nghttpx: Don't build PSK features with LibreSSL
LibreSSL removed PSK Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
This commit is contained in:
parent
b72c5f104e
commit
16be89f9cc
|
@ -2119,6 +2119,7 @@ SSL/TLS:
|
||||||
argument <CERT>, or certificate option in configuration
|
argument <CERT>, or certificate option in configuration
|
||||||
file. For additional certificates, use --subcert
|
file. For additional certificates, use --subcert
|
||||||
option. This option requires OpenSSL >= 1.0.2.
|
option. This option requires OpenSSL >= 1.0.2.
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
--psk-secrets=<PATH>
|
--psk-secrets=<PATH>
|
||||||
Read list of PSK identity and secrets from <PATH>. This
|
Read list of PSK identity and secrets from <PATH>. This
|
||||||
is used for frontend connection. The each line of input
|
is used for frontend connection. The each line of input
|
||||||
|
@ -2146,6 +2147,7 @@ SSL/TLS:
|
||||||
HTTP/2. To use those cipher suites with HTTP/2,
|
HTTP/2. To use those cipher suites with HTTP/2,
|
||||||
consider to use --client-no-http2-cipher-black-list
|
consider to use --client-no-http2-cipher-black-list
|
||||||
option. But be aware its implications.
|
option. But be aware its implications.
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
HTTP/2 and SPDY:
|
HTTP/2 and SPDY:
|
||||||
-c, --frontend-http2-max-concurrent-streams=<N>
|
-c, --frontend-http2-max-concurrent-streams=<N>
|
||||||
|
@ -3125,8 +3127,10 @@ int main(int argc, char **argv) {
|
||||||
{SHRPX_OPT_DNS_MAX_TRY.c_str(), required_argument, &flag, 145},
|
{SHRPX_OPT_DNS_MAX_TRY.c_str(), required_argument, &flag, 145},
|
||||||
{SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT.c_str(), required_argument,
|
{SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT.c_str(), required_argument,
|
||||||
&flag, 146},
|
&flag, 146},
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
{SHRPX_OPT_PSK_SECRETS.c_str(), required_argument, &flag, 147},
|
{SHRPX_OPT_PSK_SECRETS.c_str(), required_argument, &flag, 147},
|
||||||
{SHRPX_OPT_CLIENT_PSK_SECRETS.c_str(), required_argument, &flag, 148},
|
{SHRPX_OPT_CLIENT_PSK_SECRETS.c_str(), required_argument, &flag, 148},
|
||||||
|
#endif
|
||||||
{SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST.c_str(), no_argument,
|
{SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST.c_str(), no_argument,
|
||||||
&flag, 149},
|
&flag, 149},
|
||||||
{SHRPX_OPT_CLIENT_CIPHERS.c_str(), required_argument, &flag, 150},
|
{SHRPX_OPT_CLIENT_CIPHERS.c_str(), required_argument, &flag, 150},
|
||||||
|
@ -3821,6 +3825,7 @@ int main(int argc, char **argv) {
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT,
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT,
|
||||||
StringRef{optarg});
|
StringRef{optarg});
|
||||||
break;
|
break;
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
case 147:
|
case 147:
|
||||||
// --psk-secrets
|
// --psk-secrets
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_PSK_SECRETS, StringRef{optarg});
|
cmdcfgs.emplace_back(SHRPX_OPT_PSK_SECRETS, StringRef{optarg});
|
||||||
|
@ -3829,6 +3834,7 @@ int main(int argc, char **argv) {
|
||||||
// --client-psk-secrets
|
// --client-psk-secrets
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PSK_SECRETS, StringRef{optarg});
|
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PSK_SECRETS, StringRef{optarg});
|
||||||
break;
|
break;
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
case 149:
|
case 149:
|
||||||
// --client-no-http2-cipher-black-list
|
// --client-no-http2-cipher-black-list
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST,
|
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST,
|
||||||
|
|
|
@ -1199,6 +1199,7 @@ int read_tls_sct_from_dir(std::vector<uint8_t> &dst, const StringRef &opt,
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
// Reads PSK secrets from path, and parses each line. The result is
|
// Reads PSK secrets from path, and parses each line. The result is
|
||||||
// directly stored into config->tls.psk_secrets. This function
|
// directly stored into config->tls.psk_secrets. This function
|
||||||
|
@ -1262,7 +1263,9 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
// Reads PSK secrets from path, and parses each line. The result is
|
// Reads PSK secrets from path, and parses each line. The result is
|
||||||
// directly stored into config->tls.client.psk. This function returns
|
// directly stored into config->tls.client.psk. This function returns
|
||||||
|
@ -1322,6 +1325,7 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
// generated by gennghttpxfun.py
