mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

nginx: QUIC: Fix SSL 3.0 deprecated function 

`EVP_CIPHER_CTX_cipher()` function was deprecated in OpenSSL 3.0.
As per OpenSSL's recommendation (https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_get0_cipher.html)
switch to using `EVP_CIPHER_CTX_get0_cipher()` instead.

With this change and recent commit to nginx-util #23935. We should now
be able to build nginx + modules with fully compliant calls to OpenSSL
3.0+ with legacy features disabled.

Signed-off-by: Sean Khan <datapronix@protonmail.com>
This commit is contained in:
Sean Khan 2024-04-24 18:02:02 -04:00
parent 13bcb52870
commit 9ec1a42420
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch Normal file
View File

@ -0,0 +1,12 @@
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -510,7 +510,7 @@ ngx_quic_crypto_common(ngx_quic_secret_t
}
}
- if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
+ if (EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(ctx)) == EVP_CIPH_CCM_MODE
&& EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1)
{
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");