feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #855 from insane-adding-machines/master

Browse Source 
Added support for HAproxy load balancer
This commit is contained in:
toddouska
2017-04-28 13:10:58 -07:00
committed by GitHub
parent 885b301e72 08787621ea
commit 4387e1f08e
19 changed files with 493 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
configure.ac
View File

@ -191,6 +191,7 @@ then
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
enable_haproxy=yes
enable_stunnel=yes
enable_nginx=yes
enable_pwdbased=yes
@ -281,6 +282,14 @@ AC_ARG_ENABLE([nginx],
[ ENABLED_NGINX=no ]
)
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
[ --enable-haproxy Enable haproxy (default: disabled)],
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
@ -1828,9 +1837,10 @@ AC_ARG_ENABLE([ocspstapling],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST=yes
echo "ELLO"
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
@ -1855,7 +1865,7 @@ AC_ARG_ENABLE([ocspstapling2],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
@ -1883,7 +1893,7 @@ AC_ARG_ENABLE([crl],
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CRL=yes
fi
@ -2160,7 +2170,7 @@ AC_ARG_ENABLE([session-ticket],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes"
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SESSION_TICKET=yes
fi
@ -2189,7 +2199,7 @@ AC_ARG_ENABLE([tlsx],
[ ENABLED_TLSX=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_TLSX=yes
fi
@ -2440,6 +2450,21 @@ fi
if test "$ENABLED_NGINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
fi
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
@ -3587,6 +3612,7 @@ echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * HAPROXY: $ENABLED_HAPROXY"
echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * NGINX: $ENABLED_NGINX"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"

18
src/internal.c
View File

@ -105,7 +105,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#if !defined(NO_RSA) || defined(HAVE_ECC)
static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32);
#endif
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
static int SNI_Callback(WOLFSSL* ssl);
#endif
#ifdef WOLFSSL_DTLS
@ -1497,7 +1497,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
ctx->ca_names = next;
}
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
while (ctx->x509Chain != NULL) {
WOLFSSL_STACK *next = ctx->x509Chain->next;
wolfSSL_X509_free(ctx->x509Chain->data.x509);
@ -3601,7 +3601,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#ifdef HAVE_ALPN
ssl->alpn_client_list = NULL;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
ssl->alpnSelect = ctx->alpnSelect;
ssl->alpnSelectArg = ctx->alpnSelectArg;
#endif
@ -11852,7 +11852,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
if (ret == 0) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
@ -11955,7 +11955,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
if (ret == 0) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
@ -12030,7 +12030,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
&ssl->ctx->cm->ocsp_stapling->ocspLock);
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
@ -12058,7 +12058,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
else {
while (ret == 0 &&
NULL != (request = ssl->ctx->chainOcspRequest[i])) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
@ -20307,7 +20307,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
totalExtSz, 1, &clSuites)))
return ret;
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if((ret=SNI_Callback(ssl)))
return ret;
ssl->options.side = WOLFSSL_SERVER_END;
@ -22004,7 +22004,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
static int SNI_Callback(WOLFSSL* ssl)
{
/* Stunnel supports a custom sni callback to switch an SSL's ctx

4
src/ocsp.c
View File

@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
if (ret != OCSP_INVALID_STATUS)
return ret;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) {
ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx);
if (ret == 0) {
@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
return ret;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,

