mirror of
https://github.com/cesanta/mongoose.git
synced 2024-12-27 15:01:03 +08:00
fix WolfSSL
This commit is contained in:
parent
76b4c9a6ff
commit
9dc3d09981
16
.github/workflows/nightly.yml
vendored
16
.github/workflows/nightly.yml
vendored
@ -14,7 +14,7 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
cc: [gcc, clang, g++, clang++]
|
cc: [gcc, clang, g++, clang++]
|
||||||
target: [test, mip_test]
|
target: [test, mip_test]
|
||||||
ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
|
ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
|
||||||
select: ["-DMG_ENABLE_POLL=0 -DMG_ENABLE_EPOLL=0", "-DMG_ENABLE_POLL=1 -DMG_ENABLE_EPOLL=0", "-DMG_ENABLE_POLL=0 -DMG_ENABLE_EPOLL=1"]
|
select: ["-DMG_ENABLE_POLL=0 -DMG_ENABLE_EPOLL=0", "-DMG_ENABLE_POLL=1 -DMG_ENABLE_EPOLL=0", "-DMG_ENABLE_POLL=0 -DMG_ENABLE_EPOLL=1"]
|
||||||
exclude:
|
exclude:
|
||||||
- ssl: MBEDTLS
|
- ssl: MBEDTLS
|
||||||
@ -43,7 +43,7 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
ssl: [""]
|
ssl: ["", BUILTIN]
|
||||||
name: S390 SSL=${{ matrix.ssl }}
|
name: S390 SSL=${{ matrix.ssl }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@ -65,7 +65,7 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
|
ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
|
||||||
name: unamalgamated-mg_prefix SSL=${{ matrix.ssl }}
|
name: unamalgamated-mg_prefix SSL=${{ matrix.ssl }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@ -77,7 +77,7 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
|
ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
|
||||||
name: Valgrind SSL=${{ matrix.ssl }}
|
name: Valgrind SSL=${{ matrix.ssl }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@ -89,7 +89,7 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
|
ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
|
||||||
select: [-DMG_ENABLE_POLL=0, -DMG_ENABLE_POLL=1]
|
select: [-DMG_ENABLE_POLL=0, -DMG_ENABLE_POLL=1]
|
||||||
exclude:
|
exclude:
|
||||||
- ssl: MBEDTLS
|
- ssl: MBEDTLS
|
||||||
@ -106,7 +106,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with: { fetch-depth: 2 }
|
with: { fetch-depth: 2 }
|
||||||
- run: brew install jq mbedtls openssl wolfssl
|
- run: brew install mbedtls wolfssl # jq openssl already pre-installed
|
||||||
- run: make -C test test ASAN_OPTIONS= MBEDTLS=$(echo $(brew --cellar)/mbedtls*/*) OPENSSL=$(echo $(brew --cellar)/openssl*/*) WOLFSSL=$(echo $(brew --cellar)/wolfssl*/*)
|
- run: make -C test test ASAN_OPTIONS= MBEDTLS=$(echo $(brew --cellar)/mbedtls*/*) OPENSSL=$(echo $(brew --cellar)/openssl*/*) WOLFSSL=$(echo $(brew --cellar)/wolfssl*/*)
|
||||||
windows:
|
windows:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@ -158,7 +158,7 @@ jobs:
|
|||||||
name: examples ${{ matrix.ssl }}
|
name: examples ${{ matrix.ssl }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: sudo apt -y install libmbedtls-dev libwolfssl-dev libpcap-dev
|
- run: sudo apt -y install libpcap-dev
|
||||||
- run: make -C test examples CFLAGS_EXTRA="${{ matrix.ssl }}"
