From 503de43cbddbf6b92dfde0d4d7101bd456c2337a Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 1 Jul 2020 23:19:13 -0400 Subject: [PATCH] build updates for lighttpd Update configure.ac and various #ifdefs to enable WolfSSL to build features for use by lighttpd. Change signature of wolfSSL_GetVersion() to take const arg. Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *) --- configure.ac | 31 +++++++++++++++++-------------- src/ocsp.c | 2 +- src/ssl.c | 5 +++-- wolfssl/internal.h | 2 +- wolfssl/ocsp.h | 4 ++-- wolfssl/ssl.h | 4 ++-- wolfssl/wolfcrypt/asn.h | 2 +- 7 files changed, 27 insertions(+), 23 deletions(-) diff --git a/configure.ac b/configure.ac index 383b4f8be..1439fdc7f 100644 --- a/configure.ac +++ b/configure.ac @@ -719,6 +719,13 @@ AC_ARG_ENABLE([nginx], [ ENABLED_NGINX=no ] ) +# lighty Support +AC_ARG_ENABLE([lighty], + [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], + [ ENABLED_LIGHTY=$enableval ], + [ ENABLED_LIGHTY=no ] + ) + # haproxy compatibility build AC_ARG_ENABLE([haproxy], [AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])], @@ -847,7 +854,7 @@ AC_ARG_ENABLE([opensslextra], [ ENABLED_OPENSSLEXTRA=$enableval ], [ ENABLED_OPENSSLEXTRA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_OPENSSLEXTRA="yes" fi @@ -1656,7 +1663,7 @@ AC_ARG_ENABLE([sessioncerts], [ ENABLED_SESSIONCERTS=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_SESSIONCERTS=yes fi @@ -3097,7 +3104,7 @@ AC_ARG_ENABLE([ocsp], [ ENABLED_OCSP=no ], ) -if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_OCSP=yes fi @@ -3129,7 +3136,7 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST="yes" fi @@ -3154,7 +3161,7 @@ AC_ARG_ENABLE([ocspstapling2], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes fi @@ -3180,7 +3187,7 @@ AC_ARG_ENABLE([crl], ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_CRL=yes fi @@ -3533,7 +3540,7 @@ AC_ARG_ENABLE([session-ticket], [ ENABLED_SESSION_TICKET=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_SESSION_TICKET=yes fi @@ -3562,7 +3569,7 @@ AC_ARG_ENABLE([tlsx], [ ENABLED_TLSX=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_TLSX=yes fi @@ -3891,12 +3898,6 @@ then fi fi -# lighty Support -AC_ARG_ENABLE([lighty], - [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], - [ ENABLED_LIGHTY=$enableval ], - [ ENABLED_LIGHTY=no ] - ) if test "$ENABLED_LIGHTY" = "yes" then # Requires opensslextra make sure on @@ -3906,6 +3907,8 @@ then AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" fi AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" fi if test "$ENABLED_NGINX" = "yes" diff --git a/src/ocsp.c b/src/ocsp.c index 856b2d81c..a932d74d5 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -494,7 +494,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, } #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) + defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/src/ssl.c b/src/ssl.c index b1c0a9871..63cd94b15 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4041,7 +4041,7 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version) /* Function to get version as WOLFSSL_ enum value for wolfSSL_SetVersion */ -int wolfSSL_GetVersion(WOLFSSL* ssl) +int wolfSSL_GetVersion(const WOLFSSL* ssl) { if (ssl == NULL) return BAD_FUNC_ARG; @@ -44517,7 +44517,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_ALPN void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7b524c43d..16e0e94c4 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2808,7 +2808,7 @@ struct WOLFSSL_CTX { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) +#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 5159d4c43..df7f5b91e 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -38,7 +38,7 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ - defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; typedef struct OcspRequest WOLFSSL_OCSP_CERTID; @@ -62,7 +62,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp OcspEntry *entry, OcspRequest *ocspRequest); #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) + defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID *id, int *status, int *reason, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6f99f74ed..919ff8bb3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2392,7 +2392,7 @@ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); /* moved to asn.c, old names kept for backwards compatibility */ @@ -2929,7 +2929,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index bbb6620cc..377577dad 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1262,7 +1262,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn;