shithub: opusfile

Download patch

ref: d2577d7fdfda04bc32a853e80e62d6faa2a20859
parent: d59a17ec1e58b6496a1e32ce8bfb217eb7575d92
author: Stefan Strogin <[email protected]>
date: Wed Oct 3 02:33:45 EDT 2018

http: use new API with LibreSSL >=2.7.0

LibreSSL is not yet fully API compatible with OpenSSL 1.0.2 and later,
However many APIs from OpenSSL 1.0.2 and 1.1 are already implemented in
LibreSSL 2.7.0 and later. Old approach works in newer LibreSSL version
as well, but it's not nice to force deprecated functions on LibreSSL
users.

Add additional conditionals for new LibreSSL versions to use the
available new APIs.

Signed-off-by: Ralph Giles <[email protected]>

--- a/src/http.c
+++ b/src/http.c
@@ -1535,7 +1535,7 @@
   return ret;
 }
 
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 #  define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))
 #  define BIO_set_init(_b,_init) ((_b)->init=(_init))
 #  define ASN1_STRING_get0_data ASN1_STRING_data
@@ -1543,7 +1543,7 @@
 
 static int op_bio_retry_new(BIO *_b){
   BIO_set_init(_b,1);
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
   _b->num=0;
 # endif
   BIO_set_data(_b,NULL);
@@ -1554,7 +1554,7 @@
   return _b!=NULL;
 }
 
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 /*This is not const because OpenSSL doesn't allow it, even though it won't
    write to it.*/
 static BIO_METHOD op_bio_retry_method={
@@ -1575,7 +1575,7 @@
    proxying https URL requests.*/
 static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
  OpusHTTPConn *_conn,op_sock _fd,SSL *_ssl_conn,BIO *_ssl_bio){
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
+# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   BIO_METHOD *bio_retry_method;
 # endif
   BIO  *retry_bio;
@@ -1588,7 +1588,7 @@
   ret=op_http_conn_write_fully(_conn,
    _stream->proxy_connect.buf,_stream->proxy_connect.nbuf);
   if(OP_UNLIKELY(ret<0))return ret;
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
+# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");
   if(bio_retry_method==NULL)return OP_EFAULT;
   BIO_meth_set_write(bio_retry_method,op_bio_retry_write);
@@ -1611,7 +1611,7 @@
   /*This shouldn't succeed, since we can't read yet.*/
   OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);
   SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);
-# if OPENSSL_VERSION_NUMBER>=0x10100000L
+# if (OPENSSL_VERSION_NUMBER>=0x10100000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   BIO_meth_free(bio_retry_method);
 # endif
   /*Only now do we disable write coalescing, to allow the CONNECT
@@ -1640,7 +1640,7 @@
   return NULL;
 }
 
-# if OPENSSL_VERSION_NUMBER<0x10002000L
+# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 /*Match a host name against a host with a possible wildcard pattern according
    to the rules of RFC 6125 Section 6.4.3.
   Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/
@@ -1898,7 +1898,7 @@
   SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host);
 # endif
   skip_certificate_check=_stream->skip_certificate_check;
-# if OPENSSL_VERSION_NUMBER>=0x10002000L
+# if (OPENSSL_VERSION_NUMBER>=0x10002000L||LIBRESSL_VERSION_NUMBER>=0x2070000fL)
   /*As of version 1.0.2, OpenSSL can finally do hostname checks automatically.
     Of course, they make it much more complicated than it needs to be.*/
   if(!skip_certificate_check){
@@ -1961,13 +1961,13 @@
   if(OP_UNLIKELY(ret<=0))return OP_FALSE;
   ssl_session=_stream->ssl_session;
   if(ssl_session==NULL
-# if OPENSSL_VERSION_NUMBER<0x10002000L
+# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
    ||!skip_certificate_check
 # endif
    ){
     ret=op_do_ssl_step(_ssl_conn,_fd,SSL_do_handshake);
     if(OP_UNLIKELY(ret<=0))return OP_FALSE;
-# if OPENSSL_VERSION_NUMBER<0x10002000L
+# if (OPENSSL_VERSION_NUMBER<0x10002000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
     /*OpenSSL before version 1.0.2 does not do automatic hostname verification,
        despite the fact that we just passed it the hostname above in the call
        to SSL_set_tlsext_host_name().
@@ -2319,7 +2319,7 @@
     /*Initialize the SSL library if necessary.*/
     if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){
       SSL_CTX *ssl_ctx;
-# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if (OPENSSL_VERSION_NUMBER<0x10100000L&&LIBRESSL_VERSION_NUMBER<0x2070000fL)
 #  if !defined(OPENSSL_NO_LOCKING)
       /*The documentation says SSL_library_init() is not reentrant.
         We don't want to add our own depenencies on a threading library, and it