[PATCH] ssl: SSL_get0_verified_chain is available for LibreSSL >= 3.3.6

Ilya Shipitsin chipitsine at gmail.com
Thu Nov 23 20:29:41 UTC 2023


# HG changeset patch
# User Ilya Shipitsin <chipitsine at gmail.com>
# Date 1700769135 -3600
#      Thu Nov 23 20:52:15 2023 +0100
# Node ID 2001e73ce136d5bfc9bde27d338865b14b8ad436
# Parent  7ec761f0365f418511e30b82e9adf80bc56681df
ssl: SSL_get0_verified_chain is available for LibreSSL >= 3.3.6

diff -r 7ec761f0365f -r 2001e73ce136 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c	Thu Oct 26 23:35:09 2023 +0300
+++ b/src/event/ngx_event_openssl_stapling.c	Thu Nov 23 20:52:15 2023 +0100
@@ -893,7 +893,8 @@
     ocsp->cert_status = V_OCSP_CERTSTATUS_GOOD;
     ocsp->conf = ocf;
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined LIBRESSL_VERSION_NUMBER)
+/* minimum OpenSSL 1.1.1 & LibreSSL 3.3.6 */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined LIBRESSL_VERSION_NUMBER) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3030600L))
 
     ocsp->certs = SSL_get0_verified_chain(c->ssl->connection);
 


More information about the nginx-devel mailing list