[PATCH] ssl: SSL_get0_verified_chain is available for LibreSSL >= 3.3.6
Ilya Shipitsin
chipitsine at gmail.com
Thu Nov 23 20:29:41 UTC 2023
# HG changeset patch
# User Ilya Shipitsin <chipitsine at gmail.com>
# Date 1700769135 -3600
# Thu Nov 23 20:52:15 2023 +0100
# Node ID 2001e73ce136d5bfc9bde27d338865b14b8ad436
# Parent 7ec761f0365f418511e30b82e9adf80bc56681df
ssl: SSL_get0_verified_chain is available for LibreSSL >= 3.3.6
diff -r 7ec761f0365f -r 2001e73ce136 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c Thu Oct 26 23:35:09 2023 +0300
+++ b/src/event/ngx_event_openssl_stapling.c Thu Nov 23 20:52:15 2023 +0100
@@ -893,7 +893,8 @@
ocsp->cert_status = V_OCSP_CERTSTATUS_GOOD;
ocsp->conf = ocf;
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined LIBRESSL_VERSION_NUMBER)
+/* minimum OpenSSL 1.1.1 & LibreSSL 3.3.6 */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined LIBRESSL_VERSION_NUMBER) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3030600L))
ocsp->certs = SSL_get0_verified_chain(c->ssl->connection);
More information about the nginx-devel
mailing list