Merge branch 'Sp1l-master'
This commit is contained in:
commit
2ae83e871b
|
@ -1199,6 +1199,7 @@ int read_tls_sct_from_dir(std::vector<uint8_t> &dst, const StringRef &opt,
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
// Reads PSK secrets from path, and parses each line. The result is
|
// Reads PSK secrets from path, and parses each line. The result is
|
||||||
// directly stored into config->tls.psk_secrets. This function
|
// directly stored into config->tls.psk_secrets. This function
|
||||||
|
@ -1262,7 +1263,9 @@ int parse_psk_secrets(Config *config, const StringRef &path) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
// Reads PSK secrets from path, and parses each line. The result is
|
// Reads PSK secrets from path, and parses each line. The result is
|
||||||
// directly stored into config->tls.client.psk. This function returns
|
// directly stored into config->tls.client.psk. This function returns
|
||||||
|
@ -1322,6 +1325,7 @@ int parse_client_psk_secrets(Config *config, const StringRef &path) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
// generated by gennghttpxfun.py
|
// generated by gennghttpxfun.py
|
||||||
int option_lookup_token(const char *name, size_t namelen) {
|
int option_lookup_token(const char *name, size_t namelen) {
|
||||||
|
@ -3284,9 +3288,23 @@ int parse_config(Config *config, int optid, const StringRef &opt,
|
||||||
return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
|
return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
|
||||||
optarg);
|
optarg);
|
||||||
case SHRPX_OPTID_PSK_SECRETS:
|
case SHRPX_OPTID_PSK_SECRETS:
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
return parse_psk_secrets(config, optarg);
|
return parse_psk_secrets(config, optarg);
|
||||||
|
#else // LIBRESSL_IN_USE
|
||||||
|
LOG(WARN)
|
||||||
|
<< opt
|
||||||
|
<< ": ignored because underlying TLS library does not support PSK";
|
||||||
|
return 0;
|
||||||
|
#endif // LIBRESSL_IN_USE
|
||||||
case SHRPX_OPTID_CLIENT_PSK_SECRETS:
|
case SHRPX_OPTID_CLIENT_PSK_SECRETS:
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
return parse_client_psk_secrets(config, optarg);
|
return parse_client_psk_secrets(config, optarg);
|
||||||
|
#else // LIBRESSL_IN_USE
|
||||||
|
LOG(WARN)
|
||||||
|
<< opt
|
||||||
|
<< ": ignored because underlying TLS library does not support PSK";
|
||||||
|
return 0;
|
||||||
|
#endif // LIBRESSL_IN_USE
|
||||||
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
|
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
|
||||||
config->tls.client.no_http2_cipher_black_list =
|
config->tls.client.no_http2_cipher_black_list =
|
||||||
util::strieq_l("yes", optarg);
|
util::strieq_l("yes", optarg);
|
||||||
|
|
|
@ -525,6 +525,7 @@ int sct_parse_cb(SSL *ssl, unsigned int ext_type, const unsigned char *in,
|
||||||
} // namespace
|
} // namespace
|
||||||
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
||||||
unsigned int max_psk_len) {
|
unsigned int max_psk_len) {
|
||||||
|
@ -548,7 +549,9 @@ unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
||||||
return static_cast<unsigned int>(secret.size());
|
return static_cast<unsigned int>(secret.size());
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
namespace {
|
namespace {
|
||||||
unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
||||||
unsigned int max_identity_len, unsigned char *psk,
|
unsigned int max_identity_len, unsigned char *psk,
|
||||||
|
@ -581,6 +584,7 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
||||||
return (unsigned int)secret.size();
|
return (unsigned int)secret.size();
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
struct TLSProtocol {
|
struct TLSProtocol {
|
||||||
StringRef name;
|
StringRef name;
|
||||||
|
@ -784,7 +788,9 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
|
||||||
}
|
}
|
||||||
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
|
SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
auto tls_ctx_data = new TLSContextData();
|
auto tls_ctx_data = new TLSContextData();
|
||||||
tls_ctx_data->cert_file = cert_file;
|
tls_ctx_data->cert_file = cert_file;
|
||||||
|
@ -919,7 +925,9 @@ SSL_CTX *create_ssl_client_context(
|
||||||
#endif // HAVE_NEVERBLEED
|
#endif // HAVE_NEVERBLEED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !LIBRESSL_IN_USE
|
||||||
SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
|
SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
|
||||||
|
#endif // !LIBRESSL_IN_USE
|
||||||
|
|
||||||
// NPN selection callback. This is required to set SSL_CTX because
|
// NPN selection callback. This is required to set SSL_CTX because
|
||||||
// OpenSSL does not offer SSL_set_next_proto_select_cb.
|
// OpenSSL does not offer SSL_set_next_proto_select_cb.
|
||||||
|
|
Loading…
Reference in New Issue