diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-10-28 13:06:58 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-10-28 22:58:47 -0400 |
commit | 1d27391c291fa5f00f1e41c2e7853e9a27aa5184 (patch) | |
tree | 77b8c2230c0be1283d002526c8b06e8e5960bade | |
parent | 3353ff20247c989092ca0bd6f95545f802938606 (diff) | |
download | lighttpd-git-1d27391c291fa5f00f1e41c2e7853e9a27aa5184.tar.gz |
[mod_mbedtls] wrap addtl code in preproc defines
wrap additional code in preprocessor defines to check if enabled in lib
-rw-r--r-- | src/mod_mbedtls.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index e18e59be..1450f47a 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -401,8 +401,10 @@ static void mod_mbedtls_free_mbedtls (void) { if (!ssl_is_init) return; + #ifdef MBEDTLS_SSL_SESSION_TICKETS mbedtls_platform_zeroize(session_ticket_keys, sizeof(session_ticket_keys)); stek_rotate_ts = 0; + #endif plugin_data * const p = plugin_data_singleton; mbedtls_ctr_drbg_free(&p->ctr_drbg); @@ -1395,8 +1397,14 @@ mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p) "ssl.openssl.ssl-conf-cmd = (\"MinProtocol\" => \"SSLv3\")"); break; case 10:/* ssl.stek-file */ + #ifdef MBEDTLS_SSL_SESSION_TICKETS if (!buffer_is_empty(cpv->v.b)) p->ssl_stek_file = cpv->v.b->ptr; + #else + log_error(srv->errh, __FILE__, __LINE__, "MTLS: " + "ssl.stek-file ignored; mbedtls library not built with " + "support for SSL session tickets"); + #endif break; default:/* should not happen */ break; @@ -2039,11 +2047,13 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_accept) * overlap, and so renegotiation setting is not reset upon connection close. * Once enabled, renegotiation will remain so for this mbedtls_ssl_config. * mbedtls defaults to disable client renegotiation - * (MBEDTLS_SSL_RENEGOTIATION_DISABLED) + * (MBEDTLS_LEGACY_SSL_RENEGOTIATION_DISABLED) * and it is recommended to leave it disabled (lighttpd mbedtls default) */ + #ifdef MBEDTLS_LEGACY_SSL_RENEGOTIATION_ENABLED if (!hctx->conf.ssl_disable_client_renegotiation) - mbedtls_ssl_conf_renegotiation(s->ssl_ctx, - MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_legacy_ssl_conf_renegotiation(s->ssl_ctx, + MBEDTLS_LEGACY_SSL_RENEGOTIATION_ENABLED); + #endif return HANDLER_GO_ON; } |