LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22543 Commits
1 Branch
46 MiB
Tree: 69d934f38b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '69d934f38b'
${ noResults }
openwrt-packages-dist/net/lighttpd/patches/060-wolfssl-SNI.patch

55 lines
2.3 KiB
Raw Normal View History

lighttpd: wolfssl complex preproc logic for SNI Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
4 years ago
 
  1. From a43420ba07645acb71f31e95b9c7b4e894794afd Mon Sep 17 00:00:00 2001
  2. From: Glenn Strauss <gstrauss@gluelogic.com>
  3. Date: Sun, 6 Dec 2020 22:50:49 -0500
  4. Subject: [PATCH] [mod_wolfssl] add complex preproc logic for SNI
  5. 

  6. add complex preproc logic for SNI detection
  7. - HAVE_SNI is not sufficient

  8. - HAVE_LIGHTY is not sufficient (in wolfssl <= 4.5.0)

  9. Instead, use more complex logic wrapping calls to SNI_Callback()
  10. in wolfssl.
  11. 

  12. x-ref:
  13.   "[lighttpd] -mod-wolfssl inhibited by missing library functionality"
  14.   https://github.com/openwrt/packages/issues/14142
  15.   "put all SNI code behind simpler preprocessor directive HAVE_SNI"
  16.   https://github.com/wolfSSL/wolfssl/pull/3538
  17. 

  18. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  19. ---

  20.  src/mod_wolfssl.c | 15 ++++++++++++---
  21.  1 file changed, 12 insertions(+), 3 deletions(-)
  22. 

  23. diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c

  24. index a22b0ebe..70f7488b 100644

  25. --- a/src/mod_wolfssl.c

  26. +++ b/src/mod_wolfssl.c

  27. @@ -2041,13 +2041,22 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)

  28.           *           && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)))
  29.           * and sniRecvCb sniRecvCbArg are hidden by *different* set of defines
  30.           * in wolfssl/internal.h)
  31. -         * Note: SNI callbacks disabled if wolfSSL is not built OPENSSL_ALL ! */

  32. -       #ifdef OPENSSL_ALL /* regretable */

  33. +         * Note: wolfSSL SNI callbacks members not present unless wolfSSL is

  34. +         * built OPENSSL_ALL or some additional combination of preprocessor

  35. +         * defines.  The following should work with more recent wolfSSL versions

  36. +         * (and HAVE_LIGHTY is not sufficient in wolfssl <= 4.5.0) */

  37. +       #if defined(OPENSSL_ALL) \

  38. +        || (defined(OPENSSL_EXTRA) \

  39. +            && (defined(HAVE_STUNNEL) \

  40. +                || defined(WOLFSSL_NGINX) \

  41. +                || defined(WOLFSSL_HAPROXY)))

  42. +       #else

  43. +       #undef HAVE_SNI

  44. +       #endif

  45.         #ifdef HAVE_SNI
  46.          wolfSSL_CTX_set_servername_callback(
  47.              s->ssl_ctx, network_ssl_servername_callback);
  48.          wolfSSL_CTX_set_servername_arg(s->ssl_ctx, srv);
  49. -       #endif             /* regretable */

  50.         #else
  51.          log_error(srv->errh, __FILE__, __LINE__,
  52.            "SSL: WARNING: SNI callbacks *crippled* in wolfSSL library build");
  53. -- 

  54. 2.28.0
  55.