Browse Source

[build] WITHOUT_LIB_CRYPTO option in code

(not (yet?) an end-user option in the build system)
(If extended to build system, build system should also unset CRYPTO_LIB)

If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules
will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch]
and algo_sha1.[ch]), but not to other message digest algorithms.

As of this commit, this affects only mod_secdownload with SHA256 digest
and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which
is not currently well-supported by client browers (besides Opera)
master
Glenn Strauss 11 months ago
parent
commit
babfb43873
  1. 8
      src/rand.c
  2. 4
      src/sys-crypto.h

8
src/rand.c

@ -64,6 +64,14 @@
#include <nss/pk11pub.h>
#endif
#endif
#ifndef USE_LIB_CRYPTO
#undef USE_NETTLE_CRYPTO
#undef USE_MBEDTLS_CRYPTO
#undef USE_WOLFSSL_CRYPTO
#undef USE_OPENSSL_CRYPTO
#undef USE_GNUTLS_CRYPTO
#undef USE_NSS_CRYPTO
#endif
#ifdef HAVE_GETENTROPY
#include <sys/random.h>
#endif

4
src/sys-crypto.h

@ -50,4 +50,8 @@
#define USE_GNUTLS_CRYPTO
#endif
#ifdef WITHOUT_LIB_CRYPTO
#undef USE_LIB_CRYPTO
#endif
#endif

Loading…
Cancel
Save