From 8280140db9d121cb476335a7fa49de02a63fd9b5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0tetiar?= Date: Thu, 10 Dec 2020 16:00:02 +0100 Subject: [PATCH] wolfssl: remove now deprecated compatibility code MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Mainly that NO_X509_CHECK_HOST is causing certificate validation issues in some setups: root@OpenWrt:/# wget https://www.google.com Downloading 'https://www.google.com' Connecting to 172.217.23.196:443 Connection error: Server hostname does not match SSL certificate but instead of spending time on fixing it, I've simply decided to remove it as we're now on wolfSSL 4.5.0 and those symbols should be avaialable so no symbol detection and handling should be needed anymore. Signed-off-by: Petr Å tetiar --- CMakeLists.txt | 13 ------------- ustream-io-wolfssl.c | 7 ------- ustream-openssl.c | 7 +------ ustream-ssl.c | 3 --- 4 files changed, 1 insertion(+), 29 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b883751..c98b12a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,5 @@ cmake_minimum_required(VERSION 2.6) -INCLUDE(CheckSymbolExists) - PROJECT(ustream-ssl C) ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3) @@ -26,17 +24,6 @@ ELSEIF(WOLFSSL) SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c) SET(SSL_LIB ${wolfssl_library} m) SET(CMAKE_REQUIRED_LIBRARIES "${wolfssl_library} -lm") - CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h" - HAVE_WOLFSSL_SSLSETIORECV) - IF (NOT HAVE_WOLFSSL_SSLSETIORECV) - ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV) - ENDIF() - CHECK_SYMBOL_EXISTS (wolfSSL_X509_check_host - "wolfssl/options.h;wolfssl/ssl.h" - HAVE_WOLFSSL_X509_CHECK_HOST) - IF (NOT HAVE_WOLFSSL_X509_CHECK_HOST) - ADD_DEFINITIONS(-DNO_X509_CHECK_HOST) - ENDIF() ELSE() SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c) SET(SSL_LIB crypto ssl) diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c index db69499..4ff85d3 100644 --- a/ustream-io-wolfssl.c +++ b/ustream-io-wolfssl.c @@ -67,15 +67,8 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx) __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn) { -#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV wolfSSL_SSLSetIORecv(ssl, io_recv_cb); wolfSSL_SSLSetIOSend(ssl, io_send_cb); -#else - wolfSSL_SetIORecv((void *) ctx, io_recv_cb); - wolfSSL_SetIOSend((void *) ctx, io_send_cb); - if (ssl == NULL) - return; -#endif wolfSSL_SetIOReadCtx(ssl, conn); wolfSSL_SetIOWriteCtx(ssl, conn); } diff --git a/ustream-openssl.c b/ustream-openssl.c index 9b4ac6c..1ce796a 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -247,8 +247,6 @@ static void ustream_ssl_error(struct ustream_ssl *us, int ret) uloop_timeout_set(&us->error_timer, 0); } -#ifndef NO_X509_CHECK_HOST - static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert) { int ret; @@ -264,8 +262,6 @@ static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert) return ret == 1; } -#endif - static void ustream_ssl_verify_cert(struct ustream_ssl *us) { void *ssl = us->ssl; @@ -284,9 +280,8 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us) return; us->valid_cert = true; -#ifndef NO_X509_CHECK_HOST us->valid_cn = ustream_ssl_verify_cn(us, cert); -#endif + X509_free(cert); } diff --git a/ustream-ssl.c b/ustream-ssl.c index 46ac552..cd69f9e 100644 --- a/ustream-ssl.c +++ b/ustream-ssl.c @@ -199,9 +199,6 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc us->conn = conn; us->ctx = ctx; -#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV) - ustream_set_io(ctx, NULL, conn); -#endif us->ssl = __ustream_ssl_session_new(us->ctx); if (!us->ssl) return -ENOMEM; -- 2.30.2