|
- run: make -C test examples CFLAGS_EXTRA="${{ matrix.ssl }}"
|
||||||
- run: make -C test clean_examples
|
- run: make -C test clean_examples
|
||||||
examples_win:
|
examples_win:
|
||||||
@ -243,7 +243,7 @@ jobs:
|
|||||||
name: tutorials ${{ matrix.ssl }}
|
name: tutorials ${{ matrix.ssl }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- run: sudo apt -y install libmbedtls-dev libwolfssl-dev libpcap-dev
|
- run: sudo apt -y install libpcap-dev
|
||||||
- run: make -C test tutorials CFLAGS_EXTRA="${{ matrix.ssl }}"
|
- run: make -C test tutorials CFLAGS_EXTRA="${{ matrix.ssl }}"
|
||||||
- run: make -C test clean_tutorials
|
- run: make -C test clean_tutorials
|
||||||
tutorials_win:
|
tutorials_win:
|
||||||
|
34
mongoose.c
34
mongoose.c
@ -4659,7 +4659,7 @@ static bool mg_atone(struct mg_str str, struct mg_addr *addr) {
|
|||||||
|
|
||||||
static bool mg_aton4(struct mg_str str, struct mg_addr *addr) {
|
static bool mg_aton4(struct mg_str str, struct mg_addr *addr) {
|
||||||
uint8_t data[4] = {0, 0, 0, 0};
|
uint8_t data[4] = {0, 0, 0, 0};
|
||||||
size_t i, num_dots = 0; // TODO(): refactor to mg_span() + mg_str_num()
|
size_t i, num_dots = 0;
|
||||||
for (i = 0; i < str.len; i++) {
|
for (i = 0; i < str.len; i++) {
|
||||||
if (str.buf[i] >= '0' && str.buf[i] <= '9') {
|
if (str.buf[i] >= '0' && str.buf[i] <= '9') {
|
||||||
int octet = data[num_dots] * 10 + (str.buf[i] - '0');
|
int octet = data[num_dots] * 10 + (str.buf[i] - '0');
|
||||||
@ -4705,7 +4705,7 @@ static bool mg_aton6(struct mg_str str, struct mg_addr *addr) {
|
|||||||
if ((str.buf[i] >= '0' && str.buf[i] <= '9') ||
|
if ((str.buf[i] >= '0' && str.buf[i] <= '9') ||
|
||||||
(str.buf[i] >= 'a' && str.buf[i] <= 'f') ||
|
(str.buf[i] >= 'a' && str.buf[i] <= 'f') ||
|
||||||
(str.buf[i] >= 'A' && str.buf[i] <= 'F')) {
|
(str.buf[i] >= 'A' && str.buf[i] <= 'F')) {
|
||||||
unsigned long val; // TODO(): This loops, refactor
|
unsigned long val; // TODO(): This loops on chars, refactor
|
||||||
if (i > j + 3) return false;
|
if (i > j + 3) return false;
|
||||||
// MG_DEBUG(("%lu %lu [%.*s]", i, j, (int) (i - j + 1), &str.buf[j]));
|
// MG_DEBUG(("%lu %lu [%.*s]", i, j, (int) (i - j + 1), &str.buf[j]));
|
||||||
mg_str_to_num(mg_str_n(&str.buf[j], i - j + 1), 16, &val, sizeof(val));
|
mg_str_to_num(mg_str_n(&str.buf[j], i - j + 1), 16, &val, sizeof(val));
|
||||||
@ -10904,8 +10904,9 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
if (c->is_listening) goto fail;
|
if (c->is_listening) goto fail;
|
||||||
MG_DEBUG(("%lu Setting TLS", c->id));
|
MG_DEBUG(("%lu Setting TLS", c->id));
|
||||||
MG_PROF_ADD(c, "mbedtls_init_start");
|
MG_PROF_ADD(c, "mbedtls_init_start");
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000 && \
|
||||||
psa_crypto_init();
|
defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
|
psa_crypto_init(); // https://github.com/Mbed-TLS/mbedtls/issues/9072#issuecomment-2084845711
|
||||||
#endif
|
#endif
|
||||||
