wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag

Browse Source 
now haproxy compatible wolfssl builds with:

./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \
iam * ] 2:18 PM
    --disable-fasthugemath --disable-bump \
    --enable-opensslextra \
    --enable-keygen --enable-certgen \
    --disable-ntru --disable-examples \
    --enable-tlsx --enable-haproxy \
    --enable-savecert --enable-savesession --enable-sessioncerts \
    --enable-webserver --enable-sslv3 --enable-stunnel
This commit is contained in:
Daniele Lacamera
2017-04-11 14:18:41 +02:00
parent 25779dfb4f
commit 8f300515bd
18 changed files with 91 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
configure.ac
View File

@@ -277,6 +277,14 @@ AC_ARG_ENABLE([nginx],
[ ENABLED_NGINX=no ]
)
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
[ --enable-haproxy Enable haproxy (default: disabled)],
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
@@ -1763,9 +1771,10 @@ AC_ARG_ENABLE([ocspstapling],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST=yes
echo "ELLO"
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
@@ -1790,7 +1799,7 @@ AC_ARG_ENABLE([ocspstapling2],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
@@ -1818,7 +1827,7 @@ AC_ARG_ENABLE([crl],
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CRL=yes
fi
@@ -2095,7 +2104,7 @@ AC_ARG_ENABLE([session-ticket],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes"
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SESSION_TICKET=yes
fi
@@ -2124,7 +2133,7 @@ AC_ARG_ENABLE([tlsx],
[ ENABLED_TLSX=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_TLSX=yes
fi
@@ -2375,19 +2384,8 @@ fi
if test "$ENABLED_NGINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
fi
# haproxy Support
AC_ARG_ENABLE([haproxy],
[ --enable-haproxy Enable haproxy (default: disabled)],
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
@@ -2399,6 +2397,14 @@ then
fi
fi
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
fi
# stunnel Support
AC_ARG_ENABLE([stunnel],

18
src/internal.c
View File

@@ -105,7 +105,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#if !defined(NO_RSA) || defined(HAVE_ECC)
static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32);
#endif
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
static int SNI_Callback(WOLFSSL* ssl);
#endif
#ifdef WOLFSSL_DTLS
@@ -1468,7 +1468,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
ctx->ca_names = next;
}
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
while (ctx->x509Chain != NULL) {
WOLFSSL_STACK *next = ctx->x509Chain->next;
wolfSSL_X509_free(ctx->x509Chain->data.x509);
@@ -3521,7 +3521,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#endif
#ifdef HAVE_ALPN
ssl->alpn_client_list = NULL;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
ssl->alpnSelect = ctx->alpnSelect;
ssl->alpnSelectArg = ctx->alpnSelectArg;
#endif
@@ -11118,7 +11118,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
if (ret == 0) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
@@ -11219,7 +11219,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
if (ret == 0) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
@@ -11294,7 +11294,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
&ssl->ctx->cm->ocsp_stapling->ocspLock);
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
@@ -11322,7 +11322,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
else {
while (ret == 0 &&
NULL != (request = ssl->ctx->chainOcspRequest[i])) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
request->ssl = ssl;
#endif
ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
@@ -19392,7 +19392,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
totalExtSz, 1, &clSuites)))
return ret;
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if((ret=SNI_Callback(ssl)))
return ret;
ssl->options.side = WOLFSSL_SERVER_END;
@@ -21085,7 +21085,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
static int SNI_Callback(WOLFSSL* ssl)
{
/* Stunnel supports a custom sni callback to switch an SSL's ctx

4
src/ocsp.c
View File

@@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
if (ret != OCSP_INVALID_STATUS)
return ret;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) {
ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx);
if (ret == 0) {
@@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
return ret;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,

