nginx.git/auto/lib/openssl/conf, branch release-1.26.0 nginx Configure: added support for Homebrew on Apple Silicon. 2024-02-26T20:00:43+00:00 Piotr Sikora piotr@aviatrix.com 2024-02-26T20:00:43+00:00 2deded362ee052564e7359d53c81973c16b18e72 Signed-off-by: Piotr Sikora <piotr@aviatrix.com> 
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
SSL: avoid using OpenSSL config in build directory (ticket #2404). 2023-06-20T22:29:53+00:00 Maxim Dounin mdounin@mdounin.ru 2023-06-20T22:29:53+00:00 bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017 With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx is asked to build OpenSSL itself. And with this macro automatic loading of OpenSSL configuration (from the build directory) is prevented unless the OPENSSL_CONF environment variable is explicitly set. Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a (fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350). If nginx is used to compile these OpenSSL versions, configuring nginx with NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround. 
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself.  And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.

Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
QUIC: OpenSSL compatibility layer. 2023-02-22T15:16:53+00:00 Roman Arutyunyan arut@nginx.com 2023-02-22T15:16:53+00:00 a36ebf7e95baebf445b0973bd270bc009b0b0e9a The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API. This implementation does not support 0-RTT. 
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.
Configure: fixed QUIC support test. 2021-09-27T07:10:38+00:00 Ruslan Ermilov ru@nginx.com 2021-09-27T07:10:38+00:00 f2859767d4218e60f8ac3adbac6123c8a1f68279 OpenSSL library QUIC support cannot be tested at configure time when using the --with-openssl option so assume it's present if requested. While here, fixed the error message in case QUIC support is missing. 
OpenSSL library QUIC support cannot be tested at configure time when
using the --with-openssl option so assume it's present if requested.
While here, fixed the error message in case QUIC support is missing.
Configure: check for QUIC 0-RTT support at compile time. 2021-09-27T07:10:37+00:00 Ruslan Ermilov ru@nginx.com 2021-09-27T07:10:37+00:00 8ce1c2c7e9abc90a63ad74df5ad4cc7c37b24c87 






Configure: simplified condition.
2021-09-21T11:46:17+00:00

Ruslan Ermilov
ru@nginx.com

2021-09-21T11:46:17+00:00

3321ca0c833c88ef4870f3abb8870beb622e2171












Removed NGX_OPENSSL_QUIC macro, NGX_QUIC is enough.
2021-09-14T09:09:13+00:00

Ruslan Ermilov
ru@nginx.com

2021-09-14T09:09:13+00:00

bd89c448b7e7beb15409e2abe2f174a36a7a0823












Changed the OpenSSL QUIC support detection.
2021-09-09T12:34:00+00:00

Ruslan Ermilov
ru@nginx.com

2021-09-09T12:34:00+00:00

7a45071cb6a460c999a3ad5f978f8cfd5d792cdb

As was changed in 253cf267f95a.





As was changed in 253cf267f95a.







QUIC: added "quic" listen parameter.
2020-07-21T20:09:22+00:00

Roman Arutyunyan
arut@nginx.com

2020-07-21T20:09:22+00:00

b813b9ec358862a2a94868bc057420d6eca5c05d

The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there





The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there







Compatibility with BoringSSL master branch.
2020-06-01T16:53:13+00:00

Sergey Kandaurov
pluknet@nginx.com

2020-06-01T16:53:13+00:00

0a11fdbb28d2efaaf2a541c321d4c5566bf1fbe5

Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/





Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/