thx Christian Heckendorf) libressl matches ERR_remove_thread_state() signature from openssl 1.0.2 (libressl pretends that libressl is openssl version 2.0.0, but openssl 1.1.0 changes signature of ERR_remove_thread_state()) libressl does not yet provide compatibility interfaces for the new prototypes introduced in openssl 1.1.0, including DH_set0_pqg() and DH_set_length() remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005) (define USE_OPENSSL_KERBEROS if required) (Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
Diffstat (limited to 'src/network.c')
-rw-r--r--src/network.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/network.c b/src/network.c
index 5b64cdc0..46b4be8e 100644
--- a/src/network.c
+++ b/src/network.c
@@ -780,7 +780,7 @@ int network_init(server *srv) {
if (!s->ssl_use_sslv2) {
/* disable SSLv2 */
- if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
+ if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
return -1;
@@ -789,7 +789,7 @@ int network_init(server *srv) {
if (!s->ssl_use_sslv3) {
/* disable SSLv3 */
- if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
+ if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
return -1;
@@ -839,7 +839,8 @@ int network_init(server *srv) {
log_error_write(srv, __FILE__, __LINE__, "s", "SSL: BN_bin2bn () failed");
return -1;
}
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L \
+ || defined(LIBRESSL_VERSION_NUMBER)
dh->p = dh_p;
dh->g = dh_g;
dh->length = 160;