Sunpoet Po-Chuan Hsieh
parent
9af704bb84
commit
20a512e51d
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=469474
16 changed files with 4 additions and 462 deletions
|
|
@ -2,9 +2,8 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= nghttp2
|
||||
PORTVERSION= 1.31.1
|
||||
PORTVERSION= 1.32.0
|
||||
DISTVERSIONPREFIX= v
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= www net
|
||||
|
||||
MAINTAINER= sunpoet@FreeBSD.org
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1523619680
|
||||
SHA256 (nghttp2-nghttp2-v1.31.1_GH0.tar.gz) = 7790fa5c0a0d27860d55a60fe13877e391a8fd8220085c760c5d842bb5f6cc08
|
||||
SIZE (nghttp2-nghttp2-v1.31.1_GH0.tar.gz) = 1744550
|
||||
TIMESTAMP = 1525894974
|
||||
SHA256 (nghttp2-nghttp2-v1.32.0_GH0.tar.gz) = c5e8ee1f5cd4951f81226ba21c5a08b22568a608810385a04f58191e4a5c4737
|
||||
SIZE (nghttp2-nghttp2-v1.32.0_GH0.tar.gz) = 1745249
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
--- examples/client.c.orig 2018-02-02 12:19:16 UTC
|
||||
+++ examples/client.c
|
||||
@@ -375,7 +375,9 @@ static void init_ssl_ctx(SSL_CTX *ssl_ct
|
||||
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
/* Set NPN callback */
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
|
||||
+#endif
|
||||
}
|
||||
|
||||
static void ssl_handshake(SSL *ssl, int fd) {
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
--- examples/libevent-client.c.orig 2018-02-02 12:19:16 UTC
|
||||
+++ examples/libevent-client.c
|
||||
@@ -335,7 +335,9 @@ static SSL_CTX *create_ssl_ctx(void) {
|
||||
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
|
||||
SSL_OP_NO_COMPRESSION |
|
||||
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
|
||||
+#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
|
||||
@@ -504,7 +506,9 @@ static void eventcb(struct bufferevent *
|
||||
|
||||
ssl = bufferevent_openssl_get_ssl(session_data->bev);
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (alpn == NULL) {
|
||||
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
--- examples/libevent-server.c.orig 2018-02-02 12:19:16 UTC
|
||||
+++ examples/libevent-server.c
|
||||
@@ -172,7 +172,9 @@ static SSL_CTX *create_ssl_ctx(const cha
|
||||
NGHTTP2_PROTO_VERSION_ID_LEN);
|
||||
next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
|
||||
+#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
|
||||
@@ -690,7 +692,9 @@ static void eventcb(struct bufferevent *
|
||||
|
||||
ssl = bufferevent_openssl_get_ssl(session_data->bev);
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (alpn == NULL) {
|
||||
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
--- src/HttpServer.cc.orig 2018-02-17 11:15:19 UTC
|
||||
+++ src/HttpServer.cc
|
||||
@@ -888,7 +888,9 @@ int Http2Handler::verify_npn_result() {
|
||||
const unsigned char *next_proto = nullptr;
|
||||
unsigned int next_proto_len;
|
||||
// Check the negotiated protocol in NPN or ALPN
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(ssl_, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
for (int i = 0; i < 2; ++i) {
|
||||
if (next_proto) {
|
||||
auto proto = StringRef{next_proto, next_proto_len};
|
||||
@@ -2205,7 +2207,9 @@ int HttpServer::run() {
|
||||
|
||||
next_proto = util::get_default_alpn();
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, &next_proto);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
// ALPN selection callback
|
||||
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, this);
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
--- src/asio_common.cc.orig 2018-02-02 12:19:16 UTC