363
src/ssl.c
View File

@ -2630,7 +2630,8 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
FreeOCSP(cm->ocsp, 1);
XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(WOLFSSL_HAPROXY)
if (cm->ocsp_stapling)
FreeOCSP(cm->ocsp_stapling, 1);
#endif
@ -10931,7 +10932,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_ERR_get_error");
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
{
unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL,
NULL, NULL);
@ -12513,7 +12514,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
{
WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
#if defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wc_ClearErrorNodes();
#endif
}
@ -13944,6 +13945,20 @@ void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
}
XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
}
int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in)
{
/*
ASN1_STRING_to_UTF8() converts the string in to UTF8 format,
the converted data is allocated in a buffer in *out.
The length of out is returned or a negative error code.
The buffer *out should be free using OPENSSL_free().
*/
(void)out;
(void)in;
WOLFSSL_STUB("ASN1_STRING_to_UTF8");
return -1;
}
#endif /* NO_ASN */
@ -14547,7 +14562,6 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
return 0;
}
int wolfSSL_COMP_add_compression_method(int method, void* data)
{
(void)method;
@ -15355,7 +15369,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
}
#if defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
{
char buf[MAX_TIME_STRING_SZ];
@ -15373,7 +15387,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len)
{
int format;
@ -15462,7 +15476,7 @@ unsigned long wolfSSL_ERR_peek_error(void)
int wolfSSL_ERR_GET_REASON(unsigned long err)
{
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* Nginx looks for this error to know to stop parsing certificates. */
if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE))
return PEM_R_NO_START_LINE;
@ -15651,12 +15665,31 @@ long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
}
#endif /* HAVE_PK_CALLBACKS */
#ifdef WOLFSSL_HAPROXY
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
{
const byte *c = wolfSSL_SESSION_get_id((SSL_SESSION *)sess, sid_ctx_length);
return c;
}
#endif
/*** TBD ***/
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st)
{
(void)st;
WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero");
//wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION);
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
{
(void)s;
(void)type;
return 0;
WOLFSSL_STUB("wolfSSL_set_tlsext_status_type");
return SSL_FAILURE;
}
/*** TBD ***/
@ -15664,7 +15697,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
return 0;
WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts");
return SSL_FAILURE;
}
/*** TBD ***/
@ -15672,7 +15706,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
return 0;
WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts");
return SSL_FAILURE;
}
/*** TBD ***/
@ -15680,7 +15715,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
return 0;
WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids");
return SSL_FAILURE;
}
/*** TBD ***/
@ -15688,7 +15724,192 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
return 0;
WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
{
(void)s;
(void)sid;
(void)sid_len;
WOLFSSL_STUB("SSL_SESSION_set1_id");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
{
(void)s;
(void)sid_ctx;
(void)sid_ctx_len;
WOLFSSL_STUB("SSL_SESSION_set1_id_context");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x)
{
(void)x;
WOLFSSL_STUB("X509_get0_tbs_sigalg");
return NULL;
}
/*** TBD ***/
WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor)
{
(void)paobj;
(void)pptype;
(void)ppval;
(void)algor;
WOLFSSL_STUB("X509_ALGOR_get0");
}
/*** TBD ***/
WOLFSSL_API void *X509_get_X509_PUBKEY(void * x)
{
(void)x;
WOLFSSL_STUB("X509_get_X509_PUBKEY");
return NULL;
}
/*** TBD ***/
WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub)
{
(void)ppkalg;
(void)pk;
(void)ppklen;
(void)pa;
(void)pub;
WOLFSSL_STUB("X509_PUBKEY_get0_param");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
{
(void)ssl;
WOLFSSL_STUB("SSL_get_privatekey");
return NULL;
}
/*** TBD ***/
WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey)
{
(void)pkey;
WOLFSSL_STUB("EVP_PKEY_bits");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out)
{
(void)x;
(void)out;
WOLFSSL_STUB("i2d_X509");
return -1;
}
/*** TBD ***/
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
{
(void)buf;
(void)buf_len;
(void)a;
WOLFSSL_STUB("i2t_ASN1_OBJECT");
return -1;
}
/*** TBD ***/
WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count)
{
(void)s;
(void)buf;
(void)count;
WOLFSSL_STUB("SSL_get_finished");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count)
{
(void)s;
(void)buf;
(void)count;
WOLFSSL_STUB("SSL_get_peer_finished");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
{
(void)ctx;
(void)dh;
WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback");
}
/*** TBD ***/
WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
WOLFSSL_STUB("SSL_COMP_get_compression_methods");
return NULL;
}
/*** TBD ***/
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p)
{
(void)p;
WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_num");
return -1;
}
#if !defined(NO_FILESYSTEM)
