Wrapped everything OpenSSL related in a SSL_USE_OPENSSL check macro.

This commit is contained in:
Jan Vidar Krey 2012-10-02 23:59:11 +02:00
parent 69603ff70f
commit f20c42d05f
11 changed files with 96 additions and 20 deletions

View File

@ -17,13 +17,21 @@ set (PROJECT_SOURCE_DIR "${CMAKE_SOURCE_DIR}/src")
option(RELEASE "Release build, debug build if disabled" ON) option(RELEASE "Release build, debug build if disabled" ON)
option(LINK_SUPPORT "Allow hub linking" OFF) option(LINK_SUPPORT "Allow hub linking" OFF)
option(SSL_SUPPORT "Enable SSL support" ON) option(SSL_SUPPORT "Enable SSL support" ON)
option(USE_OPENSSL "Use OpenSSL's SSL support" OFF)
option(SQLITE_SUPPORT "Enable SQLite support" ON) option(SQLITE_SUPPORT "Enable SQLite support" ON)
option(ADC_STRESS "Enable the stress tester client" OFF) option(ADC_STRESS "Enable the stress tester client" OFF)
find_package(Git) find_package(Git)
if (SSL_SUPPORT) if (SSL_SUPPORT)
find_package(OpenSSL REQUIRED) if (USE_OPENSSL)
find_package(OpenSSL)
else()
find_package(GnuTLS)
endif()
if (NOT GNUTLS_FOUND AND NOT OPENSSL_FOUND)
message(FATAL_ERROR "Neither OpenSSL nor GnuTLS are not found!")
endif()
endif() endif()
if (MSVC) if (MSVC)
@ -156,16 +164,26 @@ else()
endif() endif()
if(OPENSSL_FOUND) if(OPENSSL_FOUND)
add_definitions(-DSSL_SUPPORT=1) set(SSL_LIBS ${OPENSSL_LIBRARIES})
add_definitions(-DSSL_SUPPORT=1 -DSSL_USE_OPENSSL=1)
include_directories(${OPENSSL_INCLUDE_DIR}) include_directories(${OPENSSL_INCLUDE_DIR})
target_link_libraries(uhub ${OPENSSL_LIBRARIES}) endif()
if (GNUTLS_FOUND)
set(SSL_LIBS ${GNUTLS_LIBRARIES})
add_definitions(-DSSL_SUPPORT=1 -DSSL_USE_GNUTLS=1 ${GNUTLS_DEFINITIONS})
include_directories(${GNUTLS_INCLUDE_DIR})
endif()
if(SSL_SUPPORT)
target_link_libraries(uhub ${SSL_LIBS})
if(UNIX) if(UNIX)
target_link_libraries(uhub-admin ${OPENSSL_LIBRARIES}) target_link_libraries(uhub-admin ${SSL_LIBS})
endif() endif()
target_link_libraries(mod_welcome ${OPENSSL_LIBRARIES}) target_link_libraries(mod_welcome ${SSL_LIBS})
target_link_libraries(mod_logging ${OPENSSL_LIBRARIES}) target_link_libraries(mod_logging ${SSL_LIBS})
if (ADC_STRESS) if (ADC_STRESS)
target_link_libraries(adcrush ${OPENSSL_LIBRARIES}) target_link_libraries(adcrush ${SSL_LIBS})
endif() endif()
endif() endif()

View File

@ -731,6 +731,7 @@ static int load_ssl_certificates(struct hub_info* hub, struct hub_config* config
{ {
if (config->tls_enable) if (config->tls_enable)
{ {
#ifdef SSL_USE_OPENSSL
hub->ssl_method = (SSL_METHOD*) SSLv23_method(); /* TLSv1_method() */ hub->ssl_method = (SSL_METHOD*) SSLv23_method(); /* TLSv1_method() */
hub->ssl_ctx = SSL_CTX_new(hub->ssl_method); hub->ssl_ctx = SSL_CTX_new(hub->ssl_method);
@ -754,18 +755,21 @@ static int load_ssl_certificates(struct hub_info* hub, struct hub_config* config
return 0; return 0;
} }
LOG_INFO("Enabling TLS, using certificate: %s, private key: %s", config->tls_certificate, config->tls_private_key); LOG_INFO("Enabling TLS, using certificate: %s, private key: %s", config->tls_certificate, config->tls_private_key);
#endif /* SSL_USE_OPENSSL */
} }
return 1; return 1;
} }
static void unload_ssl_certificates(struct hub_info* hub) static void unload_ssl_certificates(struct hub_info* hub)
{ {
#ifdef SSL_USE_OPENSSL
if (hub->ssl_ctx) if (hub->ssl_ctx)
{ {
SSL_CTX_free(hub->ssl_ctx); SSL_CTX_free(hub->ssl_ctx);
} }
#endif /* SSL_USE_OPENSSL */
} }
#endif #endif /* SSL_SUPPORT */
struct hub_info* hub_start_service(struct hub_config* config) struct hub_info* hub_start_service(struct hub_config* config)
{ {