mbedtls_ssl_init(&tls->ssl);
|
mbedtls_ssl_init(&tls->ssl);
|
||||||
mbedtls_ssl_config_init(&tls->conf);
|
mbedtls_ssl_config_init(&tls->conf);
|
||||||
@ -11034,7 +11035,8 @@ void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
#if MG_TLS == MG_TLS_OPENSSL
|
#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
|
||||||
|
|
||||||
static int tls_err_cb(const char *s, size_t len, void *c) {
|
static int tls_err_cb(const char *s, size_t len, void *c) {
|
||||||
int n = (int) len - 1;
|
int n = (int) len - 1;
|
||||||
MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
|
MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
|
||||||
@ -11094,13 +11096,12 @@ static X509 *load_cert(struct mg_str s) {
|
|||||||
return cert;
|
return cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static long mg_bio_ctrl(BIO *b, int cmd, long larg, void *pargs) {
|
static long mg_bio_ctrl(BIO *b, int cmd, long larg, void *pargs) {
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
if (cmd == BIO_CTRL_PUSH) ret = 1;
|
if (cmd == BIO_CTRL_PUSH) ret = 1;
|
||||||
if (cmd == BIO_CTRL_POP) ret = 1;
|
if (cmd == BIO_CTRL_POP) ret = 1;
|
||||||
if (cmd == BIO_CTRL_FLUSH) ret = 1;
|
if (cmd == BIO_CTRL_FLUSH) ret = 1;
|
||||||
#ifndef OPENSSL_IS_WOLFSSL
|
#if MG_TLS == MG_TLS_OPENSSL
|
||||||
if (cmd == BIO_C_SET_NBIO) ret = 1;
|
if (cmd == BIO_C_SET_NBIO) ret = 1;
|
||||||
#endif
|
#endif
|
||||||
// MG_DEBUG(("%d -> %ld", cmd, ret));
|
// MG_DEBUG(("%d -> %ld", cmd, ret));
|
||||||
@ -11163,6 +11164,13 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
SSL_set_options(tls->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
SSL_set_options(tls->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if MG_TLS == MG_TLS_WOLFSSL && !defined(OPENSSL_COMPATIBLE_DEFAULTS)
|
||||||
|
if (opts->ca.len == 0 || mg_strcmp(opts->ca, mg_str("*")) == 0) {
|
||||||
|
// Older versions require that either the CA is loaded or SSL_VERIFY_NONE
|
||||||
|
// explicitly set
|
||||||
|
SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, NULL);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if (opts->ca.buf != NULL && opts->ca.buf[0] != '\0') {
|
if (opts->ca.buf != NULL && opts->ca.buf[0] != '\0') {
|
||||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||||
NULL);
|
NULL);
|
||||||
@ -11194,21 +11202,25 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
SSL_set_mode(tls->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
SSL_set_mode(tls->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||||
#if OPENSSL_VERSION_NUMBER > 0x10002000L && !defined(OPENSSL_IS_WOLFSSL)
|
#if MG_TLS == MG_TLS_OPENSSL && OPENSSL_VERSION_NUMBER > 0x10002000L
|
||||||
(void) SSL_set_ecdh_auto(tls->ssl, 1);
|
(void) SSL_set_ecdh_auto(tls->ssl, 1);
|
||||||
#endif
|
#endif
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
if (opts->name.len > 0) {
|
if (opts->name.len > 0) {
|
||||||
char *s = mg_mprintf("%.*s", (int) opts->name.len, opts->name.buf);
|
char *s = mg_mprintf("%.*s", (int) opts->name.len, opts->name.buf);