/*** TBD ***/
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u)
{
(void)fp;
(void)x;
(void)cb;
(void)u;
WOLFSSL_STUB("PEM_read_X509");
return NULL;
}
/*** TBD ***/
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u)
{
(void)fp;
(void)x;
(void)cb;
(void)u;
WOLFSSL_STUB("PEM_read_PrivateKey");
return NULL;
}
#endif
/*** TBD ***/
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir)
{
(void)ctx;
(void)file;
(void)dir;
WOLFSSL_STUB("X509_STORE_load_locations");
return SSL_FAILURE;
}
/*** TBD ***/
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx)
{
(void)ciphers;
(void)idx;
WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value");
return NULL;
}
WOLFSSL_API void ERR_load_SSL_strings(void)
{
}
WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
@ -21236,11 +21457,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
int wolfSSL_EVP_PKEY_type(int type)
{
(void)type;
(void) type;
WOLFSSL_MSG("wolfSSL_EVP_PKEY_type always returns EVP_PKEY_RSA");
return EVP_PKEY_RSA;
}
WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented");
return SSL_FATAL_ERROR;
int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey)
{
return EVP_PKEY_type(pkey->type);
}
@ -21811,7 +22035,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0)
break;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (l == 0)
WOLFSSL_ERROR(SSL_NO_PEM_HEADER);
#endif
@ -21873,7 +22097,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_POCO_LIB)
defined(HAVE_POCO_LIB) || defined (WOLFSSL_HAPROXY)
unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
@ -21922,12 +22146,30 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
}
int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
(void)b;
(void)name;
WOLFSSL_ENTER("wolfSSL_BIO_read_filename");
WOLFSSL_STUB("wolfSSL_BIO_read_filename");
#ifndef NO_FILESYSTEM
XFILE fp;
WOLFSSL_ENTER("wolfSSL_BIO_new_file");
return 0;
if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL))
{
XFCLOSE(fp);
}
fp = XFOPEN(name, "r");
if (fp == NULL)
return SSL_BAD_FILE;
if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) {
return SSL_BAD_FILE;
}
return SSL_SUCCESS;
#else
(void)name;
(void)b;
return SSL_NOT_IMPLEMENTED;
#endif
}
#ifdef HAVE_ECC
@ -21988,21 +22230,13 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
}
void* wolfSSL_get_app_data( const WOLFSSL *ssl)
{
void* wolfSSL_get_app_data( const WOLFSSL *ssl) {
/* checkout exdata stuff... */
(void)ssl;
WOLFSSL_ENTER("wolfSSL_get_app_data");
WOLFSSL_STUB("wolfSSL_get_app_data");
return 0;
return wolfSSL_get_ex_data(ssl,0);
}
void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
(void)ssl;
(void)arg;
WOLFSSL_ENTER("wolfSSL_set_app_data");
WOLFSSL_STUB("wolfSSL_set_app_data");
int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
return wolfSSL_set_ex_data(ssl,0,(char *)arg);
}
WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
@ -22068,7 +22302,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
return NULL;
}
#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB */
#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
#endif /* OPENSSL_EXTRA */
@ -22083,7 +22317,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
(void)line;
(void)file;
#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL)
#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY)
{
int ret;
@ -22317,7 +22551,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY)
char * wolfSSL_OBJ_nid2ln(int n) {
(void)n;
WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln");
@ -22576,7 +22810,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
}
#endif /* OPENSSL_EXTRA && !NO_DH */
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */
/* stunnel compatibility functions*/
@ -22938,7 +23172,6 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
#endif /* NO_WOLFSSL_SERVER */
#endif /* HAVE_SNI */
WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
{
if (ssl && ctx && SetSSL_CTX(ssl, ctx, 0) == SSL_SUCCESS)
@ -23462,7 +23695,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
*flags = 0;
}
#if defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
{
int ret = 0;
@ -23491,7 +23724,15 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
}
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
{
(void)ssl;
WOLFSSL_STUB("wolfSSL_get_ciphers_compat");
return NULL;
}
void wolfSSL_OPENSSL_config(char *config_name)
{
WOLFSSL_STUB("wolfSSL_OPENSSL_config");
@ -24161,9 +24402,45 @@ void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
ctx->alpnSelectArg = arg;
}
}
void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
int (*cb) (WOLFSSL *ssl,
const unsigned char
**out,
unsigned int *outlen,
void *arg), void *arg)
{
(void)s;
(void)cb;
(void)arg;
WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb");
}
void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
int (*cb) (WOLFSSL *ssl,
unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg)
{
(void)s;
(void)cb;
(void)arg;
WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb");
}
void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
unsigned *len)
{
(void)s;
(void)data;
(void)len;
WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated");
}
#endif /* HAVE_ALPN */
#endif /* WOLFSSL_NGINX */
#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */
#ifdef OPENSSL_EXTRA
int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)

