Merge branch 'libressl'
This commit is contained in:
commit
90bcdb0dda
|
@ -67,6 +67,8 @@ required:
|
|||
* zlib >= 1.2.3
|
||||
|
||||
ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
|
||||
LibreSSL >= 2.2.0 can be used instead of OpenSSL, but OpenSSL has more
|
||||
features thatn LibreSSL at the time of this writing.
|
||||
|
||||
To enable the SPDY protocol in the application program ``nghttpx`` and
|
||||
``h2load``, the following package is required:
|
||||
|
|
|
@ -142,13 +142,13 @@ def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri,
|
|||
# obtain response (without verification)
|
||||
sys.stderr.write('sending OCSP request to {}\n'.format(ocsp_uri))
|
||||
args = [
|
||||
cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri
|
||||
cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri,
|
||||
'-noverify', '-respout', respder_fn
|
||||
]
|
||||
if openssl_version.lower().startswith('openssl 1.'):
|
||||
ver = openssl_version.lower()
|
||||
if ver.startswith('openssl 1.') or ver.startswith('libressl '):
|
||||
args.extend(['-header', 'Host', ocsp_host])
|
||||
args.extend(['-noverify', '-respout', respder_fn])
|
||||
resp = run_openssl(args, allow_tempfail=True)
|
||||
|
||||
return resp.decode('utf-8')
|
||||
|
||||
|
||||
|
@ -188,7 +188,7 @@ def fetch_ocsp_response(cmd, cert_fn, tempdir, issuer_fn=None):
|
|||
'fetch-ocsp-response (using {})\n'.format(openssl_version))
|
||||
|
||||
ocsp_uri = extract_ocsp_uri(cmd, cert_fn)
|
||||
ocsp_host = urlparse(ocsp_uri).hostname
|
||||
ocsp_host = urlparse(ocsp_uri).netloc
|
||||
|
||||
if not issuer_fn:
|
||||
issuer_fn = os.path.join(tempdir, 'issuer.crt')
|
||||
|
|
|
@ -292,7 +292,8 @@ const char *get_tls_protocol(SSL *ssl) {
|
|||
|
||||
namespace {
|
||||
void print_server_tmp_key(SSL *ssl) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
// libressl does not have SSL_get_server_tmp_key
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_get_server_tmp_key)
|
||||
EVP_PKEY *key;
|
||||
|
||||
if (!SSL_get_server_tmp_key(ssl, &key)) {
|
||||
|
|
Loading…
Reference in New Issue