|
||||||
|
#if MG_TLS != MG_TLS_WOLFSSL || LIBWOLFSSL_VERSION_HEX >= 0x05005002
|
||||||
SSL_set1_host(tls->ssl, s);
|
SSL_set1_host(tls->ssl, s);
|
||||||
|
#else
|
||||||
|
X509_VERIFY_PARAM_set1_host(SSL_get0_param(tls->ssl), s, 0);
|
||||||
|
#endif
|
||||||
SSL_set_tlsext_host_name(tls->ssl, s);
|
SSL_set_tlsext_host_name(tls->ssl, s);
|
||||||
free(s);
|
free(s);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_IS_WOLFSSL
|
#if MG_TLS == MG_TLS_WOLFSSL
|
||||||
tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
|
|
||||||
#else
|
|
||||||
tls->bm = BIO_meth_new(0, "bio_mg");
|
tls->bm = BIO_meth_new(0, "bio_mg");
|
||||||
|
#else
|
||||||
|
tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
|
||||||
#endif
|
#endif
|
||||||
BIO_meth_set_write(tls->bm, mg_bio_write);
|
BIO_meth_set_write(tls->bm, mg_bio_write);
|
||||||
BIO_meth_set_read(tls->bm, mg_bio_read);
|
BIO_meth_set_read(tls->bm, mg_bio_read);
|
||||||
|
81
mongoose.h
81
mongoose.h
@ -2147,6 +2147,7 @@ void mg_http_serve_ssi(struct mg_connection *c, const char *root,
|
|||||||
#define MG_TLS_NONE 0 // No TLS support
|
#define MG_TLS_NONE 0 // No TLS support
|
||||||
#define MG_TLS_MBED 1 // mbedTLS
|
#define MG_TLS_MBED 1 // mbedTLS
|
||||||
#define MG_TLS_OPENSSL 2 // OpenSSL
|
#define MG_TLS_OPENSSL 2 // OpenSSL
|
||||||
|
#define MG_TLS_WOLFSSL 5 // WolfSSL (based on OpenSSL)
|
||||||
#define MG_TLS_BUILTIN 3 // Built-in
|
#define MG_TLS_BUILTIN 3 // Built-in
|
||||||
#define MG_TLS_CUSTOM 4 // Custom implementation
|
#define MG_TLS_CUSTOM 4 // Custom implementation
|
||||||
|
|
||||||
@ -2214,7 +2215,7 @@ struct mg_tls {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#if MG_TLS == MG_TLS_OPENSSL
|
#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
|
||||||
|
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
@ -2917,6 +2918,49 @@ struct mg_tcpip_driver_tm4c_data {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_W5500) && MG_ENABLE_DRIVER_W5500
|
||||||
|
|
||||||
|
#undef MG_ENABLE_TCPIP_DRIVER_INIT
|
||||||
|
#define MG_ENABLE_TCPIP_DRIVER_INIT 0
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC7) && MG_ENABLE_DRIVER_XMC7
|
||||||
|
|
||||||
|
struct mg_tcpip_driver_xmc7_data {
|
||||||
|
int mdc_cr; // Valid values: -1, 0, 1, 2, 3, 4, 5
|
||||||
|
uint8_t phy_addr;
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef MG_TCPIP_PHY_ADDR
|
||||||
|
#define MG_TCPIP_PHY_ADDR 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef MG_DRIVER_MDC_CR
|
||||||
|
#define MG_DRIVER_MDC_CR 3
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define MG_TCPIP_DRIVER_INIT(mgr) \
|
||||||
|
do { \
|
||||||
|
static struct mg_tcpip_driver_xmc7_data driver_data_; \
|
||||||
|
static struct mg_tcpip_if mif_; \
|
||||||
|
driver_data_.mdc_cr = MG_DRIVER_MDC_CR; \
|
||||||
|
driver_data_.phy_addr = MG_TCPIP_PHY_ADDR; \
|
||||||
|
mif_.ip = MG_TCPIP_IP; \
|
||||||
|
mif_.mask = MG_TCPIP_MASK; \
|
||||||
|
mif_.gw = MG_TCPIP_GW; \
|
