diff options
-rw-r--r-- | src/openssl.c | 109 |
1 files changed, 101 insertions, 8 deletions
diff --git a/src/openssl.c b/src/openssl.c index c5c692f..7addaa1 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -250,6 +250,10 @@ #define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0) #endif +#ifndef HAVE_SSL_CTX_GET0_PARAM +#define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3)) #endif @@ -262,16 +266,28 @@ #define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */ #endif +#ifndef HAVE_SSL_CTX_SET1_PARAM +#define HAVE_SSL_CTX_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,0)) +#endif + #ifndef HAVE_SSL_CTX_CERT_STORE #define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0)) #endif +#ifndef HAVE_SSL_GET0_ALPN_SELECTED +#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS +#endif + +#ifndef HAVE_SSL_GET0_PARAM +#define HAVE_SSL_GET0_PARAM OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HAVE_SSL_SET_ALPN_PROTOS #define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS #endif -#ifndef HAVE_SSL_GET0_ALPN_SELECTED -#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS +#ifndef HAVE_SSL_SET1_PARAM +#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) #endif #ifndef HAVE_SSL_UP_REF @@ -286,10 +302,6 @@ #define HAVE_SSLV2_SERVER_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2) #endif -#ifndef HAVE_X509_AUTH_LEVEL -#define HAVE_X509_AUTH_LEVEL OPENSSL_PREREQ(1,1,0) -#endif - #ifndef HAVE_X509_STORE_REFERENCES #define HAVE_X509_STORE_REFERENCES (!OPENSSL_PREREQ(1,1,0)) #endif @@ -302,6 +314,26 @@ #define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0) #endif +#ifndef HAVE_X509_VERIFY_PARAM_ADD1_HOST +#define HAVE_X509_VERIFY_PARAM_ADD1_HOST OPENSSL_PREREQ(1,0,2) +#endif + +#ifndef HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL +#define HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL OPENSSL_PREREQ(1,1,0) +#endif + +#ifndef HAVE_X509_VERIFY_PARAM_SET1_EMAIL +#define HAVE_X509_VERIFY_PARAM_SET1_EMAIL OPENSSL_PREREQ(1,0,2) +#endif + +#ifndef HAVE_X509_VERIFY_PARAM_SET1_HOST +#define HAVE_X509_VERIFY_PARAM_SET1_HOST OPENSSL_PREREQ(1,0,2) +#endif + +#ifndef HAVE_X509_VERIFY_PARAM_SET1_IP_ASC +#define HAVE_X509_VERIFY_PARAM_SET1_IP_ASC OPENSSL_PREREQ(1,0,2) +#endif + #ifndef HMAC_INIT_EX_INT #define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0) #endif @@ -1535,6 +1567,22 @@ static int compat_SSL_client_version(const SSL *ssl) { } /* compat_SSL_client_version() */ #endif +#if !HAVE_SSL_GET0_PARAM +#define SSL_get0_param(ssl) compat_SSL_get0_param((ssl)) + +static X509_VERIFY_PARAM *compat_SSL_get0_param(SSL *ssl) { + return ssl->param; +} /* compat_SSL_get0_param() */ +#endif + +#if !HAVE_SSL_SET1_PARAM +#define SSL_set1_param(ssl, vpm) compat_SSL_set1_param((ssl), (vpm)) + +static int compat_SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { + return X509_VERIFY_PARAM_set1(ssl->param, vpm); +} /* compat_SSL_set1_param() */ +#endif + #if !HAVE_SSL_UP_REF #define SSL_up_ref(...) compat_SSL_up_ref(__VA_ARGS__) @@ -1547,6 +1595,22 @@ static int compat_SSL_up_ref(SSL *ssl) { } /* compat_SSL_up_ref() */ #endif +#if !HAVE_SSL_CTX_GET0_PARAM +#define SSL_CTX_get0_param(ctx) compat_SSL_CTX_get0_param((ctx)) + +static