[PATCH] SSL: guard use of all SSL options for bug workarounds

Maxim Dounin mdounin at mdounin.ru
Fri Sep 5 18:38:54 UTC 2014


Hello!

On Wed, Sep 03, 2014 at 02:53:23PM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1409780995 25200
> #      Wed Sep 03 14:49:55 2014 -0700
> # Node ID 9c59138cd7030a88a761856f849c581924ca1a3b
> # Parent  3f5f0ab59b359064db16e1aa52dfca335720dff6
> SSL: guard use of all SSL options for bug workarounds.
> 
> Some of the OpenSSL forks (read: BoringSSL) started removing unused,
> no longer necessary and/or not really working bug workarounds along
> with the SSL options and defines for them.
> 
> Instead of fixing nginx build after each removal, be proactive
> and guard use of all SSL options for bug workarounds.

After looking into http://trac.nginx.org/nginx/ticket/618, 
I'm rather sceptical about BoringSSL-related fixes.

On the other hand, if they indeed remove something we use, it may 
be a good enough reason to reconsider the use of the flags 
removed.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list