SSL_CTX_set_options() return value not checked properly
|Missing in 1.5.x:||Yes|
I updated my OpenSSL version to 1.0.0-rc5, and started getting the following error when trying to start Lighttpd:
$ ./lighttpd -f lighttpd.conf -D 2010-01-28 10:21:07: (network.c.529) SSL: error:2507006C:DSO support routines:DSO_load:functionality not supported
I hadn't needed DSO support in SSL before, but I re-enabled it anyway. This just changed the text of the error:
$ ./lighttpd -f lighttpd.conf -D 2010-01-28 10:23:01: (network.c.529) SSL: error:00000000:lib(0):func(0):reason(0)
Looking at the line in question, it seems that Lighttpd is expecting the return value of SSL_CTX_set_options() to equal the option that was just passed in. This is only true if no other options are set; in 1.0.0-rc5, SSL_OP_LEGACY_SERVER_CONNECT is enabled by default, which causes this check to fail.
The attached patch makes Lighttpd only check to see that the option it requested was set, ignoring the rest of the mask.
Also available in: Atom