details: http://freenginx.org/hg/nginx/rev/8ebb4e488aa4 branches: changeset: 9323:8ebb4e488aa4 user: Maxim Dounin <mdou...@mdounin.ru> date: Sat Aug 31 00:30:39 2024 +0300 description: SSL: removed OPENSSL_NO_SHA256 support.
In OpenSSL itself, support for builds without SHA256 was removed in OpenSSL 1.1.0 and was already broken at that time (see https://github.com/openssl/openssl/commit/474e469bbd for details). In BoringSSL, support for OPENSSL_NO_SHA256 was removed in 2014. In LibreSSL as of 3.9.2, some support it still present, but broken. diffstat: src/event/ngx_event_openssl.c | 4 ---- 1 files changed, 0 insertions(+), 4 deletions(-) diffs (15 lines): diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -4553,11 +4553,7 @@ ngx_ssl_ticket_key_callback(ngx_ssl_conn return -1; } -#ifdef OPENSSL_NO_SHA256 - digest = EVP_sha1(); -#else digest = EVP_sha256(); -#endif keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index); if (keys == NULL) {
