diff --git a/src/shrpx.cc b/src/shrpx.cc index e8477e09..b636cba4 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -2119,7 +2119,6 @@ SSL/TLS: argument , or certificate option in configuration file. For additional certificates, use --subcert option. This option requires OpenSSL >= 1.0.2. -#if !LIBRESSL_IN_USE --psk-secrets= Read list of PSK identity and secrets from . This is used for frontend connection. The each line of input @@ -2147,7 +2146,6 @@ SSL/TLS: HTTP/2. To use those cipher suites with HTTP/2, consider to use --client-no-http2-cipher-black-list option. But be aware its implications. -#endif // !LIBRESSL_IN_USE HTTP/2 and SPDY: -c, --frontend-http2-max-concurrent-streams= @@ -3127,10 +3125,8 @@ int main(int argc, char **argv) { {SHRPX_OPT_DNS_MAX_TRY.c_str(), required_argument, &flag, 145}, {SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT.c_str(), required_argument, &flag, 146}, -#if !LIBRESSL_IN_USE {SHRPX_OPT_PSK_SECRETS.c_str(), required_argument, &flag, 147}, {SHRPX_OPT_CLIENT_PSK_SECRETS.c_str(), required_argument, &flag, 148}, -#endif {SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST.c_str(), no_argument, &flag, 149}, {SHRPX_OPT_CLIENT_CIPHERS.c_str(), required_argument, &flag, 150}, @@ -3825,7 +3821,6 @@ int main(int argc, char **argv) { cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT, StringRef{optarg}); break; -#if !LIBRESSL_IN_USE case 147: // --psk-secrets cmdcfgs.emplace_back(SHRPX_OPT_PSK_SECRETS, StringRef{optarg}); @@ -3834,7 +3829,6 @@ int main(int argc, char **argv) { // --client-psk-secrets cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PSK_SECRETS, StringRef{optarg}); break; -#endif // !LIBRESSL_IN_USE case 149: // --client-no-http2-cipher-black-list cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST, diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index bf5486ce..6a241efa 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -1494,12 +1494,10 @@ int option_lookup_token(const char *name, size_t namelen) { if (util::strieq_l("ecdh-curve", name, 10)) { return SHRPX_OPTID_ECDH_CURVES; } -#if !LIBRESSL_IN_USE if (util::strieq_l("psk-secret", name, 10)) { return SHRPX_OPTID_PSK_SECRETS; } break; -#endif case 't': if (util::strieq_l("write-burs", name, 10)) { return SHRPX_OPTID_WRITE_BURST; @@ -1689,13 +1687,11 @@ int option_lookup_token(const char *name, size_t namelen) { return SHRPX_OPTID_ADD_REQUEST_HEADER; } break; -#if !LIBRESSL_IN_USE case 's': if (util::strieq_l("client-psk-secret", name, 17)) { return SHRPX_OPTID_CLIENT_PSK_SECRETS; } break; -#endif // !LIBRESSL_IN_USE case 't': if (util::strieq_l("dns-lookup-timeou", name, 17)) { return SHRPX_OPTID_DNS_LOOKUP_TIMEOUT; @@ -3291,12 +3287,24 @@ int parse_config(Config *config, int optid, const StringRef &opt, case SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT: return parse_duration(&config->conn.upstream.timeout.idle_read, opt, optarg); -#if !LIBRESSL_IN_USE case SHRPX_OPTID_PSK_SECRETS: +#if !LIBRESSL_IN_USE return parse_psk_secrets(config, optarg); +#else // LIBRESSL_IN_USE + LOG(WARN) + << opt + << ": ignored because underlying TLS library does not support PSK"; + return 0; +#endif // LIBRESSL_IN_USE case SHRPX_OPTID_CLIENT_PSK_SECRETS: +#if !LIBRESSL_IN_USE return parse_client_psk_secrets(config, optarg); -#endif // !LIBRESSL_IN_USE +#else // LIBRESSL_IN_USE + LOG(WARN) + << opt + << ": ignored because underlying TLS library does not support PSK"; + return 0; +#endif // LIBRESSL_IN_USE case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST: config->tls.client.no_http2_cipher_black_list = util::strieq_l("yes", optarg);