33
src/ssl.c
View File

@@ -2425,7 +2425,8 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
FreeOCSP(cm->ocsp, 1);
XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(WOLFSSL_HAPROXY)
if (cm->ocsp_stapling)
FreeOCSP(cm->ocsp_stapling, 1);
#endif
@@ -10713,7 +10714,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_ERR_get_error");
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
{
unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL,
NULL, NULL);
@@ -12269,7 +12270,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
{
WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
#if defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wc_ClearErrorNodes();
#endif
}
@@ -15095,7 +15096,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
}
#if defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
{
char buf[MAX_TIME_STRING_SZ];
@@ -15113,7 +15114,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len)
{
int format;
@@ -15202,7 +15203,7 @@ unsigned long wolfSSL_ERR_peek_error(void)
int wolfSSL_ERR_GET_REASON(unsigned long err)
{
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* Nginx looks for this error to know to stop parsing certificates. */
if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE))
return PEM_R_NO_START_LINE;
@@ -21518,7 +21519,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0)
break;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (l == 0)
WOLFSSL_ERROR(SSL_NO_PEM_HEADER);
#endif
@@ -21571,7 +21572,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
}
#endif /* ifndef NO_CERTS */
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA)
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY)
#ifndef NO_CERTS
void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
FreeX509Name(name, NULL);
@@ -21580,7 +21581,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
#endif /* NO_CERTS */
#endif
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
@@ -21785,7 +21786,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
return NULL;
}
#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL */
#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_HAPROXY */
#endif
@@ -21800,7 +21801,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
(void)line;
(void)file;
#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL)
#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY)
{
int ret;
@@ -22034,7 +22035,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY)
char * wolfSSL_OBJ_nid2ln(int n) {
(void)n;
WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln");
@@ -22293,7 +22294,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
}
#endif /* OPENSSL_EXTRA && !NO_DH */
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */
/* stunnel compatibility functions*/
@@ -23179,7 +23180,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
*flags = 0;
}
#if defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
{
int ret = 0;
@@ -23208,7 +23209,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
}
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
void wolfSSL_OPENSSL_config(char *config_name)
{
WOLFSSL_STUB("wolfSSL_OPENSSL_config");
@@ -23880,7 +23881,7 @@ void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
}
#endif /* HAVE_ALPN */
#endif /* WOLFSSL_NGINX */
#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */
#ifdef OPENSSL_EXTRA
int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)

6
src/tls.c
View File

@@ -1106,7 +1106,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
extension = TLSX_Find(ssl->ctx->extensions,
TLSX_APPLICATION_LAYER_PROTOCOL);
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
if (ssl->alpnSelect != NULL) {
const byte* out;
unsigned char outLen;
@@ -2252,7 +2252,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
switch (csr->status_type) {
case WOLFSSL_CSR_OCSP:
if (ssl->ctx->cm->ocspEnabled) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
csr->request.ocsp.ssl = ssl;
#endif
return CheckOcspRequest(ssl->ctx->cm->ocsp,
@@ -2664,7 +2664,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
case WOLFSSL_CSR2_OCSP_MULTI:
if (ssl->ctx->cm->ocspEnabled) {
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
csr2->request.ocsp[0].ssl = ssl;
#endif
return CheckOcspRequest(ssl->ctx->cm->ocsp,

2
tests/api.c
View File

@@ -1999,7 +1999,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
#if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE))
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY)
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
{

6
wolfcrypt/src/asn.c
View File

@@ -3461,7 +3461,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
}
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
int GetTimeString(byte* date, int format, char* buf, int len)
{
struct tm t;
@@ -9564,7 +9564,7 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E;
}
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->thisDateAsn = source + idx;
#endif
if (GetBasicDate(source, &idx, cs->thisDate,
@@ -9585,7 +9585,7 @@ static int DecodeSingleResponse(byte* source,
idx++;
if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->nextDateAsn = source + idx;
#endif
if (GetBasicDate(source, &idx, cs->nextDate,

8
wolfcrypt/src/logging.c
View File

@@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
* mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function
* name where WOLFSSL_ERROR is called at.
*/
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
const char* file, void* usrCtx)
@@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error)
}
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
/* Internal function that is called by wolfCrypt_Init() */
@@ -313,7 +313,7 @@ int wc_LoggingCleanup(void)
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* peek at an error node
*
* index : if -1 then the most recent node is looked at, otherwise search
@@ -499,7 +499,7 @@ void wc_ClearErrorNodes(void)
wc_last_node = NULL;
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
int wc_SetLoggingHeap(void* h)

