[PATCH 2 of 2] SSL: add $ssl_curve when using AWS-LC
Piotr Sikora
piotr at aviatrix.com
Tue Mar 26 01:13:39 UTC 2024
Hi Sergey,
> Not sure nginx needs such complexity.
> Instead, I'd expect the missing API to be added to the library,
> especially that both parent and grandparent implement it.
>
> BoringSSL didn't have such API for quite some time until recently.
Right, this patch predates addition of this API to BoringSSL, and
I only removed BoringSSL's #ifdef when submitting it last month.
Feel free to skip it.
> Since AWS-LC is a fork of BoringSSL, it is welcome to sync up.
> As far as I can see, they used to sync quite often, so it is ought
> to be resolved automagically after the next sync. To ease to task,
> here I provide certain git hashes:
>
> 6cf98208371e5c2c8b9d34ce3b8c452ea90e2963 - SSL_get_negotiated_group
> 28c24092e39bfd70852afa2923a3d12d2e9be2f5 - TLSEXT_nid_unknown
You'd assume that's the case, but they've merged a lot of commits more
recent than those two, so they've skipped them (intentionally or not).
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list