Browse Source

lighttpd: wolfssl complex preproc logic for SNI

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
lilik-openwrt-22.03
Glenn Strauss 4 years ago
parent
commit
cc3ab08fde
2 changed files with 56 additions and 1 deletions
  1. +1
    -1
      net/lighttpd/Makefile
  2. +55
    -0
      net/lighttpd/patches/060-wolfssl-SNI.patch

+ 1
- 1
net/lighttpd/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.56
PKG_RELEASE:=4
PKG_RELEASE:=5
# release candidate ~rcX testing; remove for release
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.56


+ 55
- 0
net/lighttpd/patches/060-wolfssl-SNI.patch View File

@ -0,0 +1,55 @@
From a43420ba07645acb71f31e95b9c7b4e894794afd Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 6 Dec 2020 22:50:49 -0500
Subject: [PATCH] [mod_wolfssl] add complex preproc logic for SNI
add complex preproc logic for SNI detection
- HAVE_SNI is not sufficient
- HAVE_LIGHTY is not sufficient (in wolfssl <= 4.5.0)
Instead, use more complex logic wrapping calls to SNI_Callback()
in wolfssl.
x-ref:
"[lighttpd] -mod-wolfssl inhibited by missing library functionality"
https://github.com/openwrt/packages/issues/14142
"put all SNI code behind simpler preprocessor directive HAVE_SNI"
https://github.com/wolfSSL/wolfssl/pull/3538
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
src/mod_wolfssl.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c
index a22b0ebe..70f7488b 100644
--- a/src/mod_wolfssl.c
+++ b/src/mod_wolfssl.c
@@ -2041,13 +2041,22 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
* && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)))
* and sniRecvCb sniRecvCbArg are hidden by *different* set of defines
* in wolfssl/internal.h)
- * Note: SNI callbacks disabled if wolfSSL is not built OPENSSL_ALL ! */
- #ifdef OPENSSL_ALL /* regretable */
+ * Note: wolfSSL SNI callbacks members not present unless wolfSSL is
+ * built OPENSSL_ALL or some additional combination of preprocessor
+ * defines. The following should work with more recent wolfSSL versions
+ * (and HAVE_LIGHTY is not sufficient in wolfssl <= 4.5.0) */
+ #if defined(OPENSSL_ALL) \
+ || (defined(OPENSSL_EXTRA) \
+ && (defined(HAVE_STUNNEL) \
+ || defined(WOLFSSL_NGINX) \
+ || defined(WOLFSSL_HAPROXY)))
+ #else
+ #undef HAVE_SNI
+ #endif
#ifdef HAVE_SNI
wolfSSL_CTX_set_servername_callback(
s->ssl_ctx, network_ssl_servername_callback);
wolfSSL_CTX_set_servername_arg(s->ssl_ctx, srv);
- #endif /* regretable */
#else
log_error(srv->errh, __FILE__, __LINE__,
"SSL: WARNING: SNI callbacks *crippled* in wolfSSL library build");
--
2.28.0

Loading…
Cancel
Save