Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
N
nghttp2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Libraries
nghttp2
Commits
0b609244
Commit
0b609244
authored
Oct 14, 2021
by
Tatsuhiro Tsujikawa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
src: Compile with boringssl for non-http3 build
parent
fa7a916e
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
35 additions
and
26 deletions
+35
-26
src/h2load.cc
src/h2load.cc
+9
-2
src/shrpx_connection.cc
src/shrpx_connection.cc
+8
-8
src/shrpx_tls.cc
src/shrpx_tls.cc
+15
-13
src/tls.h
src/tls.h
+3
-3
No files found.
src/h2load.cc
View file @
0b609244
...
...
@@ -2845,19 +2845,26 @@ int main(int argc, char **argv) {
exit
(
EXIT_FAILURE
);
}
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
if
(
SSL_CTX_set_ciphersuites
(
ssl_ctx
,
config
.
tls13_ciphers
.
c_str
())
==
0
)
{
std
::
cerr
<<
"SSL_CTX_set_ciphersuites with "
<<
config
.
tls13_ciphers
<<
" failed: "
<<
ERR_error_string
(
ERR_get_error
(),
nullptr
)
<<
std
::
endl
;
exit
(
EXIT_FAILURE
);
}
#endif // OPENSSL_1_1_1_API
#endif // OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
#if OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL)
if
(
SSL_CTX_set1_groups_list
(
ssl_ctx
,
config
.
groups
.
c_str
())
!=
1
)
{
std
::
cerr
<<
"SSL_CTX_set1_groups_list failed"
<<
std
::
endl
;
exit
(
EXIT_FAILURE
);
}
#else // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
if
(
SSL_CTX_set1_curves_list
(
ssl_ctx
,
config
.
groups
.
c_str
())
!=
1
)
{
std
::
cerr
<<
"SSL_CTX_set1_curves_list failed"
<<
std
::
endl
;
exit
(
EXIT_FAILURE
);
}
#endif // !(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb
(
ssl_ctx
,
client_select_next_proto_cb
,
...
...
src/shrpx_connection.cc
View file @
0b609244
...
...
@@ -397,7 +397,7 @@ int Connection::tls_handshake() {
ERR_clear_error
();
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
if
(
!
tls
.
server_handshake
||
tls
.
early_data_finish
)
{
rv
=
SSL_do_handshake
(
tls
.
ssl
);
}
else
{
...
...
@@ -449,9 +449,9 @@ int Connection::tls_handshake() {
}
}
}
#else // !
OPENSSL_1_1_1_API
#else // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
rv
=
SSL_do_handshake
(
tls
.
ssl
);
#endif // !
OPENSSL_1_1_1_API
#endif // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
if
(
rv
<=
0
)
{
auto
err
=
SSL_get_error
(
tls
.
ssl
,
rv
);
...
...
@@ -698,7 +698,7 @@ ssize_t Connection::write_tls(const void *data, size_t len) {
ERR_clear_error
();
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
int
rv
;
if
(
SSL_is_init_finished
(
tls
.
ssl
))
{
rv
=
SSL_write
(
tls
.
ssl
,
data
,
len
);
...
...
@@ -710,9 +710,9 @@ ssize_t Connection::write_tls(const void *data, size_t len) {
rv
=
nwrite
;
}
}
#else // !
OPENSSL_1_1_1_API
#else // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
auto
rv
=
SSL_write
(
tls
.
ssl
,
data
,
len
);
#endif // !
OPENSSL_1_1_1_API
#endif // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
if
(
rv
<=
0
)
{
auto
err
=
SSL_get_error
(
tls
.
ssl
,
rv
);
...
...
@@ -772,7 +772,7 @@ ssize_t Connection::read_tls(void *data, size_t len) {
tls
.
last_readlen
=
0
;
}
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
if
(
!
tls
.
early_data_finish
)
{
// TLSv1.3 handshake is still going on.
size_t
nread
;
...
...
@@ -811,7 +811,7 @@ ssize_t Connection::read_tls(void *data, size_t len) {
}
return
nread
;
}
#endif // OPENSSL_1_1_1_API
#endif // OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
auto
rv
=
SSL_read
(
tls
.
ssl
,
data
,
len
);
...
...
src/shrpx_tls.cc
View file @
0b609244
...
...
@@ -731,7 +731,8 @@ int quic_alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
# endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
#endif // ENABLE_HTTP3
#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
#if !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L && \
!defined(OPENSSL_IS_BORINGSSL)
# ifndef TLSEXT_TYPE_signed_certificate_timestamp
# define TLSEXT_TYPE_signed_certificate_timestamp 18
...
...
