Wrapped everything OpenSSL related in a SSL_USE_OPENSSL check macro.
This commit is contained in:
parent
69603ff70f
commit
f20c42d05f
@ -17,13 +17,21 @@ set (PROJECT_SOURCE_DIR "${CMAKE_SOURCE_DIR}/src")
|
||||
option(RELEASE "Release build, debug build if disabled" ON)
|
||||
option(LINK_SUPPORT "Allow hub linking" OFF)
|
||||
option(SSL_SUPPORT "Enable SSL support" ON)
|
||||
option(USE_OPENSSL "Use OpenSSL's SSL support" OFF)
|
||||
option(SQLITE_SUPPORT "Enable SQLite support" ON)
|
||||
option(ADC_STRESS "Enable the stress tester client" OFF)
|
||||
|
||||
find_package(Git)
|
||||
|
||||
if (SSL_SUPPORT)
|
||||
find_package(OpenSSL REQUIRED)
|
||||
if (USE_OPENSSL)
|
||||
find_package(OpenSSL)
|
||||
else()
|
||||
find_package(GnuTLS)
|
||||
endif()
|
||||
if (NOT GNUTLS_FOUND AND NOT OPENSSL_FOUND)
|
||||
message(FATAL_ERROR "Neither OpenSSL nor GnuTLS are not found!")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if (MSVC)
|
||||
@ -156,16 +164,26 @@ else()
|
||||
endif()
|
||||
|
||||
if(OPENSSL_FOUND)
|
||||
add_definitions(-DSSL_SUPPORT=1)
|
||||
set(SSL_LIBS ${OPENSSL_LIBRARIES})
|
||||
add_definitions(-DSSL_SUPPORT=1 -DSSL_USE_OPENSSL=1)
|
||||
include_directories(${OPENSSL_INCLUDE_DIR})
|
||||
target_link_libraries(uhub ${OPENSSL_LIBRARIES})
|
||||
endif()
|
||||
|
||||
if (GNUTLS_FOUND)
|
||||
set(SSL_LIBS ${GNUTLS_LIBRARIES})
|
||||
add_definitions(-DSSL_SUPPORT=1 -DSSL_USE_GNUTLS=1 ${GNUTLS_DEFINITIONS})
|
||||
include_directories(${GNUTLS_INCLUDE_DIR})
|
||||
endif()
|
||||
|
||||
if(SSL_SUPPORT)
|
||||
target_link_libraries(uhub ${SSL_LIBS})
|
||||
if(UNIX)
|
||||
target_link_libraries(uhub-admin ${OPENSSL_LIBRARIES})
|
||||
target_link_libraries(uhub-admin ${SSL_LIBS})
|
||||
endif()
|
||||
target_link_libraries(mod_welcome ${OPENSSL_LIBRARIES})
|
||||
target_link_libraries(mod_logging ${OPENSSL_LIBRARIES})
|
||||
target_link_libraries(mod_welcome ${SSL_LIBS})
|
||||
target_link_libraries(mod_logging ${SSL_LIBS})
|
||||
if (ADC_STRESS)
|
||||
target_link_libraries(adcrush ${OPENSSL_LIBRARIES})
|
||||
target_link_libraries(adcrush ${SSL_LIBS})
|
||||
endif()
|
||||
endif()
|
||||
|
||||
|
@ -731,6 +731,7 @@ static int load_ssl_certificates(struct hub_info* hub, struct hub_config* config
|
||||
{
|
||||
if (config->tls_enable)
|
||||
{
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
hub->ssl_method = (SSL_METHOD*) SSLv23_method(); /* TLSv1_method() */
|
||||
hub->ssl_ctx = SSL_CTX_new(hub->ssl_method);
|
||||
|
||||
@ -754,18 +755,21 @@ static int load_ssl_certificates(struct hub_info* hub, struct hub_config* config
|
||||
return 0;
|
||||
}
|
||||
LOG_INFO("Enabling TLS, using certificate: %s, private key: %s", config->tls_certificate, config->tls_private_key);
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void unload_ssl_certificates(struct hub_info* hub)
|
||||
{
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
if (hub->ssl_ctx)
|
||||
{
|
||||
SSL_CTX_free(hub->ssl_ctx);
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
}
|
||||
#endif
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
struct hub_info* hub_start_service(struct hub_config* config)
|
||||
{
|
||||
|
@ -116,8 +116,10 @@ struct hub_info
|
||||
struct uhub_plugins* plugins; /* Plug-ins loaded for this hub instance. */
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
SSL_METHOD* ssl_method;
|
||||
SSL_CTX* ssl_ctx;
|
||||
#endif // SSL_USE_OPENSSL
|
||||
#endif /* SSL_SUPPORT */
|
||||
};
|
||||
|
||||
|
@ -85,7 +85,9 @@ static void probe_net_event(struct net_connection* con, int events, void *arg)
|
||||
{
|
||||
probe->connection = 0;
|
||||
}
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
net_con_ssl_handshake(con, net_con_ssl_mode_server, probe->hub->ssl_ctx);
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -180,12 +180,14 @@ void net_con_close(struct net_connection* con)
|
||||
