diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-09-18 23:18:02 -0300 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-09-20 20:48:23 +0200 |
| commit | 33308eebda34c90455dbce825fac112a987c0ecd (patch) | |
| tree | 36db8dc16f02841c3db2464e8d4cde75ef1ad4f2 | |
| parent | 79d91aa6e7f2fe544a4953fbae1c8bdcdba78099 (diff) | |
| download | ustream-ssl-33308eebda34c90455dbce825fac112a987c0ecd.tar.gz | |
ustream-io-cyassl.c: fix client-mode connections
Starting in v3.13.2, wolfSSL stores the BIO send and recv callbacks
in the SSL struct. When the SSL session is created, it inherits the
calls from the SSL_CTX, but they do not get updated when the SSL_CTX
callbacks are changed.
Currently, ustream-ssl sets the callbacks after the SSL session is
created, causing failures. Client apps, such as uclient-fetch fail
immediately to connect to https URLs with a 'Connection failed' error
message. uhttpd seems unaffected.
New calls to set them directly to the SSL struct were added in 4.1.0, so
we can use them, with a check in CMakeLists.txt to detect their
presence. Otherwise, another call to ustream_set_io is done before
creating the SSL session to properly set the callbacks.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
| -rw-r--r-- | CMakeLists.txt | 8 | ||||
| -rw-r--r-- | ustream-io-wolfssl.c | 11 | ||||
| -rw-r--r-- | ustream-ssl.c | 3 |
3 files changed, 20 insertions, 2 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 3b557c3..6b3fc8c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,7 @@ cmake_minimum_required(VERSION 2.6) +INCLUDE(CheckSymbolExists) + PROJECT(ustream-ssl C) ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations) @@ -13,6 +15,12 @@ ELSEIF(WOLFSSL) ADD_DEFINITIONS(-DHAVE_WOLFSSL) SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c) SET(SSL_LIB wolfssl m) + SET(CMAKE_REQUIRED_LIBRARIES "-lwolfssl -lm") + CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h" + HAVE_WOLFSSL_SSLSETIORECV) + IF (NOT HAVE_WOLFSSL_SSLSETIORECV) + ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV) + ENDIF() ELSE() SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c) SET(SSL_LIB crypto ssl) diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c index 052518a..db69499 100644 --- a/ustream-io-wolfssl.c +++ b/ustream-io-wolfssl.c @@ -67,8 +67,15 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx) __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn) { - wolfSSL_SetIOReadCtx(ssl, conn); - wolfSSL_SetIOWriteCtx(ssl, conn); +#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV + wolfSSL_SSLSetIORecv(ssl, io_recv_cb); + wolfSSL_SSLSetIOSend(ssl, io_send_cb); +#else wolfSSL_SetIORecv((void *) ctx, io_recv_cb); wolfSSL_SetIOSend((void *) ctx, io_send_cb); + if (ssl == NULL) + return; +#endif + wolfSSL_SetIOReadCtx(ssl, conn); + wolfSSL_SetIOWriteCtx(ssl, conn); } diff --git a/ustream-ssl.c b/ustream-ssl.c index dd0faf9..e6b084b 100644 --- a/ustream-ssl.c +++ b/ustream-ssl.c @@ -179,6 +179,9 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc us->conn = conn; us->ctx = ctx; +#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV) + ustream_set_io(ctx, NULL, conn); +#endif us->ssl = __ustream_ssl_session_new(us->ctx); if (!us->ssl) return -ENOMEM; |