Attachment 187402 Details for Bug 223196 – patch

patch

patch-src_ssl__sock.c (text/x-csrc), 3.49 KB, created by Piotr Kubaj on 2017-10-23 18:22:06 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Piotr Kubaj

Created: 2017-10-23 18:22:06 UTC

Size: 3.49 KB

patch

obsolete

>--- src/ssl_sock.c.orig	2017-10-22 08:13:45 UTC
>+++ src/ssl_sock.c
>@@ -56,7 +56,7 @@
> #include <openssl/engine.h>
> #endif
> 
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> #include <openssl/async.h>
> #endif
> 
>@@ -362,7 +362,7 @@ fail_get:
> }
> #endif
> 
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> /*
>  * openssl async fd handler
>  */
>@@ -1044,8 +1044,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
> 		ocsp = NULL;
> 
> #ifndef SSL_CTX_get_tlsext_status_cb
>+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
>+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
>+#endif
> # define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
>-	*cb = (void (*) (void))ctx->tlsext_status_cb;
>+	*cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
> #endif
> 	SSL_CTX_get_tlsext_status_cb(ctx, &callback);
> 
>@@ -1073,7 +1076,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
> 		int key_type;
> 		EVP_PKEY *pkey;
> 
>-#ifdef SSL_CTX_get_tlsext_status_arg
>+#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER)
>+#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
>+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
>+#endif
> 		SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
> #else
> 		cb_arg = ctx->tlsext_status_arg;
>@@ -3627,7 +3633,7 @@ ssl_sock_initial_ctx(struct bind_conf *b
> 		options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
> 	SSL_CTX_set_options(ctx, options);
> 
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> 	if (global_ssl.async)
> 		mode |= SSL_MODE_ASYNC;
> #endif
>@@ -4125,7 +4131,7 @@ int ssl_sock_prepare_srv_ctx(struct serv
> 		options |= SSL_OP_NO_TICKET;
> 	SSL_CTX_set_options(ctx, options);
> 
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> 	if (global_ssl.async)
> 		mode |= SSL_MODE_ASYNC;
> #endif
>@@ -4638,7 +4644,7 @@ int ssl_sock_handshake(struct connection
> 				fd_cant_recv(conn->handle.fd);
> 				return 0;
> 			}
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> 			else if (ret == SSL_ERROR_WANT_ASYNC) {
> 				ssl_async_process_fds(conn, conn->xprt_ctx);
> 				return 0;
>@@ -4722,7 +4728,7 @@ int ssl_sock_handshake(struct connection
> 			fd_cant_recv(conn->handle.fd);
> 			return 0;
> 		}
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> 		else if (ret == SSL_ERROR_WANT_ASYNC) {
> 			ssl_async_process_fds(conn, conn->xprt_ctx);
> 			return 0;
>@@ -4784,7 +4790,7 @@ int ssl_sock_handshake(struct connection
> 
> reneg_ok:
> 
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> 	/* ASYNC engine API doesn't support moving read/write
> 	 * buffers. So we disable ASYNC mode right after
> 	 * the handshake to avoid buffer oveflows.
>@@ -4908,7 +4914,7 @@ static int ssl_sock_to_buf(struct connec
> 				/* handshake is running, and it needs to enable write */
> 				conn->flags |= CO_FL_SSL_WAIT_HS;
> 				__conn_sock_want_send(conn);
>-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
> 				/* Async mode can be re-enabled, because we're leaving data state.*/
> 				if (global_ssl.async)
> 					SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);

Actions: View

Attachments on bug 223196: 187402 | 187439 | 187440