From 1a62a0182557c89494676c06611f1ca731bcb2db Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Wed, 7 Aug 2024 13:32:28 -0400 Subject: [PATCH] BoringSSL compatibility fixes for cpp-httplib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes errors observed while building util/http_transport_test_server/http_transport_test_server.cc, shown below. The fixes include: - Library version check: tolerate BoringSSL as an alternative to OpenSSL 3. - Don’t call `OPENSSL_thread_stop`, which is not in BoringSSL. - Use `SSL_get_peer_certificate` (deprecated in OpenSSL 3), the old name for `SSL_get1_peer_certificate`, because the new name is not in BoringSSL. - Call `SSL_set_tlsext_host_name` directly instead of making a quirky `SSL_ctrl` call that BoringSSL does not support. The feared -Wold-style-cast warning that occurs when buidling with OpenSSL is not triggered in BoringSSL. Compilation errors from https://chromium-review.googlesource.com/c/5766975?checksPatchset=1&tab=checks → https://ci.chromium.org/ui/p/chromium/builders/try/linux-rel/1909715/ → “10. compilator steps (with patch)” → “31. compile (with patch)” → stdout (https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket/8740323272553670737/+/u/compile__with_patch_/stdout): ``` In file included from util/net/http_transport_test_server.cc:42: third_party/cpp-httplib/cpp-httplib/httplib.h:275:2: error: Sorry, OpenSSL versions prior to 3.0.0 are not supported 275 | #error Sorry, OpenSSL versions prior to 3.0.0 are not supported | ^ In file included from util/net/http_transport_test_server.cc:42: third_party/cpp-httplib/cpp-httplib/httplib.h:733:7: error: use of undeclared identifier 'OPENSSL_thread_stop' 733 | OPENSSL_thread_stop (); | ^ third_party/cpp-httplib/cpp-httplib/httplib.h:9062:30: error: use of undeclared identifier 'SSL_get1_peer_certificate'; did you mean 'SSL_get_peer_certificate'? 9062 | auto server_cert = SSL_get1_peer_certificate(ssl2); | ^~~~~~~~~~~~~~~~~~~~~~~~~ | SSL_get_peer_certificate …/boringssl/src/include/openssl/ssl.h:1784:22: note: 'SSL_get_peer_certificate' declared here 1784 | OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl); | ^ In file included from util/net/http_transport_test_server.cc:42: third_party/cpp-httplib/cpp-httplib/httplib.h:9083:24: error: use of undeclared identifier 'doesnt_exist' 9083 | SSL_ctrl(ssl2, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, | ^ …/boringssl/src/include/openssl/ssl.h:5699:38: note: expanded from macro 'SSL_CTRL_SET_TLSEXT_HOSTNAME' 5699 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist | ^ 4 errors generated. ``` Change-Id: I5798f17323672d70f75335cea61094457b54466e Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5769752 Reviewed-by: Joshua Peraza --- third_party/cpp-httplib/cpp-httplib/httplib.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/third_party/cpp-httplib/cpp-httplib/httplib.h b/third_party/cpp-httplib/cpp-httplib/httplib.h index 9ea27fa6..93d8a28d 100644 --- a/third_party/cpp-httplib/cpp-httplib/httplib.h +++ b/third_party/cpp-httplib/cpp-httplib/httplib.h @@ -271,7 +271,9 @@ using socket_t = int; #include #include -#if OPENSSL_VERSION_NUMBER < 0x30000000L +#if defined(OPENSSL_IS_BORINGSSL) +#define SSL_get1_peer_certificate SSL_get_peer_certificate +#elif OPENSSL_VERSION_NUMBER < 0x30000000L #error Sorry, OpenSSL versions prior to 3.0.0 are not supported #endif @@ -729,7 +731,7 @@ private: fn(); } -#ifdef CPPHTTPLIB_OPENSSL_SUPPORT +#if defined(CPPHTTPLIB_OPENSSL_SUPPORT) && !defined(OPENSSL_IS_BORINGSSL) OPENSSL_thread_stop (); #endif } @@ -9077,11 +9079,14 @@ inline bool SSLClient::initialize_ssl(Socket &socket, Error &error) { return true; }, [&](SSL *ssl2) { +#if defined(OPENSSL_IS_BORINGSSL) + SSL_set_tlsext_host_name(ssl2, host_.c_str()); +#else // NOTE: Direct call instead of using the OpenSSL macro to suppress // -Wold-style-cast warning - // SSL_set_tlsext_host_name(ssl2, host_.c_str()); SSL_ctrl(ssl2, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, static_cast(const_cast(host_.c_str()))); +#endif return true; });