Hello! On Tue, Apr 15, 2014 at 12:44:37PM -0700, Piotr Sikora wrote:
> Hey Maxim, > > >> - If nginx was compiled with OpenSSL 1.0.2, but used with an > >> older version, things will not work at all; this is not something > >> completely unacceptable, but it's something we may want to > >> avoid. > > > > Will look into it. > > How about adding check to make sure that OpenSSL version nginx was > built against (i.e. version info from the headers) matches the version > from the library we're loading (i.e. version info from the runtime)? I don't think check per se is a good idea - in particular, nginx should be able to start with any newer version of OpenSSL. If there is no easy solution (like, e.g., with SNI, where we check SSL_CTX_set_tlsext_servername_callback() result and act accordingly) - there is no need to bother. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
