Commit 90bcdb0d authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

Merge branch 'libressl'

parents b0b792e7 17ec30e4
...@@ -67,6 +67,8 @@ required: ...@@ -67,6 +67,8 @@ required:
* zlib >= 1.2.3 * zlib >= 1.2.3
ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015). ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
LibreSSL >= 2.2.0 can be used instead of OpenSSL, but OpenSSL has more
features thatn LibreSSL at the time of this writing.
To enable the SPDY protocol in the application program ``nghttpx`` and To enable the SPDY protocol in the application program ``nghttpx`` and
``h2load``, the following package is required: ``h2load``, the following package is required:
......
...@@ -142,13 +142,13 @@ def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri, ...@@ -142,13 +142,13 @@ def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri,
# obtain response (without verification) # obtain response (without verification)
sys.stderr.write('sending OCSP request to {}\n'.format(ocsp_uri)) sys.stderr.write('sending OCSP request to {}\n'.format(ocsp_uri))
args = [ args = [
cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri,
'-noverify', '-respout', respder_fn
] ]
if openssl_version.lower().startswith('openssl 1.'): ver = openssl_version.lower()
if ver.startswith('openssl 1.') or ver.startswith('libressl '):
args.extend(['-header', 'Host', ocsp_host]) args.extend(['-header', 'Host', ocsp_host])
args.extend(['-noverify', '-respout', respder_fn])
resp = run_openssl(args, allow_tempfail=True) resp = run_openssl(args, allow_tempfail=True)
return resp.decode('utf-8') return resp.decode('utf-8')
...@@ -188,7 +188,7 @@ def fetch_ocsp_response(cmd, cert_fn, tempdir, issuer_fn=None): ...@@ -188,7 +188,7 @@ def fetch_ocsp_response(cmd, cert_fn, tempdir, issuer_fn=None):
'fetch-ocsp-response (using {})\n'.format(openssl_version)) 'fetch-ocsp-response (using {})\n'.format(openssl_version))
ocsp_uri = extract_ocsp_uri(cmd, cert_fn) ocsp_uri = extract_ocsp_uri(cmd, cert_fn)
ocsp_host = urlparse(ocsp_uri).hostname ocsp_host = urlparse(ocsp_uri).netloc
if not issuer_fn: if not issuer_fn:
issuer_fn = os.path.join(tempdir, 'issuer.crt') issuer_fn = os.path.join(tempdir, 'issuer.crt')
......
...@@ -292,7 +292,8 @@ const char *get_tls_protocol(SSL *ssl) { ...@@ -292,7 +292,8 @@ const char *get_tls_protocol(SSL *ssl) {
namespace { namespace {
void print_server_tmp_key(SSL *ssl) { void print_server_tmp_key(SSL *ssl) {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L // libressl does not have SSL_get_server_tmp_key
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_get_server_tmp_key)
EVP_PKEY *key; EVP_PKEY *key;
if (!SSL_get_server_tmp_key(ssl, &key)) { if (!SSL_get_server_tmp_key(ssl, &key)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment