diff options
Diffstat (limited to '215.patch')
-rw-r--r-- | 215.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/215.patch b/215.patch new file mode 100644 index 0000000..d98ecb3 --- /dev/null +++ b/215.patch @@ -0,0 +1,42 @@ +From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Wed, 16 Jan 2019 08:38:53 +0100 +Subject: [PATCH] prefer system crypto policy + +--- + src/nxt_openssl.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c +index 99dd207..6d9df48 100644 +--- a/src/nxt_openssl.c ++++ b/src/nxt_openssl.c +@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) + { + SSL_CTX *ctx; + nxt_fd_t fd; +- const char *ciphers, *ca_certificate; ++ const char *ca_certificate; + STACK_OF(X509_NAME) *list; + + ctx = SSL_CTX_new(SSLv23_server_method()); +@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) + goto fail; + } + */ +- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; +- +- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { +- nxt_openssl_log_error(task, NXT_LOG_ALERT, ++ if (conf->ciphers) { /* else use system crypto policy */ ++ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { ++ nxt_openssl_log_error(task, NXT_LOG_ALERT, + "SSL_CTX_set_cipher_list(\"%s\") failed", +- ciphers); +- goto fail; ++ conf->ciphers); ++ goto fail; ++ } + } + + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |