lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[mod_openssl] remove ancient preprocessor logic 

remove ancient preprocessor logic which might define OPENSSL_NO_TLSEXT

The logic was added to base.h in https://redmine.lighttpd.net/issues/386
some 13 years ago, and today might cause more harm than good with other
TLS libraries which provide some level of openssl-compatiblity layer,
e.g. BoringSSL and LibreSSL

If building with an ancient version of openssl and building without
support for TLS extensions, then be sure that OPENSSL_NO_TLSEXT is
defined.  (Alternatively, please consider using modern versions of
security libraries for better security.)
master
Glenn Strauss 2 years ago
parent
a27e55b2dd
commit
aa3cabae3b
1 changed files with 0 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/mod_openssl.c

4
src/mod_openssl.c
Unescape View File

@ -72,10 +72,6 @@
#undef OPENSSL_NO_OCSP
#endif
#if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
#define OPENSSL_NO_TLSEXT
#endif
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>

Write Preview
Loading…
Cancel
Save