# HG changeset patch # User Maxim Dounin <mdou...@mdounin.ru> # Date 1724634078 -10800 # Mon Aug 26 04:01:18 2024 +0300 # Node ID 2cf47b5869fe0261835a2f5a0afa5d8f3ae941f8 # Parent d6f75dd66761c10d4bfb257ae70a212411b6a69b SSL: removed OPENSSL_NO_SHA256 support.
In OpenSSL itself, support for builds without SHA256 was removed in OpenSSL 1.1.0 and was already broken at that time (see https://github.com/openssl/openssl/commit/474e469bbd for details). In BoringSSL, support for OPENSSL_NO_SHA256 was removed in 2014. In LibreSSL as of 3.9.2, some support it still present, but broken. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -4553,11 +4553,7 @@ ngx_ssl_ticket_key_callback(ngx_ssl_conn return -1; } -#ifdef OPENSSL_NO_SHA256 - digest = EVP_sha1(); -#else digest = EVP_sha256(); -#endif keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index); if (keys == NULL) {