|
||||
+++ src/asio_common.cc
|
||||
@@ -177,7 +177,9 @@ bool tls_h2_negotiated(ssl_socket &socke
|
||||
const unsigned char *next_proto = nullptr;
|
||||
unsigned int next_proto_len = 0;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (next_proto == nullptr) {
|
||||
SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
--- src/h2load.cc.orig 2018-02-02 12:19:16 UTC
|
||||
+++ src/h2load.cc
|
||||
@@ -857,7 +857,9 @@ int Client::connection_made() {
|
||||
const unsigned char *next_proto = nullptr;
|
||||
unsigned int next_proto_len;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (next_proto == nullptr) {
|
||||
SSL_get0_alpn_selected(ssl, &next_proto, &next_proto_len);
|
||||
@@ -2399,8 +2401,10 @@ int main(int argc, char **argv) {
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_CTX_set_next_proto_select_cb(ssl_ctx, client_select_next_proto_cb,
|
||||
nullptr);
|
||||
+#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
std::vector<unsigned char> proto_list;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
--- src/nghttp.cc.orig 2018-03-25 12:28:55 UTC
|
||||
+++ src/nghttp.cc
|
||||
@@ -680,7 +680,7 @@ int HttpClient::initiate_connection() {
|
||||
const auto &host_string =
|
||||
config.host_override.empty() ? host : config.host_override;
|
||||
|
||||
-#if (!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+#if (!(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) && \
|
||||
OPENSSL_VERSION_NUMBER >= 0x10002000L) || \
|
||||
defined(OPENSSL_IS_BORINGSSL)
|
||||
auto param = SSL_get0_param(ssl);
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
--- src/shrpx_client_handler.cc.orig 2018-02-02 12:19:16 UTC
|
||||
+++ src/shrpx_client_handler.cc
|
||||
@@ -549,7 +549,9 @@ int ClientHandler::validate_next_proto()
|
||||
// First set callback for catch all cases
|
||||
on_read_ = &ClientHandler::upstream_read;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (next_proto == nullptr) {
|
||||
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
|
||||
|
|
@ -1,109 +0,0 @@
|
|||
--- src/shrpx_config.cc.orig 2018-02-27 12:18:50 UTC
|
||||
+++ src/shrpx_config.cc
|
||||
@@ -1222,7 +1222,7 @@ int parse_subcert_params(SubcertParams &
|
||||
auto param = StringRef{first, end};
|
||||
|
||||
if (util::istarts_with_l(param, "sct-dir=")) {
|
||||
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
auto sct_dir =
|
||||
StringRef{std::begin(param) + str_size("sct-dir="), std::end(param)};
|
||||
if (sct_dir.empty()) {
|
||||
@@ -1230,9 +1230,9 @@ int parse_subcert_params(SubcertParams &
|
||||
return -1;
|
||||
}
|
||||
out.sct_dir = sct_dir;
|
||||
-#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
+#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
LOG(WARN) << "subcert: sct-dir requires OpenSSL >= 1.0.2";
|
||||
-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
+#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
} else if (!param.empty()) {
|
||||
LOG(ERROR) << "subcert: " << param << ": unknown keyword";
|
||||
return -1;
|
||||
@@ -1364,7 +1364,7 @@ int read_tls_sct_from_dir(std::vector<ui
|
||||
}
|
||||
} // namespace
|
||||
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#if !LIBRESSL_1_0_API
|
||||
namespace {
|
||||
// Reads PSK secrets from path, and parses each line. The result is
|
||||
// directly stored into config->tls.psk_secrets. This function
|
||||
@@ -1428,9 +1428,9 @@ int parse_psk_secrets(Config *config, co
|
||||
return 0;
|
||||
}
|
||||
} // namespace
|
||||
-#endif // !LIBRESSL_IN_USE
