[nginx] SSL: X509 was made opaque in OpenSSL 1.1.0.

Maxim Dounin mdounin at mdounin.ru
Thu Mar 31 23:57:46 UTC 2016


details:   http://hg.nginx.org/nginx/rev/45f2385a47e6
branches:  
changeset: 6491:45f2385a47e6
user:      Sergey Kandaurov <pluknet at nginx.com>
date:      Thu Mar 31 23:38:37 2016 +0300
description:
SSL: X509 was made opaque in OpenSSL 1.1.0.

To increment reference counters we now use newly introduced X509_up_ref()
function.

diffstat:

 src/event/ngx_event_openssl_stapling.c |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (15 lines):

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -285,7 +285,11 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf, 
     for (i = 0; i < n; i++) {
         issuer = sk_X509_value(chain, i);
         if (X509_check_issued(issuer, cert) == X509_V_OK) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100001L
+            X509_up_ref(issuer);
+#else
             CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
+#endif
 
             ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
                            "SSL get issuer: found %p in extra certs", issuer);



More information about the nginx-devel mailing list