View File

@ -116,8 +116,10 @@ struct hub_info
struct uhub_plugins* plugins; /* Plug-ins loaded for this hub instance. */ struct uhub_plugins* plugins; /* Plug-ins loaded for this hub instance. */
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
SSL_METHOD* ssl_method; SSL_METHOD* ssl_method;
SSL_CTX* ssl_ctx; SSL_CTX* ssl_ctx;
#endif // SSL_USE_OPENSSL
#endif /* SSL_SUPPORT */ #endif /* SSL_SUPPORT */
}; };

View File

@ -85,7 +85,9 @@ static void probe_net_event(struct net_connection* con, int events, void *arg)
{ {
probe->connection = 0; probe->connection = 0;
} }
#ifdef SSL_USE_OPENSSL
net_con_ssl_handshake(con, net_con_ssl_mode_server, probe->hub->ssl_ctx); net_con_ssl_handshake(con, net_con_ssl_mode_server, probe->hub->ssl_ctx);
#endif /* SSL_USE_OPENSSL */
} }
else else
{ {

View File

@ -180,12 +180,14 @@ void net_con_close(struct net_connection* con)
g_backend->handler.con_del(g_backend->data, con); g_backend->handler.con_del(g_backend->data, con);
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
if (con->ssl) if (con->ssl)
{ {
SSL_shutdown(con->ssl); SSL_shutdown(con->ssl);
SSL_clear(con->ssl); SSL_clear(con->ssl);
} }
#endif #endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */
net_close(con->sd); net_close(con->sd);
con->sd = -1; con->sd = -1;

View File

@ -35,10 +35,17 @@
net_connection_cb callback; /** Callback function */ \ net_connection_cb callback; /** Callback function */ \
struct timeout_evt* timeout; /** timeout event handler */ struct timeout_evt* timeout; /** timeout event handler */
#ifdef SSL_USE_OPENSSL
#define NET_CON_STRUCT_SSL \ #define NET_CON_STRUCT_SSL \
SSL* ssl; /** SSL handle */ \ SSL* ssl; /** SSL handle */ \
uint32_t ssl_state; /** SSL state */ \ uint32_t ssl_state; /** SSL state */ \
size_t write_len; /** Length of last SSL_write(), only used if flags is NET_WANT_SSL_READ. */ \ size_t write_len; /** Length of last SSL_write(), only used if flags is NET_WANT_SSL_READ. */
#endif
#ifdef SSL_USE_GNUTLS
#define NET_CON_STRUCT_SSL \
uint32_t ssl_state; /** SSL state */
#endif
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#define NET_CON_STRUCT_COMMON \ #define NET_CON_STRUCT_COMMON \