|
||||
+#endif // !LIBRESSL_1_0_API
|
||||
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#if !LIBRESSL_1_0_API
|
||||
namespace {
|
||||
// Reads PSK secrets from path, and parses each line. The result is
|
||||
// directly stored into config->tls.client.psk. This function returns
|
||||
@@ -1490,7 +1490,7 @@ int parse_client_psk_secrets(Config *con
|
||||
return 0;
|
||||
}
|
||||
} // namespace
|
||||
-#endif // !LIBRESSL_IN_USE
|
||||
+#endif // !LIBRESSL_1_0_API
|
||||
|
||||
// generated by gennghttpxfun.py
|
||||
int option_lookup_token(const char *name, size_t namelen) {
|
||||
@@ -3454,19 +3454,19 @@ int parse_config(Config *config, int opt
|
||||
return parse_uint_with_unit(
|
||||
&config->http2.downstream.decoder_dynamic_table_size, opt, optarg);
|
||||
case SHRPX_OPTID_ECDH_CURVES:
|
||||
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
config->tls.ecdh_curves = make_string_ref(config->balloc, optarg);
|
||||
-#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
+#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2";
|
||||
-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
+#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
return 0;
|
||||
case SHRPX_OPTID_TLS_SCT_DIR:
|
||||
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
return read_tls_sct_from_dir(config->tls.sct_data, opt, optarg);
|
||||
-#else // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
+#else // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
LOG(WARN) << opt << ": This option requires OpenSSL >= 1.0.2";
|
||||
return 0;
|
||||
-#endif // !(!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
+#endif // !(!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
||||
case SHRPX_OPTID_DNS_CACHE_TIMEOUT:
|
||||
return parse_duration(&config->dns.timeout.cache, opt, optarg);
|
||||
case SHRPX_OPTID_DNS_LOOKUP_TIMEOUT:
|
||||
@@ -3489,23 +3489,23 @@ int parse_config(Config *config, int opt
|
||||
return parse_duration(&config->conn.upstream.timeout.idle_read, opt,
|
||||
optarg);
|
||||
case SHRPX_OPTID_PSK_SECRETS:
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#if !LIBRESSL_1_0_API
|
||||
return parse_psk_secrets(config, optarg);
|
||||
-#else // LIBRESSL_IN_USE
|
||||
+#else // LIBRESSL_1_0_API
|
||||
LOG(WARN)
|
||||
<< opt
|
||||
<< ": ignored because underlying TLS library does not support PSK";
|
||||
return 0;
|
||||
-#endif // LIBRESSL_IN_USE
|
||||
+#endif // LIBRESSL_1_0_API
|
||||
case SHRPX_OPTID_CLIENT_PSK_SECRETS:
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#if !LIBRESSL_1_0_API
|
||||
return parse_client_psk_secrets(config, optarg);
|
||||
-#else // LIBRESSL_IN_USE
|
||||
+#else // LIBRESSL_1_0_API
|
||||
LOG(WARN)
|
||||
<< opt
|
||||
<< ": ignored because underlying TLS library does not support PSK";
|
||||
return 0;
|
||||
-#endif // LIBRESSL_IN_USE
|
||||
+#endif // LIBRESSL_1_0_API
|
||||
case SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST:
|
||||
config->tls.client.no_http2_cipher_black_list =
|
||||
util::strieq_l("yes", optarg);
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
--- src/shrpx_connection.cc.orig 2018-02-02 12:19:16 UTC
|
||||
+++ src/shrpx_connection.cc
|
||||
@@ -523,7 +523,9 @@ int Connection::check_http2_requirement(
|
||||
const unsigned char *next_proto = nullptr;
|
||||
unsigned int next_proto_len;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(tls.ssl, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (next_proto == nullptr) {
|
||||