g_backend->handler.con_del(g_backend->data, con);
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
if (con->ssl)
|
||||
{
|
||||
SSL_shutdown(con->ssl);
|
||||
SSL_clear(con->ssl);
|
||||
}
|
||||
#endif
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
net_close(con->sd);
|
||||
con->sd = -1;
|
||||
|
@ -35,10 +35,17 @@
|
||||
net_connection_cb callback; /** Callback function */ \
|
||||
struct timeout_evt* timeout; /** timeout event handler */
|
||||
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
#define NET_CON_STRUCT_SSL \
|
||||
SSL* ssl; /** SSL handle */ \
|
||||
uint32_t ssl_state; /** SSL state */ \
|
||||
size_t write_len; /** Length of last SSL_write(), only used if flags is NET_WANT_SSL_READ. */ \
|
||||
size_t write_len; /** Length of last SSL_write(), only used if flags is NET_WANT_SSL_READ. */
|
||||
#endif
|
||||
|
||||
#ifdef SSL_USE_GNUTLS
|
||||
#define NET_CON_STRUCT_SSL \
|
||||
uint32_t ssl_state; /** SSL state */
|
||||
#endif
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#define NET_CON_STRUCT_COMMON \
|
||||
|
@ -32,6 +32,7 @@ enum uhub_tls_state
|
||||
tls_st_disconnecting,
|
||||
};
|
||||
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
static int handle_openssl_error(struct net_connection* con, int ret)
|
||||
{
|
||||
uhub_assert(con);
|
||||
@ -72,15 +73,18 @@ static int handle_openssl_error(struct net_connection* con, int ret)
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
|
||||
ssize_t net_con_ssl_accept(struct net_connection* con)
|
||||
{
|
||||
uhub_assert(con);
|
||||
con->ssl_state = tls_st_accepting;
|
||||
ssize_t ret = SSL_accept(con->ssl);
|
||||
ssize_t ret;
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
ret = SSL_accept(con->ssl);
|
||||
#ifdef NETWORK_DUMP_DEBUG
|
||||
LOG_PROTO("SSL_accept() ret=%d", ret);
|
||||
#endif
|
||||
#endif /* NETWORK_DUMP_DEBUG */
|
||||
if (ret > 0)
|
||||
{
|
||||
net_con_update(con, NET_EVENT_READ);
|
||||
@ -90,18 +94,20 @@ ssize_t net_con_ssl_accept(struct net_connection* con)
|
||||
{
|
||||
return handle_openssl_error(con, ret);
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
return ret;
|
||||
}
|
||||
|
||||
ssize_t net_con_ssl_connect(struct net_connection* con)
|
||||
{
|
||||
uhub_assert(con);
|
||||
|
||||
ssize_t ret;
|
||||
con->ssl_state = tls_st_connecting;
|
||||
ssize_t ret = SSL_connect(con->ssl);
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
ret = SSL_connect(con->ssl);
|
||||
#ifdef NETWORK_DUMP_DEBUG
|
||||
LOG_PROTO("SSL_connect() ret=%d", ret);
|
||||
#endif
|
||||
#endif /* NETWORK_DUMP_DEBUG */
|
||||
if (ret > 0)
|
||||
{
|
||||
con->ssl_state = tls_st_connected;
|
||||
@ -111,12 +117,15 @@ ssize_t net_con_ssl_connect(struct net_connection* con)
|
||||
{
|
||||
return handle_openssl_error(con, ret);
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode ssl_mode, SSL_CTX* ssl_ctx)
|
||||
{
|
||||
uhub_assert(con);
|
||||
|
||||
SSL* ssl = 0;
|
||||
|
||||
if (ssl_mode == net_con_ssl_mode_server)
|
||||
@ -138,7 +147,9 @@ ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode
|
||||
net_con_set_ssl(con, ssl);
|
||||
return net_con_ssl_connect(con);
|
||||
}
|
||||
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
@ -150,7 +161,9 @@ ssize_t net_con_send(struct net_connection* con, const void* buf, size_t len)
|
||||
{
|
||||
int ret;
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
if (!con->ssl)
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
{
|
||||
#endif
|
||||
ret = net_send(con->sd, buf, len, UHUB_SEND_SIGNAL);
|
||||
@ -168,6 +181,7 @@ ssize_t net_con_send(struct net_connection* con, const void* buf, size_t len)
|
||||
}
|
||||
#ifdef SSL_SUPPORT
|
||||
}
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
else
|
||||
{
|
||||
con->write_len = len;
|
||||
@ -182,7 +196,8 @@ ssize_t net_con_send(struct net_connection* con, const void* buf, size_t len)
