|
|
@ -0,0 +1,55 @@ |
|
|
|
From a43420ba07645acb71f31e95b9c7b4e894794afd Mon Sep 17 00:00:00 2001 |
|
|
|
From: Glenn Strauss <gstrauss@gluelogic.com> |
|
|
|
Date: Sun, 6 Dec 2020 22:50:49 -0500 |
|
|
|
Subject: [PATCH] [mod_wolfssl] add complex preproc logic for SNI |
|
|
|
|
|
|
|
add complex preproc logic for SNI detection |
|
|
|
- HAVE_SNI is not sufficient
|
|
|
|
- HAVE_LIGHTY is not sufficient (in wolfssl <= 4.5.0)
|
|
|
|
Instead, use more complex logic wrapping calls to SNI_Callback() |
|
|
|
in wolfssl. |
|
|
|
|
|
|
|
x-ref: |
|
|
|
"[lighttpd] -mod-wolfssl inhibited by missing library functionality" |
|
|
|
https://github.com/openwrt/packages/issues/14142 |
|
|
|
"put all SNI code behind simpler preprocessor directive HAVE_SNI" |
|
|
|
https://github.com/wolfSSL/wolfssl/pull/3538 |
|
|
|
|
|
|
|
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> |
|
|
|
---
|
|
|
|
src/mod_wolfssl.c | 15 ++++++++++++--- |
|
|
|
1 file changed, 12 insertions(+), 3 deletions(-) |
|
|
|
|
|
|
|
diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c
|
|
|
|
index a22b0ebe..70f7488b 100644
|
|
|
|
--- a/src/mod_wolfssl.c
|
|
|
|
+++ b/src/mod_wolfssl.c
|
|
|
|
@@ -2041,13 +2041,22 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
|
|
|
|
* && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY))) |
|
|
|
* and sniRecvCb sniRecvCbArg are hidden by *different* set of defines |
|
|
|
* in wolfssl/internal.h) |
|
|
|
- * Note: SNI callbacks disabled if wolfSSL is not built OPENSSL_ALL ! */
|
|
|
|
- #ifdef OPENSSL_ALL /* regretable */
|
|
|
|
+ * Note: wolfSSL SNI callbacks members not present unless wolfSSL is
|
|
|
|
+ * built OPENSSL_ALL or some additional combination of preprocessor
|
|
|
|
+ * defines. The following should work with more recent wolfSSL versions
|
|
|
|
+ * (and HAVE_LIGHTY is not sufficient in wolfssl <= 4.5.0) */
|
|
|
|
+ #if defined(OPENSSL_ALL) \
|
|
|
|
+ || (defined(OPENSSL_EXTRA) \
|
|
|
|
+ && (defined(HAVE_STUNNEL) \
|
|
|
|
+ || defined(WOLFSSL_NGINX) \
|
|
|
|
+ || defined(WOLFSSL_HAPROXY)))
|
|
|
|
+ #else
|
|
|
|
+ #undef HAVE_SNI
|
|
|
|
+ #endif
|
|
|
|
#ifdef HAVE_SNI |
|
|
|
wolfSSL_CTX_set_servername_callback( |
|
|
|
s->ssl_ctx, network_ssl_servername_callback); |
|
|
|
wolfSSL_CTX_set_servername_arg(s->ssl_ctx, srv); |
|
|
|
- #endif /* regretable */
|
|
|
|
#else |
|
|
|
log_error(srv->errh, __FILE__, __LINE__, |
|
|
|
"SSL: WARNING: SNI callbacks *crippled* in wolfSSL library build"); |
|
|
|
--
|
|
|
|
2.28.0 |
|
|
|
|