[PATCH 1 of 2] SSL: removed OPENSSL_NO_SHA256 support
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 26 04:04:06 UTC 2024
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1724634078 -10800
# Mon Aug 26 04:01:18 2024 +0300
# Node ID 2cf47b5869fe0261835a2f5a0afa5d8f3ae941f8
# Parent d6f75dd66761c10d4bfb257ae70a212411b6a69b
SSL: removed OPENSSL_NO_SHA256 support.
In OpenSSL itself, support for builds without SHA256 was removed in
OpenSSL 1.1.0 and was already broken at that time (see
https://github.com/openssl/openssl/commit/474e469bbd for details).
In BoringSSL, support for OPENSSL_NO_SHA256 was removed in 2014.
In LibreSSL as of 3.9.2, some support it still present, but broken.
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -4553,11 +4553,7 @@ ngx_ssl_ticket_key_callback(ngx_ssl_conn
return -1;
}
-#ifdef OPENSSL_NO_SHA256
- digest = EVP_sha1();
-#else
digest = EVP_sha256();
-#endif
keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index);
if (keys == NULL) {
More information about the nginx-devel
mailing list