diff options
| author | Petr Štetiar <ynezz@true.cz> | 2020-12-10 16:00:02 +0100 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2020-12-10 17:14:45 +0100 |
| commit | 8280140db9d121cb476335a7fa49de02a63fd9b5 (patch) | |
| tree | 8d63ef159ab3ddf703478eeea711e5e404acccd5 | |
| parent | cee6791b362a1b778b6e0630433052bd819943f1 (diff) | |
| download | ustream-ssl-8280140db9d121cb476335a7fa49de02a63fd9b5.tar.gz | |
wolfssl: remove now deprecated compatibility code
Mainly that NO_X509_CHECK_HOST is causing certificate validation issues
in some setups:
root@OpenWrt:/# wget https://www.google.com
Downloading 'https://www.google.com'
Connecting to 172.217.23.196:443
Connection error: Server hostname does not match SSL certificate
but instead of spending time on fixing it, I've simply decided to remove
it as we're now on wolfSSL 4.5.0 and those symbols should be avaialable
so no symbol detection and handling should be needed anymore.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
| -rw-r--r-- | CMakeLists.txt | 13 | ||||
| -rw-r--r-- | ustream-io-wolfssl.c | 7 | ||||
| -rw-r--r-- | ustream-openssl.c | 7 | ||||
| -rw-r--r-- | ustream-ssl.c | 3 |
4 files changed, 1 insertions, 29 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index b883751..c98b12a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,5 @@ cmake_minimum_required(VERSION 2.6) -INCLUDE(CheckSymbolExists) - PROJECT(ustream-ssl C) ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3) @@ -26,17 +24,6 @@ ELSEIF(WOLFSSL) SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c) SET(SSL_LIB ${wolfssl_library} m) SET(CMAKE_REQUIRED_LIBRARIES "${wolfssl_library} -lm") - CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h" - HAVE_WOLFSSL_SSLSETIORECV) - IF (NOT HAVE_WOLFSSL_SSLSETIORECV) - ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV) - ENDIF() - CHECK_SYMBOL_EXISTS (wolfSSL_X509_check_host - "wolfssl/options.h;wolfssl/ssl.h" - HAVE_WOLFSSL_X509_CHECK_HOST) - IF (NOT HAVE_WOLFSSL_X509_CHECK_HOST) - ADD_DEFINITIONS(-DNO_X509_CHECK_HOST) - ENDIF() ELSE() SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c) SET(SSL_LIB crypto ssl) diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c index db69499..4ff85d3 100644 --- a/ustream-io-wolfssl.c +++ b/ustream-io-wolfssl.c @@ -67,15 +67,8 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx) __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn) { -#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV wolfSSL_SSLSetIORecv(ssl, io_recv_cb); wolfSSL_SSLSetIOSend(ssl, io_send_cb); -#else - wolfSSL_SetIORecv((void *) ctx, io_recv_cb); - wolfSSL_SetIOSend((void *) ctx, io_send_cb); - if (ssl == NULL) - return; -#endif wolfSSL_SetIOReadCtx(ssl, conn); wolfSSL_SetIOWriteCtx(ssl, conn); } diff --git a/ustream-openssl.c b/ustream-openssl.c index 9b4ac6c..1ce796a 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -247,8 +247,6 @@ static void ustream_ssl_error(struct ustream_ssl *us, int ret) uloop_timeout_set(&us->error_timer, 0); } -#ifndef NO_X509_CHECK_HOST - static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert) { int ret; @@ -264,8 +262,6 @@ static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert) return ret == 1; } -#endif - static void ustream_ssl_verify_cert(struct ustream_ssl *us) { void *ssl = us->ssl; @@ -284,9 +280,8 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us) return; us->valid_cert = true; -#ifndef NO_X509_CHECK_HOST us->valid_cn = ustream_ssl_verify_cn(us, cert); -#endif + X509_free(cert); } diff --git a/ustream-ssl.c b/ustream-ssl.c index 46ac552..cd69f9e 100644 --- a/ustream-ssl.c +++ b/ustream-ssl.c @@ -199,9 +199,6 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc us->conn = conn; us->ctx = ctx; -#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV) - ustream_set_io(ctx, NULL, conn); -#endif us->ssl = __ustream_ssl_session_new(us->ctx); if (!us->ssl) return -ENOMEM; |