View File

@ -32,6 +32,7 @@ enum uhub_tls_state
tls_st_disconnecting, tls_st_disconnecting,
}; };
#ifdef SSL_USE_OPENSSL
static int handle_openssl_error(struct net_connection* con, int ret) static int handle_openssl_error(struct net_connection* con, int ret)
{ {
uhub_assert(con); uhub_assert(con);
@ -72,15 +73,18 @@ static int handle_openssl_error(struct net_connection* con, int ret)
} }
return -1; return -1;
} }
#endif /* SSL_USE_OPENSSL */
ssize_t net_con_ssl_accept(struct net_connection* con) ssize_t net_con_ssl_accept(struct net_connection* con)
{ {
uhub_assert(con); uhub_assert(con);
con->ssl_state = tls_st_accepting; con->ssl_state = tls_st_accepting;
ssize_t ret = SSL_accept(con->ssl); ssize_t ret;
#ifdef SSL_USE_OPENSSL
ret = SSL_accept(con->ssl);
#ifdef NETWORK_DUMP_DEBUG #ifdef NETWORK_DUMP_DEBUG
LOG_PROTO("SSL_accept() ret=%d", ret); LOG_PROTO("SSL_accept() ret=%d", ret);
#endif #endif /* NETWORK_DUMP_DEBUG */
if (ret > 0) if (ret > 0)
{ {
net_con_update(con, NET_EVENT_READ); net_con_update(con, NET_EVENT_READ);
@ -90,18 +94,20 @@ ssize_t net_con_ssl_accept(struct net_connection* con)
{ {
return handle_openssl_error(con, ret); return handle_openssl_error(con, ret);
} }
#endif /* SSL_USE_OPENSSL */
return ret; return ret;
} }
ssize_t net_con_ssl_connect(struct net_connection* con) ssize_t net_con_ssl_connect(struct net_connection* con)
{ {
uhub_assert(con); uhub_assert(con);
ssize_t ret;
con->ssl_state = tls_st_connecting; con->ssl_state = tls_st_connecting;
ssize_t ret = SSL_connect(con->ssl); #ifdef SSL_USE_OPENSSL
ret = SSL_connect(con->ssl);
#ifdef NETWORK_DUMP_DEBUG #ifdef NETWORK_DUMP_DEBUG
LOG_PROTO("SSL_connect() ret=%d", ret); LOG_PROTO("SSL_connect() ret=%d", ret);
#endif #endif /* NETWORK_DUMP_DEBUG */
if (ret > 0) if (ret > 0)
{ {
con->ssl_state = tls_st_connected; con->ssl_state = tls_st_connected;
@ -111,12 +117,15 @@ ssize_t net_con_ssl_connect(struct net_connection* con)
{ {
return handle_openssl_error(con, ret); return handle_openssl_error(con, ret);
} }
#endif /* SSL_USE_OPENSSL */
return ret; return ret;
} }
#ifdef SSL_USE_OPENSSL
ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode ssl_mode, SSL_CTX* ssl_ctx) ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode ssl_mode, SSL_CTX* ssl_ctx)
{ {
uhub_assert(con); uhub_assert(con);
SSL* ssl = 0; SSL* ssl = 0;
if (ssl_mode == net_con_ssl_mode_server) if (ssl_mode == net_con_ssl_mode_server)
@ -138,7 +147,9 @@ ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode
net_con_set_ssl(con, ssl); net_con_set_ssl(con, ssl);
return net_con_ssl_connect(con); return net_con_ssl_connect(con);
} }
} }
#endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */ #endif /* SSL_SUPPORT */
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
@ -150,7 +161,9 @@ ssize_t net_con_send(struct net_connection* con, const void* buf, size_t len)
{ {
int ret; int ret;
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
if (!con->ssl) if (!con->ssl)
#endif /* SSL_USE_OPENSSL */
{ {
#endif #endif
ret = net_send(con->sd, buf, len, UHUB_SEND_SIGNAL); ret = net_send(con->sd, buf, len, UHUB_SEND_SIGNAL);
@ -168,6 +181,7 @@ ssize_t net_con_send(struct net_connection* con, const void* buf, size_t len)
} }
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
} }
#ifdef SSL_USE_OPENSSL
else else
{ {
con->write_len = len; con->write_len = len;
@ -182,7 +196,8 @@ ssize_t net_con_send(struct net_connection* con, const void* buf, size_t len)
net_stats_add_tx(ret); net_stats_add_tx(ret);
} }
} }
#endif #endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */
return ret; return ret;
} }
@ -214,6 +229,7 @@ ssize_t net_con_recv(struct net_connection* con, void* buf, size_t len)
} }
else else
{ {
#ifdef SSL_USE_OPENSSL
if (con->ssl_state == tls_st_error) if (con->ssl_state == tls_st_error)
return -1; return -1;
@ -228,8 +244,9 @@ ssize_t net_con_recv(struct net_connection* con, void* buf, size_t len)
{ {
return handle_openssl_error(con, ret); return handle_openssl_error(con, ret);
} }
#endif /* SSL_USE_OPENSSL */
} }
#endif #endif /* SSL_SUPPORT */
return ret; return ret;
} }
@ -254,11 +271,15 @@ ssize_t net_con_peek(struct net_connection* con, void* buf, size_t len)
} }
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
int net_con_is_ssl(struct net_connection* con) int net_con_is_ssl(struct net_connection* con)
{ {
#ifdef SSL_USE_OPENSSL
return con->ssl != 0; return con->ssl != 0;
#endif
} }
#ifdef SSL_USE_OPENSSL
SSL* net_con_get_ssl(struct net_connection* con) SSL* net_con_get_ssl(struct net_connection* con)
{ {
return con->ssl; return con->ssl;
@ -268,6 +289,7 @@ void net_con_set_ssl(struct net_connection* con, SSL* ssl)
{ {
con->ssl = ssl; con->ssl = ssl;
} }
#endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */ #endif /* SSL_SUPPORT */
int net_con_get_sd(struct net_connection* con) int net_con_get_sd(struct net_connection* con)
@ -283,7 +305,9 @@ void* net_con_get_ptr(struct net_connection* con)
void net_con_destroy(struct net_connection* con) void net_con_destroy(struct net_connection* con)
{ {
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
SSL_free(con->ssl); SSL_free(con->ssl);
#endif /* SSL_USE_OPENSSL */
#endif #endif
hub_free(con); hub_free(con);
} }
@ -301,13 +325,17 @@ void net_con_callback(struct net_connection* con, int events)
} }
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
if (!con->ssl) if (!con->ssl)
#endif /* SSL_USE_OPENSSL */
{ {
#endif #endif
con->callback(con, events, con->ptr); con->callback(con, events, con->ptr);
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
} }
#ifdef SSL_USE_OPENSSL
else else
#endif /* SSL_USE_OPENSSL */
{ {
#ifdef NETWORK_DUMP_DEBUG #ifdef NETWORK_DUMP_DEBUG
LOG_PROTO("net_con_event: events=%d, con=%p, state=%d", events, con, con->ssl_state); LOG_PROTO("net_con_event: events=%d, con=%p, state=%d", events, con, con->ssl_state);