6
src/tls.c
View File

@ -1130,7 +1130,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
extension = TLSX_Find(ssl->ctx->extensions,
TLSX_APPLICATION_LAYER_PROTOCOL);
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (ssl->alpnSelect != NULL) {
const byte* out;
unsigned char outLen;
@ -2277,7 +2277,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
switch (csr->status_type) {
case WOLFSSL_CSR_OCSP:
if (ssl->ctx->cm->ocspEnabled) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
csr->request.ocsp.ssl = ssl;
#endif
return CheckOcspRequest(ssl->ctx->cm->ocsp,
@ -2691,7 +2691,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
case WOLFSSL_CSR2_OCSP_MULTI:
if (ssl->ctx->cm->ocspEnabled) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
csr2->request.ocsp[0].ssl = ssl;
#endif
return CheckOcspRequest(ssl->ctx->cm->ocsp,

2
tests/api.c
View File

@ -2005,7 +2005,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
#if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE))
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY)
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
{

6
wolfcrypt/src/asn.c
View File

@ -3870,7 +3870,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
}
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int GetTimeString(byte* date, int format, char* buf, int len)
{
struct tm t;
@ -9880,7 +9880,7 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->thisDateAsn = source + idx;
#endif
if (GetBasicDate(source, &idx, cs->thisDate,
@ -9901,7 +9901,7 @@ static int DecodeSingleResponse(byte* source,
idx++;
if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->nextDateAsn = source + idx;
#endif
if (GetBasicDate(source, &idx, cs->nextDate,

8
wolfcrypt/src/logging.c
View File

@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
* mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function
* name where WOLFSSL_ERROR is called at.
*/
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
const char* file, void* usrCtx)
@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error)
}
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
/* Internal function that is called by wolfCrypt_Init() */
@ -313,7 +313,7 @@ int wc_LoggingCleanup(void)
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* peek at an error node
*
* index : if -1 then the most recent node is looked at, otherwise search
@ -499,7 +499,7 @@ void wc_ClearErrorNodes(void)
wc_last_node = NULL;
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
int wc_SetLoggingHeap(void* h)

12
wolfssl/internal.h
View File

@ -1458,7 +1458,7 @@ struct WOLFSSL_OCSP {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
OcspEntry* ocspList; /* OCSP response list */
wolfSSL_Mutex ocspLock; /* OCSP list lock */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
int(*statusCb)(WOLFSSL*, void*);
#endif
};
@ -1944,7 +1944,7 @@ struct WOLFSSL_CTX {
#ifdef OPENSSL_EXTRA
STACK_OF(WOLFSSL_X509_NAME)* ca_names;
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
STACK_OF(WOLFSSL_X509)* x509Chain;
#endif
DerBuffer* privateKey;
@ -2030,11 +2030,11 @@ struct WOLFSSL_CTX {
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
#endif
#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX)
#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
CallbackSniRecv sniRecvCb;
void* sniRecvCbArg;
#endif
@ -2941,7 +2941,7 @@ struct WOLFSSL {
#endif /* user turned on */
#ifdef HAVE_ALPN
char* alpn_client_list; /* keep the client's list */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
@ -2955,7 +2955,7 @@ struct WOLFSSL {
#ifdef OPENSSL_EXTRA
byte* ocspResp;
int ocspRespSz;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
char* url;
#endif
#endif

4
wolfssl/ocsp.h
View File

@ -37,7 +37,7 @@
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,

4
wolfssl/openssl/crypto.h
View File

@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
#define SSLEAY_VERSION 0x0090600fL
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
#define FIPS_mode wolfSSL_FIPS_mode
#define FIPS_mode_set wolfSSL_FIPS_mode_set
@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
#define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL)
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#endif /* header */

2
wolfssl/openssl/opensslv.h
View File

@ -5,7 +5,7 @@
/* api version compatibility */
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x10001000L

11
wolfssl/openssl/pem.h
View File

@ -99,12 +99,23 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
WOLFSSL_API
int wolfSSL_EVP_PKEY_type(int type);
WOLFSSL_API
int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
#if !defined(NO_FILESYSTEM)
WOLFSSL_API
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
WOLFSSL_API
WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x,
pem_password_cb *cb, void *u);
WOLFSSL_API
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x,
pem_password_cb *cb, void *u);
#endif /* NO_FILESYSTEM */
#define PEM_read_X509 wolfSSL_PEM_read_X509
#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey
#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey
/* RSA */
#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey

