From 8f300515bdfd2283bff30e67aa0d1a299948d5f6 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 11 Apr 2017 14:18:41 +0200 Subject: [PATCH] Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel --- configure.ac | 40 +++++++++++++++++++++--------------- src/internal.c | 18 ++++++++-------- src/ocsp.c | 4 ++-- src/ssl.c | 33 ++++++++++++++--------------- src/tls.c | 6 +++--- tests/api.c | 2 +- wolfcrypt/src/asn.c | 6 +++--- wolfcrypt/src/logging.c | 8 ++++---- wolfssl/internal.h | 12 +++++------ wolfssl/ocsp.h | 4 ++-- wolfssl/openssl/crypto.h | 4 ++-- wolfssl/openssl/opensslv.h | 2 +- wolfssl/openssl/ssl.h | 6 ++++-- wolfssl/ssl.h | 12 ++++++----- wolfssl/wolfcrypt/asn.h | 8 ++++---- wolfssl/wolfcrypt/logging.h | 2 +- wolfssl/wolfcrypt/settings.h | 2 +- wolfssl/wolfcrypt/types.h | 2 +- 18 files changed, 91 insertions(+), 80 deletions(-) diff --git a/configure.ac b/configure.ac index 021a3ebbd..51c55b59c 100644 --- a/configure.ac +++ b/configure.ac @@ -277,6 +277,14 @@ AC_ARG_ENABLE([nginx], [ ENABLED_NGINX=no ] ) +# haproxy compatibility build +AC_ARG_ENABLE([haproxy], + [ --enable-haproxy Enable haproxy (default: disabled)], + [ ENABLED_HAPROXY=$enableval ], + [ ENABLED_HAPROXY=no ] + ) + + # OPENSSL Extra Compatibility AC_ARG_ENABLE([opensslextra], [ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)], @@ -1763,9 +1771,10 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then - ENABLED_CERTIFICATE_STATUS_REQUEST=yes + echo "ELLO" + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" fi if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" @@ -1790,7 +1799,7 @@ AC_ARG_ENABLE([ocspstapling2], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes fi @@ -1818,7 +1827,7 @@ AC_ARG_ENABLE([crl], ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_CRL=yes fi @@ -2095,7 +2104,7 @@ AC_ARG_ENABLE([session-ticket], [ ENABLED_SESSION_TICKET=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" +if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_SESSION_TICKET=yes fi @@ -2124,7 +2133,7 @@ AC_ARG_ENABLE([tlsx], [ ENABLED_TLSX=no ] ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_TLSX=yes fi @@ -2375,19 +2384,8 @@ fi if test "$ENABLED_NGINX" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" - AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" - AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi -# haproxy Support -AC_ARG_ENABLE([haproxy], - [ --enable-haproxy Enable haproxy (default: disabled)], - [ ENABLED_HAPROXY=$enableval ], - [ ENABLED_HAPROXY=no ] - ) - if test "$ENABLED_HAPROXY" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY" @@ -2399,6 +2397,14 @@ then fi fi +if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" + AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" +fi + # stunnel Support AC_ARG_ENABLE([stunnel], diff --git a/src/internal.c b/src/internal.c index 2e395c39f..5dc3c37d9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -105,7 +105,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #if !defined(NO_RSA) || defined(HAVE_ECC) static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32); #endif - #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) + #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) static int SNI_Callback(WOLFSSL* ssl); #endif #ifdef WOLFSSL_DTLS @@ -1468,7 +1468,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) ctx->ca_names = next; } #endif - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) while (ctx->x509Chain != NULL) { WOLFSSL_STACK *next = ctx->x509Chain->next; wolfSSL_X509_free(ctx->x509Chain->data.x509); @@ -3521,7 +3521,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #ifdef HAVE_ALPN ssl->alpn_client_list = NULL; - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) ssl->alpnSelect = ctx->alpnSelect; ssl->alpnSelectArg = ctx->alpnSelectArg; #endif @@ -11118,7 +11118,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (ret == 0) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, @@ -11219,7 +11219,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (ret == 0) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, @@ -11294,7 +11294,7 @@ int SendCertificateStatus(WOLFSSL* ssl) &ssl->ctx->cm->ocsp_stapling->ocspLock); } - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, @@ -11322,7 +11322,7 @@ int SendCertificateStatus(WOLFSSL* ssl) else { while (ret == 0 && NULL != (request = ssl->ctx->chainOcspRequest[i])) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, @@ -19392,7 +19392,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz, 1, &clSuites))) return ret; -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if((ret=SNI_Callback(ssl))) return ret; ssl->options.side = WOLFSSL_SERVER_END; @@ -21085,7 +21085,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) static int SNI_Callback(WOLFSSL* ssl) { /* Stunnel supports a custom sni callback to switch an SSL's ctx diff --git a/src/ocsp.c b/src/ocsp.c index d481ab676..9188c363c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, if (ret != OCSP_INVALID_STATUS) return ret; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) { ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx); if (ret == 0) { @@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, return ret; } -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/src/ssl.c b/src/ssl.c index 6f6a21127..5049e21e6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2425,7 +2425,8 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) FreeOCSP(cm->ocsp, 1); XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ + || defined(WOLFSSL_HAPROXY) if (cm->ocsp_stapling) FreeOCSP(cm->ocsp_stapling, 1); #endif @@ -10713,7 +10714,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) { unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); @@ -12269,7 +12270,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) wc_ClearErrorNodes(); #endif } @@ -15095,7 +15096,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) } -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) { char buf[MAX_TIME_STRING_SZ]; @@ -15113,7 +15114,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) #endif -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len) { int format; @@ -15202,7 +15203,7 @@ unsigned long wolfSSL_ERR_peek_error(void) int wolfSSL_ERR_GET_REASON(unsigned long err) { -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Nginx looks for this error to know to stop parsing certificates. */ if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) return PEM_R_NO_START_LINE; @@ -21518,7 +21519,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) break; } - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (l == 0) WOLFSSL_ERROR(SSL_NO_PEM_HEADER); #endif @@ -21571,7 +21572,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } #endif /* ifndef NO_CERTS */ -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY) #ifndef NO_CERTS void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ FreeX509Name(name, NULL); @@ -21580,7 +21581,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif /* NO_CERTS */ #endif -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) { @@ -21785,7 +21786,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } -#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL */ +#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_HAPROXY */ #endif @@ -21800,7 +21801,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) (void)line; (void)file; -#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY) { int ret; @@ -22034,7 +22035,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY) char * wolfSSL_OBJ_nid2ln(int n) { (void)n; WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); @@ -22293,7 +22294,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } #endif /* OPENSSL_EXTRA && !NO_DH */ -#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ +#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */ /* stunnel compatibility functions*/ @@ -23179,7 +23180,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, *flags = 0; } -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) { int ret = 0; @@ -23208,7 +23209,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, } #endif -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) void wolfSSL_OPENSSL_config(char *config_name) { WOLFSSL_STUB("wolfSSL_OPENSSL_config"); @@ -23880,7 +23881,7 @@ void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, } #endif /* HAVE_ALPN */ -#endif /* WOLFSSL_NGINX */ +#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ #ifdef OPENSSL_EXTRA int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) diff --git a/src/tls.c b/src/tls.c index 8c8437ae8..ade0d3704 100755 --- a/src/tls.c +++ b/src/tls.c @@ -1106,7 +1106,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, extension = TLSX_Find(ssl->ctx->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (ssl->alpnSelect != NULL) { const byte* out; unsigned char outLen; @@ -2252,7 +2252,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: if (ssl->ctx->cm->ocspEnabled) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) csr->request.ocsp.ssl = ssl; #endif return CheckOcspRequest(ssl->ctx->cm->ocsp, @@ -2664,7 +2664,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) case WOLFSSL_CSR2_OCSP_MULTI: if (ssl->ctx->cm->ocspEnabled) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) csr2->request.ocsp[0].ssl = ssl; #endif return CheckOcspRequest(ssl->ctx->cm->ocsp, diff --git a/tests/api.c b/tests/api.c index 7fb55c6e1..71bd8296d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1999,7 +1999,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) #if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \ - && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) + && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY) printf(testingFmt, "wolfSSL_X509_NAME_get_entry()"); { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3114ef915..da061fd1a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3461,7 +3461,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b) } -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int GetTimeString(byte* date, int format, char* buf, int len) { struct tm t; @@ -9564,7 +9564,7 @@ static int DecodeSingleResponse(byte* source, return ASN_PARSE_E; } -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) cs->thisDateAsn = source + idx; #endif if (GetBasicDate(source, &idx, cs->thisDate, @@ -9585,7 +9585,7 @@ static int DecodeSingleResponse(byte* source, idx++; if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) cs->nextDateAsn = source + idx; #endif if (GetBasicDate(source, &idx, cs->nextDate, diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 8aecf5f0b..f092ba012 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret) * mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function * name where WOLFSSL_ERROR is called at. */ -#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY) #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line, const char* file, void* usrCtx) @@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error) } } -#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Internal function that is called by wolfCrypt_Init() */ @@ -313,7 +313,7 @@ int wc_LoggingCleanup(void) } -#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* peek at an error node * * index : if -1 then the most recent node is looked at, otherwise search @@ -499,7 +499,7 @@ void wc_ClearErrorNodes(void) wc_last_node = NULL; wc_UnLockMutex(&debug_mutex); } -#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ int wc_SetLoggingHeap(void* h) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a54ee754d..3b20c422d 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1452,7 +1452,7 @@ struct WOLFSSL_OCSP { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ OcspEntry* ocspList; /* OCSP response list */ wolfSSL_Mutex ocspLock; /* OCSP list lock */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) int(*statusCb)(WOLFSSL*, void*); #endif }; @@ -1938,7 +1938,7 @@ struct WOLFSSL_CTX { #ifdef OPENSSL_EXTRA STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) STACK_OF(WOLFSSL_X509)* x509Chain; #endif DerBuffer* privateKey; @@ -2024,11 +2024,11 @@ struct WOLFSSL_CTX { #ifdef HAVE_EX_DATA void* ex_data[MAX_EX_DATA]; #endif -#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX) +#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif @@ -2908,7 +2908,7 @@ struct WOLFSSL { #endif /* user turned on */ #ifdef HAVE_ALPN char* alpn_client_list; /* keep the client's list */ - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif @@ -2922,7 +2922,7 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA byte* ocspResp; int ocspRespSz; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) char* url; #endif #endif diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 03d50fb92..844ce272e 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -37,7 +37,7 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; typedef struct OcspRequest WOLFSSL_OCSP_CERTID; @@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 04afe897a..e00c00a90 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void); #define SSLEAY_VERSION 0x0090600fL #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set @@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL) -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* header */ diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 80f9a799c..c7b143c9f 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -5,7 +5,7 @@ /* api version compatibility */ -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* version number can be increased for Lighty after compatibility for ECDH is added */ #define OPENSSL_VERSION_NUMBER 0x10001000L diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 5ff1a3167..a19cf52bb 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -475,6 +475,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; @@ -507,6 +508,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) #define OBJ_nid2ln wolfSSL_OBJ_nid2ln @@ -515,7 +517,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 -#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file @@ -709,7 +711,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define NID_inhibit_any_policy 168 /* 2.5.29.54 */ #define NID_tlsfeature 92 /* id-pe 24 */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #include #define OPENSSL_STRING WOLFSSL_STRING diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5e445f286..258b58e3d 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1688,7 +1688,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -1964,7 +1964,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len); #endif /* WOLFSSL_MYSQL_COMPATIBLE */ @@ -2035,6 +2035,7 @@ struct WOLFSSL_X509_NAME_ENTRY { #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); @@ -2060,6 +2061,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); @@ -2078,7 +2080,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #include @@ -2174,10 +2176,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_NGINX) + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index f1419a1d2..2521bd686 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -197,7 +197,7 @@ enum Misc_ASN { HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ TRAILING_ZERO = 1, /* Used for size of zero pad */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */ #endif }; @@ -686,7 +686,7 @@ WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); typedef struct tm wolfssl_tm; -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, @@ -812,7 +812,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) byte* thisDateAsn; byte* nextDateAsn; #endif @@ -863,7 +863,7 @@ struct OcspRequest { int nonceSz; void* heap; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) void* ssl; #endif }; diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 43df62ff6..93bcee33e 100755 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #endif /* DEBUG_WOLFSSL */ -#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY) #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, const char* file, void* ctx); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c2febfcc9..14cdffe82 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1511,7 +1511,7 @@ static char *fgets(char *buff, int sz, FILE *fp) #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 5e405dd21..d45bdf17a 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -244,7 +244,7 @@ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #endif - #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #ifndef USE_WINDOWS_API #define XSNPRINTF snprintf #else