View File

@ -100,11 +100,13 @@ enum net_con_ssl_mode
net_con_ssl_mode_client, net_con_ssl_mode_client,
}; };
#ifdef SSL_USE_OPENSSL
extern ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode, SSL_CTX* ssl_ctx); extern ssize_t net_con_ssl_handshake(struct net_connection* con, enum net_con_ssl_mode, SSL_CTX* ssl_ctx);
extern int net_con_is_ssl(struct net_connection* con);
extern SSL* net_con_get_ssl(struct net_connection* con); extern SSL* net_con_get_ssl(struct net_connection* con);
extern void net_con_set_ssl(struct net_connection* con, SSL*); extern void net_con_set_ssl(struct net_connection* con, SSL*);
#endif // SSL_USE_OPENSSL
extern int net_con_is_ssl(struct net_connection* con);
#endif /* SSL_SUPPORT */ #endif /* SSL_SUPPORT */
#endif /* HAVE_UHUB_NETWORK_CONNECTION_H */ #endif /* HAVE_UHUB_NETWORK_CONNECTION_H */

View File

@ -59,9 +59,11 @@ int net_initialize()
net_stats_initialize(); net_stats_initialize();
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
LOG_TRACE("Initializing OpenSSL..."); LOG_TRACE("Initializing OpenSSL...");
SSL_library_init(); SSL_library_init();
SSL_load_error_strings(); SSL_load_error_strings();
#endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */ #endif /* SSL_SUPPORT */
net_initialized = 1; net_initialized = 1;
@ -100,10 +102,12 @@ int net_destroy()
net_backend_shutdown(); net_backend_shutdown();
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
ERR_free_strings(); ERR_free_strings();
EVP_cleanup(); EVP_cleanup();
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
#endif #endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */
#ifdef WINSOCK #ifdef WINSOCK
WSACleanup(); WSACleanup();

View File

@ -99,8 +99,13 @@
#endif #endif
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#endif /* SSL_USE_OPENSSL */
#ifdef SSL_USE_GNUTLS
#include <gnutls/gnutls.h>
#endif /* SSL_USE_GNUTLS */
#endif #endif
#include "version.h" #include "version.h"

View File

@ -66,8 +66,10 @@ struct ADC_client
int flags; int flags;
void* ptr; void* ptr;
#ifdef SSL_SUPPORT #ifdef SSL_SUPPORT
#ifdef SSL_USE_OPENSSL
const SSL_METHOD* ssl_method; const SSL_METHOD* ssl_method;
SSL_CTX* ssl_ctx; SSL_CTX* ssl_ctx;
#endif /* SSL_USE_OPENSSL */
#endif /* SSL_SUPPORT */ #endif /* SSL_SUPPORT */
}; };