SSL_get0_alpn_selected(tls.ssl, &next_proto, &next_proto_len);
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
--- src/shrpx_http2_session.cc.orig 2018-02-02 12:19:16 UTC
|
||||
+++ src/shrpx_http2_session.cc
|
||||
@@ -1649,7 +1649,9 @@ int Http2Session::connection_made() {
|
||||
const unsigned char *next_proto = nullptr;
|
||||
unsigned int next_proto_len = 0;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (!next_proto) {
|
||||
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
--- src/shrpx_live_check.cc.orig 2018-02-02 12:19:16 UTC
|
||||
+++ src/shrpx_live_check.cc
|
||||
@@ -406,7 +406,9 @@ int LiveCheck::tls_handshake() {
|
||||
const unsigned char *next_proto = nullptr;
|
||||
unsigned int next_proto_len = 0;
|
||||
|
||||
+#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
|
||||
+#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (next_proto == nullptr) {
|
||||
SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
|
||||
|
|
@ -1,144 +0,0 @@
|
|||
--- src/shrpx_tls.cc.orig 2018-03-25 12:28:55 UTC
|
||||
+++ src/shrpx_tls.cc
|
||||
@@ -360,7 +360,7 @@ int tls_session_new_cb(SSL *ssl, SSL_SES
|
||||
|
||||
namespace {
|
||||
SSL_SESSION *tls_session_get_cb(SSL *ssl,
|
||||
-#if OPENSSL_1_1_API
|
||||
+#if OPENSSL_1_1_API && !LIBRESSL_1_1_API
|
||||
const unsigned char *id,
|
||||
#else // !OPENSSL_1_1_API
|
||||
unsigned char *id,
|
||||
@@ -563,7 +563,7 @@ int alpn_select_proto_cb(SSL *ssl, const
|
||||
} // namespace
|
||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
|
||||
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
|
||||
#ifndef TLSEXT_TYPE_signed_certificate_timestamp
|
||||
#define TLSEXT_TYPE_signed_certificate_timestamp 18
|
||||
@@ -653,9 +653,9 @@ int legacy_sct_parse_cb(SSL *ssl, unsign
|
||||
} // namespace
|
||||
|
||||
#endif // !OPENSSL_1_1_1_API
|
||||
-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#ifndef OPENSSL_NO_PSK
|
||||
namespace {
|
||||
unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk,
|
||||
unsigned int max_psk_len) {
|
||||
@@ -679,9 +679,9 @@ unsigned int psk_server_cb(SSL *ssl, con
|
||||
return static_cast<unsigned int>(secret.size());
|
||||
}
|
||||
} // namespace
|
||||
-#endif // !LIBRESSL_IN_USE
|
||||
+#endif // !OPENSSL_NO_PSK
|
||||
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#ifndef OPENSSL_NO_PSK
|
||||
namespace {
|
||||
unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity_out,
|
||||
unsigned int max_identity_len, unsigned char *psk,
|
||||
@@ -714,7 +714,7 @@ unsigned int psk_client_cb(SSL *ssl, con
|
||||
return static_cast<unsigned int>(secret.size());
|
||||
}
|
||||
} // namespace
|
||||
-#endif // !LIBRESSL_IN_USE
|
||||
+#endif // !OPENSSL_NO_PSK
|
||||
|
||||
struct TLSProtocol {
|
||||
StringRef name;
|
||||
@@ -792,7 +792,7 @@ SSL_CTX *create_ssl_context(const char *
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
if (SSL_CTX_set1_curves_list(ssl_ctx, tlsconf.ecdh_curves.c_str()) != 1) {
|
||||
LOG(FATAL) << "SSL_CTX_set1_curves_list " << tlsconf.ecdh_curves
|
||||
<< " failed";
|
||||
@@ -803,7 +803,7 @@ SSL_CTX *create_ssl_context(const char *
|
||||
// function was deprecated in OpenSSL 1.1.0 and BoringSSL.
|
||||
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
|
||||
#endif // !defined(OPENSSL_IS_BORINGSSL) && !OPENSSL_1_1_API
|
||||
-#else // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L
|
||||
+#else // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L
|
||||
// Use P-256, which is sufficiently secure at the time of this
|
||||
// writing.
