[PATCH] SSL: guard use of all SSL options for bug workarounds
Maxim Dounin
mdounin at mdounin.ru
Fri Sep 5 18:38:54 UTC 2014
Hello!
On Wed, Sep 03, 2014 at 02:53:23PM -0700, Piotr Sikora wrote:
> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1409780995 25200
> # Wed Sep 03 14:49:55 2014 -0700
> # Node ID 9c59138cd7030a88a761856f849c581924ca1a3b
> # Parent 3f5f0ab59b359064db16e1aa52dfca335720dff6
> SSL: guard use of all SSL options for bug workarounds.
>
> Some of the OpenSSL forks (read: BoringSSL) started removing unused,
> no longer necessary and/or not really working bug workarounds along
> with the SSL options and defines for them.
>
> Instead of fixing nginx build after each removal, be proactive
> and guard use of all SSL options for bug workarounds.
After looking into http://trac.nginx.org/nginx/ticket/618,
I'm rather sceptical about BoringSSL-related fixes.
On the other hand, if they indeed remove something we use, it may
be a good enough reason to reconsider the use of the flags
removed.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list