Change SSL{Server,Common}Options::k{CipherList,SignatureAlgorithms} to static constexpr function

Summary:
Taking the address of a static constexpr variable will generate undefined
references until C++17, when static constexpr variables are implicitly inline.

Turning this into a static constexpr function generates weak symbols for both
C++14 & C++17. If anything, if you don't care about this, this makes it easier
to add/remove ciphers since you no longer need to adjust the array size
in the definition in SSLOptions.cpp.

The original motivation for this change was to fix a build failure in proxygen
oss, where declaring a wangle::SSLContextConfig would lead to an undefined
symbol linker error.

Reviewed By: lnicco

Differential Revision: D15246869

fbshipit-source-id: 44c016b9eecdf999efbffdcd381c024a6ffb11ac

folly/io/async/SSLOptions.cpp

@@ -27,10 +27,6 @@ void logDfatal(std::exception const& e) {
 }
 } // namespace ssl_options_detail
 
-constexpr std::array<const char*, 12> SSLCommonOptions::kCipherList;
-constexpr std::array<const char*, 8> SSLCommonOptions::kSignatureAlgorithms;
-constexpr std::array<const char*, 12> SSLServerOptions::kCipherList;
-
 void SSLCommonOptions::setClientOptions(SSLContext& ctx) {
 #ifdef SSL_MODE_HANDSHAKE_CUTTHROUGH
   ctx.enableFalseStart();

folly/io/async/SSLOptions.h

@@ -30,33 +30,37 @@ struct SSLCommonOptions {
   /**
    * The cipher list recommended for this options configuration.
    */
-  static constexpr auto kCipherList = folly::make_array(
-      "ECDHE-ECDSA-AES128-GCM-SHA256",
-      "ECDHE-RSA-AES128-GCM-SHA256",
-      "ECDHE-ECDSA-AES256-GCM-SHA384",
-      "ECDHE-RSA-AES256-GCM-SHA384",
-      "ECDHE-ECDSA-AES256-SHA",
-      "ECDHE-RSA-AES256-SHA",
-      "ECDHE-ECDSA-AES128-SHA",
-      "ECDHE-RSA-AES128-SHA",
-      "ECDHE-RSA-AES256-SHA384",
-      "AES128-GCM-SHA256",
-      "AES256-SHA",
-      "AES128-SHA");
+  static constexpr auto ciphers() {
+    return folly::make_array(
+        "ECDHE-ECDSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-ECDSA-AES256-GCM-SHA384",
+        "ECDHE-RSA-AES256-GCM-SHA384",
+        "ECDHE-ECDSA-AES256-SHA",
+        "ECDHE-RSA-AES256-SHA",
+        "ECDHE-ECDSA-AES128-SHA",
+        "ECDHE-RSA-AES128-SHA",
+        "ECDHE-RSA-AES256-SHA384",
+        "AES128-GCM-SHA256",
+        "AES256-SHA",
+        "AES128-SHA");
+  }
 
   /**
    * The list of signature algorithms recommended for this options
    * configuration.
    */
-  static constexpr auto kSignatureAlgorithms = folly::make_array(
-      "RSA+SHA512",
-      "ECDSA+SHA512",
-      "RSA+SHA384",
-      "ECDSA+SHA384",
-      "RSA+SHA256",
-      "ECDSA+SHA256",
-      "RSA+SHA1",
-      "ECDSA+SHA1");
+  static constexpr auto sigalgs() {
+    return folly::make_array(
+        "RSA+SHA512",
+        "ECDSA+SHA512",
+        "RSA+SHA384",
+        "ECDSA+SHA384",
+        "RSA+SHA256",
+        "ECDSA+SHA256",
+        "RSA+SHA1",
+        "ECDSA+SHA1");
+  }
 
   /**
    * Set common parameters on a client SSL context, for example,
@@ -73,19 +77,21 @@ struct SSLServerOptions {
   /**
    * The list of ciphers recommended for server use.
    */
-  static constexpr auto kCipherList = folly::make_array(
-      "ECDHE-ECDSA-AES128-GCM-SHA256",
-      "ECDHE-ECDSA-AES256-GCM-SHA384",
-      "ECDHE-ECDSA-AES128-SHA",
-      "ECDHE-ECDSA-AES256-SHA",
-      "ECDHE-RSA-AES128-GCM-SHA256",
-      "ECDHE-RSA-AES256-GCM-SHA384",
-      "ECDHE-RSA-AES128-SHA",
-      "ECDHE-RSA-AES256-SHA",
-      "AES128-GCM-SHA256",
-      "AES256-GCM-SHA384",
-      "AES128-SHA",
-      "AES256-SHA");
+  static constexpr auto ciphers() {
+    return folly::make_array(
+        "ECDHE-ECDSA-AES128-GCM-SHA256",
+        "ECDHE-ECDSA-AES256-GCM-SHA384",
+        "ECDHE-ECDSA-AES128-SHA",
+        "ECDHE-ECDSA-AES256-SHA",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES256-GCM-SHA384",
+        "ECDHE-RSA-AES128-SHA",
+        "ECDHE-RSA-AES256-SHA",
+        "AES128-GCM-SHA256",
+        "AES256-GCM-SHA384",
+        "AES128-SHA",
+        "AES256-SHA");
+  }
 };
 
 /**
@@ -96,7 +102,7 @@ struct SSLServerOptions {
 template <typename TSSLOptions>
 void setCipherSuites(SSLContext& ctx) {
   try {
-    ctx.setCipherList(TSSLOptions::kCipherList);
+    ctx.setCipherList(TSSLOptions::ciphers());
   } catch (std::runtime_error const& e) {
     ssl_options_detail::logDfatal(e);
   }
@@ -110,7 +116,7 @@ void setCipherSuites(SSLContext& ctx) {
 template <typename TSSLOptions>
 void setSignatureAlgorithms(SSLContext& ctx) {
   try {
-    ctx.setSignatureAlgorithms(TSSLOptions::kSignatureAlgorithms);
+    ctx.setSignatureAlgorithms(TSSLOptions::sigalgs());
   } catch (std::runtime_error const& e) {
     ssl_options_detail::logDfatal(e);
   }

folly/io/async/test/SSLOptionsTest.cpp

@@ -32,7 +32,7 @@ TEST_F(SSLOptionsTest, TestSetCommonCipherList) {
 
   int i = 0;
   ssl::SSLUniquePtr ssl(ctx.createSSL());
-  for (auto& cipher : ssl::SSLCommonOptions::kCipherList) {
+  for (auto& cipher : ssl::SSLCommonOptions::ciphers()) {
     ASSERT_STREQ(cipher, SSL_get_cipher_list(ssl.get(), i++));
   }
   ASSERT_EQ(nullptr, SSL_get_cipher_list(ssl.get(), i));