|
||||
net_stats_add_tx(ret);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -214,6 +229,7 @@ ssize_t net_con_recv(struct net_connection* con, void* buf, size_t len)
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
if (con->ssl_state == tls_st_error)
|
||||
return -1;
|
||||
|
||||
@ -228,8 +244,9 @@ ssize_t net_con_recv(struct net_connection* con, void* buf, size_t len)
|
||||
{
|
||||
return handle_openssl_error(con, ret);
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
}
|
||||
#endif
|
||||
#endif /* SSL_SUPPORT */
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -254,11 +271,15 @@ ssize_t net_con_peek(struct net_connection* con, void* buf, size_t len)
|
||||
}
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
|
||||
int net_con_is_ssl(struct net_connection* con)
|
||||
{
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
return con->ssl != 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
SSL* net_con_get_ssl(struct net_connection* con)
|
||||
{
|
||||
return con->ssl;
|
||||
@ -268,6 +289,7 @@ void net_con_set_ssl(struct net_connection* con, SSL* ssl)
|
||||
{
|
||||
con->ssl = ssl;
|
||||
}
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
int net_con_get_sd(struct net_connection* con)
|
||||
@ -283,7 +305,9 @@ void* net_con_get_ptr(struct net_connection* con)
|
||||
void net_con_destroy(struct net_connection* con)
|
||||
{
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
SSL_free(con->ssl);
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif
|
||||
hub_free(con);
|
||||
}
|
||||
@ -301,13 +325,17 @@ void net_con_callback(struct net_connection* con, int events)
|
||||
}
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
if (!con->ssl)
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
{
|
||||
#endif
|
||||
con->callback(con, events, con->ptr);
|
||||
#ifdef SSL_SUPPORT
|
||||
}
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
else
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
{
|
||||
#ifdef NETWORK_DUMP_DEBUG
|
||||
LOG_PROTO("net_con_event: events=%d, con=%p, state=%d", events, con, con->ssl_state);
|
||||
|
@ -100,11 +100,13 @@ enum net_con_ssl_mode
|
||||
net_con_ssl_mode_client,
|
||||
};
|
||||
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
extern ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode, SSL_CTX* ssl_ctx);
|
||||
|
||||
extern int net_con_is_ssl(struct net_connection* con);
|
||||
extern SSL* net_con_get_ssl(struct net_connection* con);
|
||||
extern void net_con_set_ssl(struct net_connection* con, SSL*);
|
||||
#endif // SSL_USE_OPENSSL
|
||||
extern int net_con_is_ssl(struct net_connection* con);
|
||||
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
#endif /* HAVE_UHUB_NETWORK_CONNECTION_H */
|
||||
|
@ -59,9 +59,11 @@ int net_initialize()
|
||||
net_stats_initialize();
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
LOG_TRACE("Initializing OpenSSL...");
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
net_initialized = 1;
|
||||
@ -100,10 +102,12 @@ int net_destroy()
|
||||
net_backend_shutdown();
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
ERR_free_strings();
|
||||
EVP_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
#endif
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
|
||||
#ifdef WINSOCK
|
||||
WSACleanup();
|
||||
|
@ -99,8 +99,13 @@
|
||||
#endif
|
||||
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#ifdef SSL_USE_GNUTLS
|
||||
#include <gnutls/gnutls.h>
|
||||
#endif /* SSL_USE_GNUTLS */
|
||||
#endif
|
||||
|
||||
#include "version.h"
|
||||
|
@ -66,8 +66,10 @@ struct ADC_client
|
||||
int flags;
|
||||
void* ptr;
|
||||
#ifdef SSL_SUPPORT
|
||||
#ifdef SSL_USE_OPENSSL
|
||||
const SSL_METHOD* ssl_method;
|
||||
SSL_CTX* ssl_ctx;
|
||||
#endif /* SSL_USE_OPENSSL */
|
||||
#endif /* SSL_SUPPORT */
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user