||||||
|
mif_.driver = &mg_tcpip_driver_xmc7; \
|
||||||
|
mif_.driver_data = &driver_data_; \
|
||||||
|
MG_SET_MAC_ADDRESS(mif_.mac); \
|
||||||
|
mg_tcpip_init(mgr, &mif_); \
|
||||||
|
MG_INFO(("Driver: xmc7, MAC: %M", mg_print_mac, mif_.mac)); \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC) && MG_ENABLE_DRIVER_XMC
|
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC) && MG_ENABLE_DRIVER_XMC
|
||||||
|
|
||||||
struct mg_tcpip_driver_xmc_data {
|
struct mg_tcpip_driver_xmc_data {
|
||||||
@ -2963,41 +3007,6 @@ struct mg_tcpip_driver_xmc_data {
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC7) && MG_ENABLE_DRIVER_XMC7
|
|
||||||
|
|
||||||
struct mg_tcpip_driver_xmc7_data {
|
|
||||||
int mdc_cr; // Valid values: -1, 0, 1, 2, 3, 4, 5
|
|
||||||
uint8_t phy_addr;
|
|
||||||
};
|
|
||||||
|
|
||||||
#ifndef MG_TCPIP_PHY_ADDR
|
|
||||||
#define MG_TCPIP_PHY_ADDR 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef MG_DRIVER_MDC_CR
|
|
||||||
#define MG_DRIVER_MDC_CR 3
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MG_TCPIP_DRIVER_INIT(mgr) \
|
|
||||||
do { \
|
|
||||||
static struct mg_tcpip_driver_xmc7_data driver_data_; \
|
|
||||||
static struct mg_tcpip_if mif_; \
|
|
||||||
driver_data_.mdc_cr = MG_DRIVER_MDC_CR; \
|
|
||||||
driver_data_.phy_addr = MG_TCPIP_PHY_ADDR; \
|
|
||||||
mif_.ip = MG_TCPIP_IP; \
|
|
||||||
mif_.mask = MG_TCPIP_MASK; \
|
|
||||||
mif_.gw = MG_TCPIP_GW; \
|
|
||||||
mif_.driver = &mg_tcpip_driver_xmc7; \
|
|
||||||
mif_.driver_data = &driver_data_; \
|
|
||||||
MG_SET_MAC_ADDRESS(mif_.mac); \
|
|
||||||
mg_tcpip_init(mgr, &mif_); \
|
|
||||||
MG_INFO(("Driver: xmc7, MAC: %M", mg_print_mac, mif_.mac)); \
|
|
||||||
} while (0)
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
#define MG_TLS_NONE 0 // No TLS support
|
#define MG_TLS_NONE 0 // No TLS support
|
||||||
#define MG_TLS_MBED 1 // mbedTLS
|
#define MG_TLS_MBED 1 // mbedTLS
|
||||||
#define MG_TLS_OPENSSL 2 // OpenSSL
|
#define MG_TLS_OPENSSL 2 // OpenSSL
|
||||||
|
#define MG_TLS_WOLFSSL 5 // WolfSSL (based on OpenSSL)
|
||||||
#define MG_TLS_BUILTIN 3 // Built-in
|
#define MG_TLS_BUILTIN 3 // Built-in
|
||||||
#define MG_TLS_CUSTOM 4 // Custom implementation
|
#define MG_TLS_CUSTOM 4 // Custom implementation
|
||||||
|
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
#include "printf.h"
|
#include "printf.h"
|
||||||
#include "tls.h"
|
#include "tls.h"
|
||||||
|
|
||||||
#if MG_TLS == MG_TLS_OPENSSL
|
#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
|
||||||
|
|
||||||
static int tls_err_cb(const char *s, size_t len, void *c) {
|
static int tls_err_cb(const char *s, size_t len, void *c) {
|
||||||
int n = (int) len - 1;
|
int n = (int) len - 1;
|
||||||
MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
|
MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
|
||||||
@ -61,13 +62,12 @@ static X509 *load_cert(struct mg_str s) {
|
|||||||
return cert;
|
return cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static long mg_bio_ctrl(BIO *b, int cmd, long larg, void *pargs) {
|
static long mg_bio_ctrl(BIO *b, int cmd, long larg, void *pargs) {
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
if (cmd == BIO_CTRL_PUSH) ret = 1;
|
if (cmd == BIO_CTRL_PUSH) ret = 1;
|
||||||
if (cmd == BIO_CTRL_POP) ret = 1;
|
if (cmd == BIO_CTRL_POP) ret = 1;
|
||||||
if (cmd == BIO_CTRL_FLUSH) ret = 1;
|
if (cmd == BIO_CTRL_FLUSH) ret = 1;
|
||||||
#ifndef OPENSSL_IS_WOLFSSL
|
#if MG_TLS == MG_TLS_OPENSSL
|
||||||
if (cmd == BIO_C_SET_NBIO) ret = 1;
|
if (cmd == BIO_C_SET_NBIO) ret = 1;
|
||||||
#endif
|
#endif
|
||||||
// MG_DEBUG(("%d -> %ld", cmd, ret));
|
// MG_DEBUG(("%d -> %ld", cmd, ret));
|
||||||
@ -130,6 +130,13 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
SSL_set_options(tls->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
SSL_set_options(tls->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if MG_TLS == MG_TLS_WOLFSSL && !defined(OPENSSL_COMPATIBLE_DEFAULTS)
|
||||||
|
if (opts->ca.len == 0 || mg_strcmp(opts->ca, mg_str("*")) == 0) {
|
||||||
|
// Older versions require that either the CA is loaded or SSL_VERIFY_NONE
|
||||||
|
// explicitly set
|
||||||
|
SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, NULL);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if (opts->ca.buf != NULL && opts->ca.buf[0] != '\0') {
|
if (opts->ca.buf != NULL && opts->ca.buf[0] != '\0') {
|
||||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||||
NULL);
|
NULL);
|
||||||
@ -161,21 +168,25 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
SSL_set_mode(tls->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
SSL_set_mode(tls->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||||
#if OPENSSL_VERSION_NUMBER > 0x10002000L && !defined(OPENSSL_IS_WOLFSSL)
|
#if MG_TLS == MG_TLS_OPENSSL && OPENSSL_VERSION_NUMBER > 0x10002000L
|
||||||
(void) SSL_set_ecdh_auto(tls->ssl, 1);
|
(void) SSL_set_ecdh_auto(tls->ssl, 1);
|
||||||
#endif
|
#endif
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||||
if (opts->name.len > 0) {
|
if (opts->name.len > 0) {
|
||||||
char *s = mg_mprintf("%.*s", (int) opts->name.len, opts->name.buf);
|
char *s = mg_mprintf("%.*s", (int) opts->name.len, opts->name.buf);
|
||||||
|
#if MG_TLS != MG_TLS_WOLFSSL || LIBWOLFSSL_VERSION_HEX >= 0x05005002
|
||||||
SSL_set1_host(tls->ssl, s);
|
SSL_set1_host(tls->ssl, s);
|
||||||
|
#else
|
||||||
|
X509_VERIFY_PARAM_set1_host(SSL_get0_param(tls->ssl), s, 0);
|
||||||
|
#endif
|
||||||
SSL_set_tlsext_host_name(tls->ssl, s);
|
SSL_set_tlsext_host_name(tls->ssl, s);
|
||||||
free(s);
|
free(s);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_IS_WOLFSSL
|
#if MG_TLS == MG_TLS_WOLFSSL
|
||||||
tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
|
|
||||||
#else
|
|
||||||
tls->bm = BIO_meth_new(0, "bio_mg");
|
tls->bm = BIO_meth_new(0, "bio_mg");
|
||||||
|
#else
|
||||||
|
tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
|
||||||
#endif
|
#endif
|
||||||
