[PATCH] SSL: fix build with recent OpenSSL

Maxim Dounin mdounin at mdounin.ru
Fri Jul 11 15:58:14 UTC 2014 

Hello!

On Wed, Jul 09, 2014 at 12:28:30PM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1404934035 25200
> #      Wed Jul 09 12:27:15 2014 -0700
> # Node ID 1087b3beb12068ca3641240d10c0e18a2dae6013
> # Parent  d80543940f9a33b262d05864a30ab8b22e906455
> SSL: fix build with recent OpenSSL.
> 
> X509_check_host() prototype changed recently:
> - http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ced3d91
> - http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=297c67f
> 
> Bump version requirement, so that OpenSSL-1.0.2-beta1 uses fallback code.

[...]

> @@ -2741,7 +2741,9 @@ ngx_ssl_check_host(ngx_connection_t *c, 
>          goto failed;
>      }
>  
> -    if (X509_check_host(cert, name->data, name->len, 0) != 1) {
> +    if (X509_check_host(cert, (const char *) name->data, name->len, 0, NULL)
> +        != 1)
> +    {
>          ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
>                         "X509_check_host(): no match");
>          goto failed;

The "const" qualifier isn't needed in the cast here, otherwise 
looks good.  Pushed with this instead:

@@ -2741,7 +2741,7 @@ ngx_ssl_check_host(ngx_connection_t *c, 
         goto failed;
     }
 
-    if (X509_check_host(cert, name->data, name->len, 0) != 1) {
+    if (X509_check_host(cert, (char *) name->data, name->len, 0, NULL) != 1) {
         ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "X509_check_host(): no match");
         goto failed;

Thanks!

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list