mirror of
https://github.com/ZoeyVid/NPMplus.git
synced 2026-03-03 00:18:06 +00:00
81 lines
3.5 KiB
Diff
81 lines
3.5 KiB
Diff
diff --git a/src/ngx_http_lua_proxy_ssl_verifyby.h b/src/ngx_http_lua_proxy_ssl_verifyby.h
|
|
index 04319298..a9493598 100644
|
|
--- a/src/ngx_http_lua_proxy_ssl_verifyby.h
|
|
+++ b/src/ngx_http_lua_proxy_ssl_verifyby.h
|
|
@@ -16,6 +16,8 @@
|
|
#define HAVE_LUA_PROXY_SSL_VERIFY 0
|
|
#elif defined(OPENSSL_IS_BORINGSSL)
|
|
#define HAVE_LUA_PROXY_SSL_VERIFY 0
|
|
+#elif defined(OPENSSL_IS_AWSLC)
|
|
+#define HAVE_LUA_PROXY_SSL_VERIFY 1
|
|
#elif defined(SSL_ERROR_WANT_RETRY_VERIFY) && \
|
|
OPENSSL_VERSION_NUMBER >= 0x30000020uL
|
|
#define HAVE_LUA_PROXY_SSL_VERIFY 1
|
|
diff --git a/src/ngx_http_lua_ssl_certby.c b/src/ngx_http_lua_ssl_certby.c
|
|
index e0ee6905..f32526d5 100644
|
|
--- a/src/ngx_http_lua_ssl_certby.c
|
|
+++ b/src/ngx_http_lua_ssl_certby.c
|
|
@@ -37,7 +37,7 @@ static u_char *ngx_http_lua_log_ssl_cert_error(ngx_log_t *log, u_char *buf,
|
|
static ngx_int_t ngx_http_lua_ssl_cert_by_chunk(lua_State *L,
|
|
ngx_http_request_t *r);
|
|
|
|
-#ifndef OPENSSL_IS_BORINGSSL
|
|
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
|
|
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER > 0x101010afL
|
|
static int ngx_http_lua_is_grease_cipher(uint16_t cipher_id);
|
|
#endif
|
|
@@ -458,7 +458,7 @@ ngx_http_lua_log_ssl_cert_error(ngx_log_t *log, u_char *buf, size_t len)
|
|
}
|
|
|
|
|
|
-#ifndef OPENSSL_IS_BORINGSSL
|
|
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
|
|
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER > 0x101010afL
|
|
static int
|
|
ngx_http_lua_is_grease_cipher(uint16_t cipher_id)
|
|
@@ -863,9 +863,9 @@ int
|
|
ngx_http_lua_ffi_req_shared_ssl_ciphers(ngx_http_request_t *r,
|
|
uint16_t *ciphers, uint16_t *nciphers, int filter_grease, char **err)
|
|
{
|
|
-#ifdef OPENSSL_IS_BORINGSSL
|
|
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
|
|
|
|
- *err = "BoringSSL is not supported for SSL cipher operations";
|
|
+ *err = "BoringSSL/AWS-LC is not supported for SSL cipher operations";
|
|
return NGX_ERROR;
|
|
|
|
#elif OPENSSL_VERSION_NUMBER < 0x101010afL
|
|
@@ -1439,7 +1439,7 @@ ngx_http_lua_ffi_set_cert(ngx_http_request_t *r,
|
|
|
|
# else
|
|
|
|
-#ifdef OPENSSL_IS_BORINGSSL
|
|
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
|
|
size_t i;
|
|
#else
|
|
int i;
|
|
@@ -1581,7 +1581,7 @@ ngx_http_lua_ffi_ssl_verify_client(ngx_http_request_t *r, void *client_certs,
|
|
X509 *x509 = NULL;
|
|
X509_NAME *subject = NULL;
|
|
X509_STORE *ca_store = NULL;
|
|
-#ifdef OPENSSL_IS_BORINGSSL
|
|
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
|
|
size_t i;
|
|
#else
|
|
int i;
|
|
diff --git a/src/ngx_http_lua_ssl_export_keying_material.c b/src/ngx_http_lua_ssl_export_keying_material.c
|
|
index ec64c049..57e6d31d 100644
|
|
--- a/src/ngx_http_lua_ssl_export_keying_material.c
|
|
+++ b/src/ngx_http_lua_ssl_export_keying_material.c
|
|
@@ -79,8 +79,8 @@ ngx_http_lua_ffi_ssl_export_keying_material_early(ngx_http_request_t *r,
|
|
u_char *out, size_t out_size, const char *label, size_t llen,
|
|
const u_char *context, size_t ctxlen, char **err)
|
|
{
|
|
-#if defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER < 0x10101000L
|
|
- *err = "BoringSSL does not support SSL_export_keying_material";
|
|
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) || OPENSSL_VERSION_NUMBER < 0x10101000L
|
|
+ *err = "BoringSSL/AWS-LC does not support SSL_export_keying_material";
|
|
return NGX_ERROR;
|
|
#elif defined(LIBRESSL_VERSION_NUMBER)
|
|
*err = "LibreSSL does not support SSL_export_keying_material";
|