X509_VERIFY_PARAM *compat_SSL_CTX_get0_param(SSL_CTX *ctx) { + return ctx->param; +} /* compat_SSL_CTX_get0_param() */ +#endif + +#if !HAVE_SSL_CTX_SET1_PARAM +#define SSL_CTX_set1_param(ctx, vpm) compat_SSL_CTX_set1_param((ctx), (vpm)) + +static int compat_SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { + return X509_VERIFY_PARAM_set1(ctx->param, vpm); +} /* compat_SSL_CTX_set1_param() */ +#endif + #if !HAVE_X509_GET0_EXT #define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) #endif @@ -1667,6 +1731,19 @@ static int compat_X509_up_ref(X509 *crt) { } /* compat_X509_up_ref() */ #endif +#if !HAVE_X509_VERIFY_PARAM_SET1_EMAIL +/* + * NB: Cannot emulate. Requires dereferencing X509_VERIFY_PARAM_ID objects, + * which were always opaque. + */ +#endif + +#if !HAVE_X509_VERIFY_PARAM_SET1_HOST +/* + * NB: See HAVE_X509_VERIFY_PARAM_SET1_EMAIL. + */ +#endif + static int compat_init(void) { static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; static int store_index = -1, ssl_ctx_index = -1, done; @@ -8364,7 +8441,7 @@ static int xp_getDepth(lua_State *L) { } /* xp_getDepth() */ -#if HAVE_X509_AUTH_LEVEL +#if HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL static int xp_setAuthLevel(lua_State *L) { X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); int auth_level = luaL_checkinteger(L, 2); @@ -8387,6 +8464,7 @@ static int xp_getAuthLevel(lua_State *L) { #endif +#if HAVE_X509_VERIFY_PARAM_SET1_HOST static int xp_setHost(lua_State *L) { X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); size_t len; @@ -8399,8 +8477,10 @@ static int xp_setHost(lua_State *L) { lua_pushboolean(L, 1); return 1; } /* xp_setHost() */ +#endif +#if HAVE_X509_VERIFY_PARAM_ADD1_HOST static int xp_addHost(lua_State *L) { X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); size_t len; @@ -8413,8 +8493,10 @@ static int xp_addHost(lua_State *L) { lua_pushboolean(L, 1); return 1; } /* xp_addHost() */ +#endif +#if HAVE_X509_VERIFY_PARAM_SET1_EMAIL static int xp_setEmail(lua_State *L) { X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); size_t len; @@ -8427,8 +8509,10 @@ static int xp_setEmail(lua_State *L) { lua_pushboolean(L, 1); return 1; } /* xp_setEmail() */ +#endif +#if HAVE_X509_VERIFY_PARAM_SET1_IP_ASC static int xp_setIP(lua_State *L) { X509_VERIFY_PARAM *xp = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); const char *str = luaL_checkstring(L, 2); @@ -8440,6 +8524,7 @@ static int xp_setIP(lua_State *L) { lua_pushboolean(L, 1); return 1; } /* xp_setIP() */ +#endif static int xp__gc(lua_State *L) { @@ -8458,14 +8543,22 @@ static const auxL_Reg xp_methods[] = { { "setTime", &xp_setTime }, { "setDepth", &xp_setDepth }, { "getDepth", &xp_getDepth }, -#if HAVE_X509_AUTH_LEVEL +#if HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL { "setAuthLevel", &xp_setAuthLevel }, { "getAuthLevel", &xp_getAuthLevel }, #endif +#if HAVE_X509_VERIFY_PARAM_SET1_HOST { "setHost", &xp_setHost }, +#endif +#if HAVE_X509_VERIFY_PARAM_ADD1_HOST { "addHost", &xp_addHost }, +#endif +#if HAVE_X509_VERIFY_PARAM_SET1_EMAIL { "setEmail", &xp_setEmail }, +#endif +#if HAVE_X509_VERIFY_PARAM_SET1_IP_ASC { "setIP", &xp_setIP }, +#endif { NULL, NULL }, }; |