|
||||
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||
@@ -814,7 +814,7 @@ SSL_CTX *create_ssl_context(const char *
|
||||
}
|
||||
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
|
||||
EC_KEY_free(ecdh);
|
||||
-#endif // LIBRESSL_IN_USE || OPENSSL_VERSION_NUBMER < 0x10002000L
|
||||
+#endif // LIBRESSL_1_0_API || OPENSSL_VERSION_NUBMER < 0x10002000L
|
||||
#endif // OPENSSL_NO_EC
|
||||
|
||||
if (!tlsconf.dh_param_file.empty()) {
|
||||
@@ -931,7 +931,7 @@ SSL_CTX *create_ssl_context(const char *
|
||||
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
|
||||
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
|
||||
-#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !LIBRESSL_1_0_API && !LIBRESSL_1_1_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
// SSL_extension_supported(TLSEXT_TYPE_signed_certificate_timestamp)
|
||||
// returns 1, which means OpenSSL internally handles it. But
|
||||
// OpenSSL handles signed_certificate_timestamp extension specially,
|
||||
@@ -962,11 +962,11 @@ SSL_CTX *create_ssl_context(const char *
|
||||
}
|
||||
#endif // !OPENSSL_1_1_1_API
|
||||
}
|
||||
-#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#endif // !LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#ifndef OPENSSL_NO_PSK
|
||||
SSL_CTX_set_psk_server_callback(ssl_ctx, psk_server_cb);
|
||||
-#endif // !LIBRESSL_IN_USE
|
||||
+#endif // !OPENSSL_NO_PSK
|
||||
|
||||
auto tls_ctx_data = new TLSContextData();
|
||||
tls_ctx_data->cert_file = cert_file;
|
||||
@@ -1114,9 +1114,9 @@ SSL_CTX *create_ssl_client_context(
|
||||
#endif // HAVE_NEVERBLEED
|
||||
}
|
||||
|
||||
-#if !LIBRESSL_IN_USE
|
||||
+#ifndef OPENSSL_NO_PSK
|
||||
SSL_CTX_set_psk_client_callback(ssl_ctx, psk_client_cb);
|
||||
-#endif // !LIBRESSL_IN_USE
|
||||
+#endif // !OPENSSL_NO_PSK
|
||||
|
||||
// NPN selection callback. This is required to set SSL_CTX because
|
||||
// OpenSSL does not offer SSL_set_next_proto_select_cb.
|
||||
@@ -1553,15 +1553,15 @@ int cert_lookup_tree_add_ssl_ctx(
|
||||
SSL_CTX *ssl_ctx) {
|
||||
std::array<uint8_t, NI_MAXHOST> buf;
|
||||
|
||||
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if !defined(LIBRESSL_1_0_API) && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
auto cert = SSL_CTX_get0_certificate(ssl_ctx);
|
||||
-#else // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
|
||||
+#else // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER <
|
||||
// 0x10002000L
|
||||
auto tls_ctx_data =
|
||||
static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
|
||||
auto cert = load_certificate(tls_ctx_data->cert_file);
|
||||
auto cert_deleter = defer(X509_free, cert);
|
||||
-#endif // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
|
||||
+#endif // defined(LIBRESSL_1_0_API) || OPENSSL_VERSION_NUMBER <
|
||||
// 0x10002000L
|
||||
|
||||
auto altnames = static_cast<GENERAL_NAMES *>(
|
||||
@@ -1977,7 +1977,7 @@ StringRef get_x509_issuer_name(BlockAllo
|
||||
#endif /* !WORDS_BIGENDIAN */
|
||||
|
||||
StringRef get_x509_serial(BlockAllocator &balloc, X509 *x) {
|
||||
-#if OPENSSL_1_1_API
|
||||
+#if OPENSSL_1_1_API && !LIBRESSL_1_1_API
|
||||
auto sn = X509_get0_serialNumber(x);
|
||||
uint64_t r;
|
||||
if (ASN1_INTEGER_get_uint64(&r, sn) != 1) {
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
--- src/ssl_compat.h.orig 2018-02-27 12:18:50 UTC
|
||||
+++ src/ssl_compat.h
|
||||
@@ -26,16 +26,22 @@
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
-#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
-#define LIBRESSL_IN_USE 1
|
||||
-#else // !defined(LIBRESSL_VERSION_NUMBER)
|
||||
-#define LIBRESSL_IN_USE 0
|
||||
-#endif // !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
|
||||
+#define LIBRESSL_1_0_API 1
|
||||
+#define LIBRESSL_1_1_API 0
|
||||
+#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
|
||||
+#define LIBRESSL_1_0_API 0
|
||||
+#define LIBRESSL_1_1_API 1
|
||||
+#else // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
|
||||
+#define LIBRESSL_1_0_API 0
|
||||
+#define LIBRESSL_1_1_API 0
|
||||
+#endif // !defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
|
||||
|
||||
#define OPENSSL_1_1_API \
|
||||
- (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
||||
+ (!LIBRESSL_1_0_API && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
||||
|
||||
#define OPENSSL_1_1_1_API \
|
||||
- (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
+ (!LIBRESSL_1_0_API && !LIBRESSL_1_1_API && \
|
||||
+ OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
|
||||
#endif // OPENSSL_COMPAT_H
|
||||
Loading…
Reference in a new issue