diff options
| author | Georg Richter <georg@mariadb.com> | 2017-03-08 17:39:47 +0100 |
|---|---|---|
| committer | Georg Richter <georg@mariadb.com> | 2017-03-08 17:39:47 +0100 |
| commit | f88977321038cf04bed974afce953ae7a0dca2e6 (patch) | |
| tree | 7c4d55904981cc63443bb5a49cac66ccfbf4c2b2 /include | |
| parent | 2bca41265c802dc9a3e8852bb2b3cda720a5d44a (diff) | |
| download | mariadb-git-MDEV-10332.tar.gz | |
Initial implementation for MDEV-10332:MDEV-10332
support for OpenSSL 1.1 and LibreSSL
tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
not working on Windows with native SChannel support, due to wrong cipher mapping: Latter one requires push of CONC-241 fixes.
Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if the build succeeds, test cases will fail with various errors, especially when using different tls libraries or versions for client and server.
Diffstat (limited to 'include')
| -rw-r--r-- | include/my_crypt.h | 15 | ||||
| -rw-r--r-- | include/violite.h | 9 |
2 files changed, 20 insertions, 4 deletions
diff --git a/include/my_crypt.h b/include/my_crypt.h index e1e94c9bd9d..433f60d44a7 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -24,6 +24,21 @@ extern "C" { #endif +/* OpenSSL version specific definitions */ +#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#define ERR_remove_state(X) +#else +#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X) +#define RAND_OpenSSL() RAND_SSLeay(); +#if defined(HAVE_ERR_remove_thread_state) +#define ERR_remove_state(X) ERR_remove_thread_state(NULL) +#endif +#endif +#elif defined(HAVE_YASSL) +#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X) +#endif /* !defined(HAVE_YASSL) */ + /* return values from my_aes_encrypt/my_aes_decrypt functions */ #define MY_AES_OK 0 #define MY_AES_BAD_DATA -100 diff --git a/include/violite.h b/include/violite.h index 6047c7c8fd4..78ca45da6f1 100644 --- a/include/violite.h +++ b/include/violite.h @@ -146,14 +146,15 @@ typedef my_socket YASSL_SOCKET_T; #include <openssl/ssl.h> #include <openssl/err.h> -#ifdef HAVE_ERR_remove_thread_state +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#define ERR_remove_state(X) +#elif defined(HAVE_ERR_remove_thread_state) #define ERR_remove_state(X) ERR_remove_thread_state(NULL) #endif - enum enum_ssl_init_error { - SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, - SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, + SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, + SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, SSL_INITERR_MEMFAIL, SSL_INITERR_DH, SSL_INITERR_LASTERR }; const char* sslGetErrString(enum enum_ssl_init_error err); |