commit 0dcfca0301d05b3d5d973c5bdcd24acd14bd2a35
author Piotr Sikora <piotr@cloudflare.com> Wed Jul 30 04:32:15 2014 -0700
committer Piotr Sikora <piotr@cloudflare.com> Wed Jul 30 04:32:15 2014 -0700
tree ee3f3a31aacbb1a28a9865ea99b220f6b19edd4b
parent a57394b3e948f5176e14880651f6ddf53214edd2

SSL: let it build against BoringSSL.

This change adds support for using BoringSSL as a drop-in replacement
for OpenSSL without adding support for any of the BoringSSL-specific
features.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

src/event/ngx_event_openssl.c

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 91c752c..7ee7775 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -106,7 +106,9 @@
 ngx_int_t
 ngx_ssl_init(ngx_log_t *log)
 {
+#ifndef OPENSSL_IS_BORINGSSL
     OPENSSL_config(NULL);
+#endif
 
     SSL_library_init();
     SSL_load_error_strings();
@@ -217,7 +219,10 @@
     SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
 #endif
 
+#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
+#endif
+
     SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
     SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
 
@@ -382,8 +387,13 @@
         if (--tries) {
             n = ERR_peek_error();
 
+#ifdef OPENSSL_IS_BORINGSSL
+            if (ERR_GET_LIB(n) == ERR_LIB_CIPHER
+                && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT)
+#else
             if (ERR_GET_LIB(n) == ERR_LIB_EVP
                 && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
+#endif
             {
                 ERR_clear_error();
                 SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);