BoringSSL compatibility fixes for cpp-httplib

This fixes errors observed while building
util/http_transport_test_server/http_transport_test_server.cc, shown
below.

The fixes include:
 - Library version check: tolerate BoringSSL as an alternative to
   OpenSSL 3.
 - Don’t call `OPENSSL_thread_stop`, which is not in BoringSSL.
 - Use `SSL_get_peer_certificate` (deprecated in OpenSSL 3), the old
   name for `SSL_get1_peer_certificate`, because the new name is not in
   BoringSSL.
 - Call `SSL_set_tlsext_host_name` directly instead of making a quirky
   `SSL_ctrl` call that BoringSSL does not support. The feared
   -Wold-style-cast warning that occurs when buidling with OpenSSL is
   not triggered in BoringSSL.

Compilation errors from
https://chromium-review.googlesource.com/c/5766975?checksPatchset=1&tab=checkshttps://ci.chromium.org/ui/p/chromium/builders/try/linux-rel/1909715/
→ “10. compilator steps (with patch)” → “31. compile (with patch)” →
stdout
(https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket/8740323272553670737/+/u/compile__with_patch_/stdout):

```
In file included from util/net/http_transport_test_server.cc:42:
third_party/cpp-httplib/cpp-httplib/httplib.h:275:2: error: Sorry, OpenSSL versions prior to 3.0.0 are not supported
  275 | #error Sorry, OpenSSL versions prior to 3.0.0 are not supported
      |  ^
In file included from util/net/http_transport_test_server.cc:42:
third_party/cpp-httplib/cpp-httplib/httplib.h:733:7: error: use of undeclared identifier 'OPENSSL_thread_stop'
  733 |       OPENSSL_thread_stop ();
      |       ^
third_party/cpp-httplib/cpp-httplib/httplib.h:9062:30: error: use of undeclared identifier 'SSL_get1_peer_certificate'; did you mean 'SSL_get_peer_certificate'?
 9062 |           auto server_cert = SSL_get1_peer_certificate(ssl2);
      |                              ^~~~~~~~~~~~~~~~~~~~~~~~~
      |                              SSL_get_peer_certificate
…/boringssl/src/include/openssl/ssl.h:1784:22: note: 'SSL_get_peer_certificate' declared here
 1784 | OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl);
      |                      ^
In file included from util/net/http_transport_test_server.cc:42:
third_party/cpp-httplib/cpp-httplib/httplib.h:9083:24: error: use of undeclared identifier 'doesnt_exist'
 9083 |         SSL_ctrl(ssl2, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name,
      |                        ^
…/boringssl/src/include/openssl/ssl.h:5699:38: note: expanded from macro 'SSL_CTRL_SET_TLSEXT_HOSTNAME'
 5699 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist
      |                                      ^
4 errors generated.
```

Change-Id: I5798f17323672d70f75335cea61094457b54466e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5769752
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This commit is contained in:
Mark Mentovai 2024-08-07 13:32:28 -04:00
parent b8658f3806
commit 1a62a01825

View File

@ -271,7 +271,9 @@ using socket_t = int;
#include <iostream> #include <iostream>
#include <sstream> #include <sstream>
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if defined(OPENSSL_IS_BORINGSSL)
#define SSL_get1_peer_certificate SSL_get_peer_certificate
#elif OPENSSL_VERSION_NUMBER < 0x30000000L
#error Sorry, OpenSSL versions prior to 3.0.0 are not supported #error Sorry, OpenSSL versions prior to 3.0.0 are not supported
#endif #endif
@ -729,7 +731,7 @@ private:
fn(); fn();
} }
#ifdef CPPHTTPLIB_OPENSSL_SUPPORT #if defined(CPPHTTPLIB_OPENSSL_SUPPORT) && !defined(OPENSSL_IS_BORINGSSL)
OPENSSL_thread_stop (); OPENSSL_thread_stop ();
#endif #endif
} }
@ -9077,11 +9079,14 @@ inline bool SSLClient::initialize_ssl(Socket &socket, Error &error) {
return true; return true;
}, },
[&](SSL *ssl2) { [&](SSL *ssl2) {
#if defined(OPENSSL_IS_BORINGSSL)
SSL_set_tlsext_host_name(ssl2, host_.c_str());
#else
// NOTE: Direct call instead of using the OpenSSL macro to suppress // NOTE: Direct call instead of using the OpenSSL macro to suppress
// -Wold-style-cast warning // -Wold-style-cast warning
// SSL_set_tlsext_host_name(ssl2, host_.c_str());
SSL_ctrl(ssl2, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, SSL_ctrl(ssl2, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name,
static_cast<void *>(const_cast<char *>(host_.c_str()))); static_cast<void *>(const_cast<char *>(host_.c_str())));
#endif
return true; return true;
}); });