|
// generated by gennghttpxfun.py
|
||||||
int option_lookup_token(const char *name, size_t namelen) {
|
int option_lookup_token(const char *name, size_t namelen) {
|
||||||
|
@ -1490,10 +1494,12 @@ int option_lookup_token(const char *name, size_t namelen) {
|
||||||
if (util::strieq_l("ecdh-curve", name, 10)) {
|
if (util::strieq_l("ecdh-curve", name, 10)) {
|
||||||
return SHRPX_OPTID_ECDH_CURVES;
|
return SHRPX_OPTID_ECDH_CURVES;
|
||||||
}
|
}
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
if (util::strieq_l("psk-secret", name, 10)) {
|
if (util::strieq_l("psk-secret", name, 10)) {
|
||||||
return SHRPX_OPTID_PSK_SECRETS;
|
return SHRPX_OPTID_PSK_SECRETS;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
case 't':
|
case 't':
|
||||||
if (util::strieq_l("write-burs", name, 10)) {
|
if (util::strieq_l("write-burs", name, 10)) {
|
||||||
return SHRPX_OPTID_WRITE_BURST;
|
return SHRPX_OPTID_WRITE_BURST;
|
||||||
|
@ -1683,11 +1689,13 @@ int option_lookup_token(const char *name, size_t namelen) {
|
||||||
return SHRPX_OPTID_ADD_REQUEST_HEADER;
|
return SHRPX_OPTID_ADD_REQUEST_HEADER;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
case 's':
|
case 's':
|
||||||
if (util::strieq_l("client-psk-secret", name, 17)) {
|
if (util::strieq_l("client-psk-secret", name, 17)) {
|
||||||
return SHRPX_OPTID_CLIENT_PSK_SECRETS;
|
return SHRPX_OPTID_CLIENT_PSK_SECRETS;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
case 't':
|
case 't':
|
||||||
if (util::strieq_l("dns-lookup-timeou", name, 17)) {
|
if (util::strieq_l("dns-lookup-timeou", name, 17)) {
|
||||||
return SHRPX_OPTID_DNS_LOOKUP_TIMEOUT;
|
return SHRPX_OPTID_DNS_LOOKUP_TIMEOUT;
|
||||||
|
@ -3283,10 +3291,12 @@ int parse_config(Config *config, int optid, const StringRef &opt,
|
||||||
case SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT:
|
case SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT:
|
||||||
return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
|
return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
|
||||||
optarg);
|
optarg);
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
case SHRPX_OPTID_PSK_SECRETS:
|
case SHRPX_OPTID_PSK_SECRETS:
|
||||||
return parse_psk_secrets(config, optarg);
|
return parse_psk_secrets(config, optarg);
|
||||||
case SHRPX_OPTID_CLIENT_PSK_SECRETS:
|
case SHRPX_OPTID_CLIENT_PSK_SECRETS:
|
||||||
return parse_client_psk_secrets(config, optarg);
|
return parse_client_psk_secrets(config, optarg);
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
|
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
|
||||||
config->tls.client.no_http2_cipher_black_list =
|
config->tls.client.no_http2_cipher_black_list =
|
||||||
util::strieq_l("yes", optarg);
|
util::strieq_l("yes", optarg);
|
||||||
|
|
|
@ -525,6 +525,7 @@ int sct_parse_cb(SSL *ssl, unsigned int ext_type, const unsigned char *in,
|
||||||
} // namespace
|
} // namespace
|
||||||
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
||||||
unsigned int max_psk_len) {
|
unsigned int max_psk_len) {
|
||||||
|
@ -548,7 +549,9 @@ unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
||||||
return static_cast<unsigned int>(secret.size());
|
return static_cast<unsigned int>(secret.size());
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
||||||
unsigned int max_identity_len, unsigned char *psk,
|
unsigned int max_identity_len, unsigned char *psk,
|
||||||
|
@ -581,6 +584,7 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
||||||
return (unsigned int)secret.size();
|
return (unsigned int)secret.size();
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
struct TLSProtocol {
|
struct TLSProtocol {
|
||||||
StringRef name;
|
StringRef name;
|
||||||
|
@ -784,7 +788,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
|
||||||
}
|
}
|
||||||
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
|
SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
auto tls_ctx_data = new TLSContextData();
|
auto tls_ctx_data = new TLSContextData();
|
||||||
tls_ctx_data->cert_file = cert_file;
|
tls_ctx_data->cert_file = cert_file;
|
||||||
|
@ -919,7 +925,9 @@ SSL_CTX *create_ssl_client_context(
|
||||||
#endif // HAVE_NEVERBLEED
|
#endif // HAVE_NEVERBLEED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
|
SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
// NPN selection callback. This is required to set SSL_CTX because
|
// NPN selection callback. This is required to set SSL_CTX because
|
||||||
// OpenSSL does not offer SSL_set_next_proto_select_cb.
|
// OpenSSL does not offer SSL_set_next_proto_select_cb.
|
||||||
|
|
Loading…
Reference in New Issue