From 5db17d0af9935c8632eff17dd4c5bcabec876728 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Sat, 14 Apr 2018 17:48:38 +0900 Subject: [PATCH] Compile with libressl 2.7.2 --- src/shrpx_connection.cc | 4 ++-- src/shrpx_tls.cc | 24 ++++++++++++------------ src/ssl_compat.h | 2 ++ 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 31dac3c6..eafda7e9 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -44,13 +44,13 @@ using namespace nghttp2; namespace shrpx { -#if !OPENSSL_1_1_API +#if !LIBRESSL_2_7_API && !OPENSSL_1_1_API void *BIO_get_data(BIO *bio) { return bio->ptr; } void BIO_set_data(BIO *bio, void *ptr) { bio->ptr = ptr; } void BIO_set_init(BIO *bio, int init) { bio->init = init; } -#endif // !OPENSSL_1_1_API +#endif // !LIBRESSL_2_7_API && !OPENSSL_1_1_API Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl, MemchunkPool *mcpool, ev_tstamp write_timeout, diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc index 29da4b41..fc65137d 100644 --- a/src/shrpx_tls.cc +++ b/src/shrpx_tls.cc @@ -565,7 +565,7 @@ int alpn_select_proto_cb(SSL *ssl, const unsigned char **out, } // namespace #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L -#if !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L +#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L #ifndef TLSEXT_TYPE_signed_certificate_timestamp #define TLSEXT_TYPE_signed_certificate_timestamp 18 @@ -655,9 +655,9 @@ int legacy_sct_parse_cb(SSL *ssl, unsigned int ext_type, } // namespace #endif // !OPENSSL_1_1_1_API -#endif // !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L +#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -#if !LIBRESSL_LEGACY_API +#ifndef OPENSSL_NO_PSK namespace { unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) { @@ -681,9 +681,9 @@ unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, return static_cast(secret.size()); } } // namespace -#endif // !LIBRESSL_LEGACY_API +#endif // !OPENSSL_NO_PSK -#if !LIBRESSL_LEGACY_API +#ifndef OPENSSL_NO_PSK namespace { unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out, unsigned int max_identity_len, unsigned char *psk, @@ -716,7 +716,7 @@ unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out, return static_cast(secret.size()); } } // namespace -#endif // !LIBRESSL_LEGACY_API +#endif // !OPENSSL_NO_PSK struct TLSProtocol { StringRef name; @@ -933,7 +933,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr); #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L -#if !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L +#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L // SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp) // returns 1, which means OpenSSL internally handles it. But // OpenSSL handles signed_certificate_timestamp extension specially, @@ -964,11 +964,11 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file, } #endif // !OPENSSL_1_1_1_API } -#endif // !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L +#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L -#if !LIBRESSL_LEGACY_API +#ifndef OPENSSL_NO_PSK SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb); -#endif // !LIBRESSL_LEGACY_API +#endif // !LIBRESSL_NO_PSK auto tls_ctx_data = new TLSContextData(); tls_ctx_data->cert_file = cert_file; @@ -1116,9 +1116,9 @@ SSL_CTX *create_ssl_client_context( #endif // HAVE_NEVERBLEED } -#if !LIBRESSL_LEGACY_API +#ifndef OPENSSL_NO_PSK SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb); -#endif // !LIBRESSL_LEGACY_API +#endif // !OPENSSL_NO_PSK // NPN selection callback. This is required to set SSL_CTX because // OpenSSL does not offer SSL_set_next_proto_select_cb. diff --git a/src/ssl_compat.h b/src/ssl_compat.h index 4391b1b3..777b83c9 100644 --- a/src/ssl_compat.h +++ b/src/ssl_compat.h @@ -29,11 +29,13 @@ #if defined(LIBRESSL_VERSION_NUMBER) #define OPENSSL_1_1_API 0 #define OPENSSL_1_1_1_API 0 +#define LIBRESSL_IN_USE 1 #define LIBRESSL_LEGACY_API (LIBRESSL_VERSION_NUMBER < 0x20700000L) #define LIBRESSL_2_7_API (LIBRESSL_VERSION_NUMBER >= 0x20700000L) #else // !defined(LIBRESSL_VERSION_NUMBER) #define OPENSSL_1_1_API (OPENSSL_VERSION_NUMBER >= 0x1010000fL) #define OPENSSL_1_1_1_API (OPENSSL_VERSION_NUMBER >= 0x10101000L) +#define LIBRESSL_IN_USE 0 #define LIBRESSL_LEGACY_API 0 #define LIBRESSL_2_7_API 0 #endif // !defined(LIBRESSL_VERSION_NUMBER)