BIO_meth_set_write(tls->bm, mg_bio_write);
|
BIO_meth_set_write(tls->bm, mg_bio_write);
|
||||||
BIO_meth_set_read(tls->bm, mg_bio_read);
|
BIO_meth_set_read(tls->bm, mg_bio_read);
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#if MG_TLS == MG_TLS_OPENSSL
|
#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
|
||||||
|
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
@ -41,22 +41,39 @@ else
|
|||||||
C_WARN ?= -Wno-deprecated
|
C_WARN ?= -Wno-deprecated
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifeq "$(SSL)" "MBEDTLS"
|
|
||||||
MBEDTLS ?= /usr/local
|
|
||||||
CFLAGS += -DMG_TLS=MG_TLS_MBED -I$(MBEDTLS)/include -I/usr/include
|
|
||||||
LDFLAGS += -L$(MBEDTLS)/lib -lmbedtls -lmbedcrypto -lmbedx509
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq "$(SSL)" "OPENSSL"
|
ifeq "$(SSL)" "OPENSSL"
|
||||||
OPENSSL ?= /usr/local
|
ifeq "$(OPENSSL)" ""
|
||||||
|
CFLAGS += -DMG_TLS=MG_TLS_OPENSSL $(shell pkg-config openssl --cflags)
|
||||||
|
LDFLAGS += $(shell pkg-config openssl --libs)
|
||||||
|
else
|
||||||
CFLAGS += -DMG_TLS=MG_TLS_OPENSSL -I$(OPENSSL)/include
|
CFLAGS += -DMG_TLS=MG_TLS_OPENSSL -I$(OPENSSL)/include
|
||||||
LDFLAGS += -L$(OPENSSL)/lib -lssl -lcrypto
|
LDFLAGS += -L$(OPENSSL)/lib -lssl -lcrypto
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq "$(SSL)" "MBEDTLS"
|
||||||
|
ifeq "$(MBEDTLS)" ""
|
||||||
|
# Ubuntu 22.04 does not provide 'pc' files for MbedTLS (others may)
|
||||||
|
#CFLAGS += -DMG_TLS=MG_TLS_MBED $(shell pkg-config mbedtls --cflags) $(shell pkg-config mbedcrypto --cflags) $(shell pkg-config mbedx509 --cflags)
|
||||||
|
#LDFLAGS += $(shell pkg-config mbedtls --libs) $(shell pkg-config mbedcrypto --libs) $(shell pkg-config mbedx509 --libs)
|
||||||
|
CFLAGS += -DMG_TLS=MG_TLS_MBED -I/usr/include
|
||||||
|
LDFLAGS += -lmbedtls -lmbedcrypto -lmbedx509
|
||||||
|
else
|
||||||
|
CFLAGS += -DMG_TLS=MG_TLS_MBED -I$(MBEDTLS)/include -I/usr/include
|
||||||
|
LDFLAGS += -L$(MBEDTLS)/lib -lmbedtls -lmbedcrypto -lmbedx509
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
ifeq "$(SSL)" "WOLFSSL"
|
ifeq "$(SSL)" "WOLFSSL"
|
||||||
WOLFSSL ?= /usr/local
|
# WolfSSL requires overriding the include path when used in OpenSSL compatibility mode (we do)
|
||||||
CFLAGS += -DMG_TLS=MG_TLS_OPENSSL -I$(WOLFSSL)/include -I$(WOLFSSL)/include/wolfssl -DEXTERNAL_OPTS_OPENVPN
|
#ifeq "$(WOLFSSL)" ""
|
||||||
|
#CFLAGS += -DMG_TLS=MG_TLS_WOLFSSL -DEXTERNAL_OPTS_OPENVPN $(shell pkg-config openssl --cflags)
|
||||||
|
#LDFLAGS += $(shell pkg-config wolfssl --libs)
|
||||||
|
#else
|
||||||
|
WOLFSSL ?= $(shell pkg-config wolfssl --variable=prefix)
|
||||||
|
CFLAGS += -DMG_TLS=MG_TLS_WOLFSSL -DEXTERNAL_OPTS_OPENVPN -I$(WOLFSSL)/include -I$(WOLFSSL)/include/wolfssl
|
||||||
LDFLAGS += -L$(WOLFSSL)/lib -lwolfssl
|
LDFLAGS += -L$(WOLFSSL)/lib -lwolfssl
|
||||||
|
#endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifeq "$(SSL)" "BUILTIN"
|
ifeq "$(SSL)" "BUILTIN"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user