lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_openssl] remove ancient preprocessor logic 

remove ancient preprocessor logic which might define OPENSSL_NO_TLSEXT

The logic was added to base.h in https://redmine.lighttpd.net/issues/386
some 13 years ago, and today might cause more harm than good with other
TLS libraries which provide some level of openssl-compatiblity layer,
e.g. BoringSSL and LibreSSL

If building with an ancient version of openssl and building without
support for TLS extensions, then be sure that OPENSSL_NO_TLSEXT is
defined.  (Alternatively, please consider using modern versions of
security libraries for better security.)
personal/stbuehler/tests-path
Glenn Strauss 2020-12-06 02:08:06 -05:00
parent a27e55b2dd
commit aa3cabae3b
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/mod_openssl.c
View File

@ -72,10 +72,6 @@
#undef OPENSSL_NO_OCSP
#endif
#if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
#define OPENSSL_NO_TLSEXT
#endif
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>