29
wolfssl/openssl/ssl.h
View File

@ -118,6 +118,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_use_PrivateKey wolfSSL_use_PrivateKey
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
#define SSL_get_privatekey wolfSSL_get_privatekey
#define SSLv23_method wolfSSLv23_method
#define SSLv3_server_method wolfSSLv3_server_method
@ -322,6 +323,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define EVP_PKEY_new wolfSSL_PKEY_new
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
@ -338,6 +341,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
@ -473,7 +477,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_POCO_LIB)
defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY)
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_NAME_free wolfSSL_X509_NAME_free
@ -508,7 +512,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB */
#ifdef WOLFSSL_HAPROXY
#define SSL_get_rbio wolfSSL_SSL_get_rbio
#define SSL_get_wbio wolfSSL_SSL_get_wbio
#define SSL_do_handshake wolfSSL_SSL_do_handshake
#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x)
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num
#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
#endif /* WOLFSSL_HAPROXY */
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
@ -703,7 +720,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
#define NID_tlsfeature 92 /* id-pe 24 */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#include <wolfssl/error-ssl.h>
#define OPENSSL_STRING WOLFSSL_STRING
@ -714,7 +733,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
/* Nginx checks these to see if the error was a handshake error. */
#define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR
#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E
@ -775,6 +793,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
#define SSL_select_next_proto wolfSSL_select_next_proto
#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb
#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb
#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated
#endif

80
wolfssl/ssl.h
View File

@ -490,6 +490,7 @@ WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop(
STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*);
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*);
@ -1688,7 +1689,7 @@ enum {
WOLFSSL_MAX_ALPN_NUMBER = 257
};
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
unsigned char* outLen, const unsigned char* in, unsigned int inLen,
void *arg);
@ -1964,7 +1965,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
WOLFSSL_API void wolfSSL_cert_service(void);
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
char* buf, int len);
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
@ -1992,6 +1993,7 @@ WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
unsigned char* der, long derSz);
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
#ifndef NO_RSA
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
long derSz);
@ -2035,6 +2037,7 @@ struct WOLFSSL_X509_NAME_ENTRY {
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
@ -2046,7 +2049,7 @@ WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
@ -2060,6 +2063,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n);
@ -2078,7 +2082,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#include <wolfssl/openssl/crypto.h>
@ -2174,10 +2178,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_NGINX)
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);
@ -2210,7 +2214,7 @@ WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
int *line, const char **data, int *flags);
#endif
#ifdef WOLFSSL_NGINX
#if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY
/* Not an OpenSSL API. */
WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
/* Not an OpenSSL API. */
@ -2277,19 +2281,59 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
#endif /* WOLFSSL_NGINX */
WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
const unsigned char **data, unsigned int *len);
const unsigned char **data, unsigned int *len);
WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
int (*cb) (WOLFSSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
int (*cb) (WOLFSSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
int (*cb) (WOLFSSL *ssl,
const unsigned char **out,
unsigned int *outlen,
void *arg), void *arg);
WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
int (*cb) (WOLFSSL *ssl,
unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
unsigned *len);
#ifdef WOLFSSL_HAPROXY
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
#endif
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor);
WOLFSSL_API void *X509_get_X509_PUBKEY(void * x);
WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub);
WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);
WOLFSSL_API void ERR_load_SSL_strings(void);
#ifdef __cplusplus
} /* extern "C" */

8
wolfssl/wolfcrypt/asn.h
View File

@ -193,7 +193,7 @@ enum Misc_ASN {
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
TRAILING_ZERO = 1, /* Used for size of zero pad */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */
#endif
};
@ -743,7 +743,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
word32* oidSz, int* algoID, void* heap);
typedef struct tm wolfssl_tm;
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
#endif
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
@ -873,7 +873,7 @@ struct CertStatus {
byte nextDate[MAX_DATE_SIZE];
byte thisDateFormat;
byte nextDateFormat;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
byte* thisDateAsn;
byte* nextDateAsn;
#endif
@ -924,7 +924,7 @@ struct OcspRequest {
int nonceSz;
void* heap;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
void* ssl;
#endif
};

2
wolfssl/wolfcrypt/logging.h
View File

@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
#endif /* DEBUG_WOLFSSL */
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
const char* file, void* ctx);

5
wolfssl/wolfcrypt/settings.h
View File

@ -1528,7 +1528,7 @@ extern void uITRON4_free(void *p) ;
#undef HAVE_GMTIME_R /* don't trust macro with windows */
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
#define OPENSSL_NO_ENGINE
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
@ -1547,6 +1547,9 @@ extern void uITRON4_free(void *p) ;
#ifndef HAVE_SNI
#define HAVE_SNI
#endif
#endif
#if defined(WOLFSSL_NGINX)
#define SSL_CTRL_SET_TLSEXT_HOSTNAME
#endif

2
wolfssl/wolfcrypt/types.h
View File

@ -293,7 +293,7 @@
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#ifndef USE_WINDOWS_API
#define XSNPRINTF snprintf
#else