SSL: avoid using OpenSSL config in build directory (ticket #2404).

With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx is asked to build OpenSSL itself. And with this macro automatic loading of OpenSSL configuration (from the build directory) is prevented unless the OPENSSL_CONF environment variable is explicitly set. Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a (fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350). If nginx is used to compile these OpenSSL versions, configuring nginx with NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
author: Maxim Dounin <mdounin@mdounin.ru> 2023-06-21 01:29:53 +0300
committer: Maxim Dounin <mdounin@mdounin.ru> 2023-06-21 01:29:53 +0300
commit: bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017 (patch)
tree: 515228b2a359e1a1698654df9e72839864688487 /auto/lib/openssl/conf
parent: 2038b46e25b74c16b36ce27f4c8064f2ab2af5a9 (diff)
download: nginx-bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017.tar.gz
nginx-bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf
index cfa74cf81..eda1c0f4a 100644
--- a/auto/lib/openssl/conf
+++ b/auto/lib/openssl/conf
@@ -8,6 +8,8 @@ if [ $OPENSSL != NONE ]; then
     have=NGX_OPENSSL . auto/have
     have=NGX_SSL . auto/have
 
+    have=NGX_OPENSSL_NO_CONFIG . auto/have
+
     if [ $USE_OPENSSL_QUIC = YES ]; then
         have=NGX_QUIC . auto/have
         have=NGX_QUIC_OPENSSL_COMPAT . auto/have
author	Maxim Dounin <mdounin@mdounin.ru>	2023-06-21 01:29:53 +0300
committer	Maxim Dounin <mdounin@mdounin.ru>	2023-06-21 01:29:53 +0300
commit	bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017 (patch)
tree	515228b2a359e1a1698654df9e72839864688487 /auto/lib/openssl/conf
parent	2038b46e25b74c16b36ce27f4c8064f2ab2af5a9 (diff)
download	nginx-bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017.tar.gz nginx-bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017.tar.bz2