12
wolfssl/internal.h
View File

@@ -1452,7 +1452,7 @@ struct WOLFSSL_OCSP {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
OcspEntry* ocspList; /* OCSP response list */
wolfSSL_Mutex ocspLock; /* OCSP list lock */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
int(*statusCb)(WOLFSSL*, void*);
#endif
};
@@ -1938,7 +1938,7 @@ struct WOLFSSL_CTX {
#ifdef OPENSSL_EXTRA
STACK_OF(WOLFSSL_X509_NAME)* ca_names;
#endif
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
STACK_OF(WOLFSSL_X509)* x509Chain;
#endif
DerBuffer* privateKey;
@@ -2024,11 +2024,11 @@ struct WOLFSSL_CTX {
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
#endif
#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX)
#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
CallbackSniRecv sniRecvCb;
void* sniRecvCbArg;
#endif
@@ -2908,7 +2908,7 @@ struct WOLFSSL {
#endif /* user turned on */
#ifdef HAVE_ALPN
char* alpn_client_list; /* keep the client's list */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
CallbackALPNSelect alpnSelect;
void* alpnSelectArg;
#endif
@@ -2922,7 +2922,7 @@ struct WOLFSSL {
#ifdef OPENSSL_EXTRA
byte* ocspResp;
int ocspRespSz;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
char* url;
#endif
#endif

4
wolfssl/ocsp.h
View File

@@ -37,7 +37,7 @@
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP;
typedef struct OcspRequest WOLFSSL_OCSP_CERTID;
@@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,

4
wolfssl/openssl/crypto.h
View File

@@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
#define SSLEAY_VERSION 0x0090600fL
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions
#define FIPS_mode wolfSSL_FIPS_mode
#define FIPS_mode_set wolfSSL_FIPS_mode_set
@@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
#define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL)
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#endif /* header */

2
wolfssl/openssl/opensslv.h
View File

@@ -5,7 +5,7 @@
/* api version compatibility */
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x10001000L

6
wolfssl/openssl/ssl.h
View File

@@ -475,6 +475,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
@@ -507,6 +508,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
#define OBJ_nid2ln wolfSSL_OBJ_nid2ln
@@ -515,7 +517,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
#define BIO_new_file wolfSSL_BIO_new_file
@@ -709,7 +711,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
#define NID_tlsfeature 92 /* id-pe 24 */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#include <wolfssl/error-ssl.h>
#define OPENSSL_STRING WOLFSSL_STRING

12
wolfssl/ssl.h
View File

@@ -1688,7 +1688,7 @@ enum {
WOLFSSL_MAX_ALPN_NUMBER = 257
};
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
unsigned char* outLen, const unsigned char* in, unsigned int inLen,
void *arg);
@@ -1964,7 +1964,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
WOLFSSL_API void wolfSSL_cert_service(void);
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
char* buf, int len);
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
@@ -2035,6 +2035,7 @@ struct WOLFSSL_X509_NAME_ENTRY {
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
@@ -2060,6 +2061,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n);
@@ -2078,7 +2080,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#include <wolfssl/openssl/crypto.h>
@@ -2174,10 +2176,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_NGINX)
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);

8
wolfssl/wolfcrypt/asn.h
View File

@@ -197,7 +197,7 @@ enum Misc_ASN {
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
TRAILING_ZERO = 1, /* Used for size of zero pad */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */
#endif
};
@@ -686,7 +686,7 @@ WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int);
WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz);
typedef struct tm wolfssl_tm;
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
#endif
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
@@ -812,7 +812,7 @@ struct CertStatus {
byte nextDate[MAX_DATE_SIZE];
byte thisDateFormat;
byte nextDateFormat;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
byte* thisDateAsn;
byte* nextDateAsn;
#endif
@@ -863,7 +863,7 @@ struct OcspRequest {
int nonceSz;
void* heap;
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
void* ssl;
#endif
};

2
wolfssl/wolfcrypt/logging.h
View File

@@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
#endif /* DEBUG_WOLFSSL */
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX))
#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
const char* file, void* ctx);

2
wolfssl/wolfcrypt/settings.h
View File

@@ -1511,7 +1511,7 @@ static char *fgets(char *buff, int sz, FILE *fp)
#undef HAVE_GMTIME_R /* don't trust macro with windows */
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#ifdef WOLFSSL_NGINX
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
#define OPENSSL_NO_ENGINE
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT

2
wolfssl/wolfcrypt/types.h
View File

@@ -244,7 +244,7 @@
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#ifndef USE_WINDOWS_API
#define XSNPRINTF snprintf
#else