@@ -821,7 +822,8 @@ int legacy_sct_parse_cb(SSL *ssl, unsigned int ext_type,
}
// namespace
# endif // !OPENSSL_1_1_1_API
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L &&
// !defined(OPENSSL_IS_BORINGSSL)
#ifndef OPENSSL_NO_PSK
namespace
{
...
...
@@ -931,14 +933,14 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
|
SSL_OP_SINGLE_ECDH_USE
|
SSL_OP_SINGLE_DH_USE
|
SSL_OP_CIPHER_SERVER_PREFERENCE
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
// The reason for disabling built-in anti-replay in OpenSSL is
// that it only works if client gets back to the same server.
// The freshness check described in
// https://tools.ietf.org/html/rfc8446#section-8.3 is still
// performed.
|
SSL_OP_NO_ANTI_REPLAY
#endif // OPENSSL_1_1_1_API
#endif // OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
;
auto
config
=
mod_config
();
...
...
@@ -969,13 +971,13 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
DIE
();
}
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
if
(
SSL_CTX_set_ciphersuites
(
ssl_ctx
,
tlsconf
.
tls13_ciphers
.
c_str
())
==
0
)
{
LOG
(
FATAL
)
<<
"SSL_CTX_set_ciphersuites "
<<
tlsconf
.
tls13_ciphers
<<
" failed: "
<<
ERR_error_string
(
ERR_get_error
(),
nullptr
);
DIE
();
}
#endif // OPENSSL_1_1_1_API
#endif // OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
#ifndef OPENSSL_NO_EC
# if !LIBRESSL_LEGACY_API && OPENSSL_VERSION_NUMBER >= 0x10002000L
...
...
@@ -1172,13 +1174,13 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
#endif // !LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L &&
// !defined(OPENSSL_IS_BORINGSSL)
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
if
(
SSL_CTX_set_max_early_data
(
ssl_ctx
,
tlsconf
.
max_early_data
)
!=
1
)
{
LOG
(
FATAL
)
<<
"SSL_CTX_set_max_early_data failed: "
<<
ERR_error_string
(
ERR_get_error
(),
nullptr
);
DIE
();
}
#endif // OPENSSL_1_1_1_API
#endif // OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
#ifndef OPENSSL_NO_PSK
SSL_CTX_set_psk_server_callback
(
ssl_ctx
,
psk_server_cb
);
...
...
@@ -1616,14 +1618,14 @@ SSL_CTX *create_ssl_client_context(
DIE
();
}
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
if
(
SSL_CTX_set_ciphersuites
(
ssl_ctx
,
tlsconf
.
client
.
tls13_ciphers
.
c_str
())
==
0
)
{
LOG
(
FATAL
)
<<
"SSL_CTX_set_ciphersuites "
<<
tlsconf
.
client
.
tls13_ciphers
<<
" failed: "
<<
ERR_error_string
(
ERR_get_error
(),
nullptr
);
DIE
();
}
#endif // OPENSSL_1_1_1_API
#endif // OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
SSL_CTX_set_mode
(
ssl_ctx
,
SSL_MODE_RELEASE_BUFFERS
);
...
...
@@ -2625,7 +2627,7 @@ namespace {
int
time_t_from_asn1_time
(
time_t
&
t
,
const
ASN1_TIME
*
at
)
{
int
rv
;
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
struct
tm
tm
;
rv
=
ASN1_TIME_to_tm
(
at
,
&
tm
);
if
(
rv
!=
1
)
{
...
...
@@ -2633,7 +2635,7 @@ int time_t_from_asn1_time(time_t &t, const ASN1_TIME *at) {
}
t
=
nghttp2_timegm
(
&
tm
);
#else // !
OPENSSL_1_1_1_API
#else // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
auto
b
=
BIO_new
(
BIO_s_mem
());
if
(
!
b
)
{
return
-
1
;
...
...
@@ -2659,7 +2661,7 @@ int time_t_from_asn1_time(time_t &t, const ASN1_TIME *at) {
}
t
=
tt
;
#endif // !
OPENSSL_1_1_1_API
#endif // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
return
0
;
}
...
...
src/tls.h
View file @
0b609244
...
...
@@ -57,11 +57,11 @@ constexpr char DEFAULT_CIPHER_LIST[] =
"AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
;
constexpr
char
DEFAULT_TLS13_CIPHER_LIST
[]
=
#if OPENSSL_1_1_1_API
#if OPENSSL_1_1_1_API
&& !defined(OPENSSL_IS_BORINGSSL)
TLS_DEFAULT_CIPHERSUITES
#else // !
OPENSSL_1_1_1_API
#else // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
""
#endif // !
OPENSSL_1_1_1_API
#endif // !
(OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL))
;
constexpr
auto
NGHTTP2_TLS_MIN_VERSION
=
TLS1_VERSION
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment