Home Explore Help
Register Sign In
OWEALs
/
ustream-ssl
mirror of https://git.openwrt.org/project/ustream-ssl.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

wolfssl: remove now deprecated compatibility code

Mainly that NO_X509_CHECK_HOST is causing certificate validation issues
in some setups:

 root@OpenWrt:/# wget https://www.google.com
 Downloading 'https://www.google.com'
 Connecting to 172.217.23.196:443
 Connection error: Server hostname does not match SSL certificate

but instead of spending time on fixing it, I've simply decided to remove
it as we're now on wolfSSL 4.5.0 and those symbols should be avaialable
so no symbol detection and handling should be needed anymore.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar 3 years ago
parent
cee6791b36
commit
8280140db9
4 changed files with 1 additions and 29 deletions
Split View Show Diff Stats
  1. 0 13
      CMakeLists.txt
  2. 0 7
      ustream-io-wolfssl.c
  3. 1 6
      ustream-openssl.c
  4. 0 3
      ustream-ssl.c

+ 0 - 13
CMakeLists.txt
View File 

@@ -1,7 +1,5 @@
 
 cmake_minimum_required(VERSION 2.6)
 
 
-INCLUDE(CheckSymbolExists)
 
-
 
 PROJECT(ustream-ssl C)
 
 
 ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3)
 
@@ -26,17 +24,6 @@ ELSEIF(WOLFSSL)
 
   SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c)
 
   SET(SSL_LIB ${wolfssl_library} m)
 
   SET(CMAKE_REQUIRED_LIBRARIES "${wolfssl_library} -lm")
 
-  CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
 
-		       HAVE_WOLFSSL_SSLSETIORECV)
 
-  IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
 
-    ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV)
 
-  ENDIF()
 
-  CHECK_SYMBOL_EXISTS (wolfSSL_X509_check_host
 
-		       "wolfssl/options.h;wolfssl/ssl.h"
 
-		       HAVE_WOLFSSL_X509_CHECK_HOST)
 
-  IF (NOT HAVE_WOLFSSL_X509_CHECK_HOST)
 
-    ADD_DEFINITIONS(-DNO_X509_CHECK_HOST)
 
-  ENDIF()
 
 ELSE()
 
   SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c)
 
   SET(SSL_LIB crypto ssl)

+ 0 - 7
ustream-io-wolfssl.c
View File 

@@ -67,15 +67,8 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx)
 
 
 __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn)
 
 {
 
-#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV
 
 	wolfSSL_SSLSetIORecv(ssl, io_recv_cb);
 
 	wolfSSL_SSLSetIOSend(ssl, io_send_cb);
 
-#else
 
-	wolfSSL_SetIORecv((void *) ctx, io_recv_cb);
 
-	wolfSSL_SetIOSend((void *) ctx, io_send_cb);
 
-	if (ssl == NULL)
 
-		return;
 
-#endif
 
 	wolfSSL_SetIOReadCtx(ssl, conn);
 
 	wolfSSL_SetIOWriteCtx(ssl, conn);
 
 }

+ 1 - 6
ustream-openssl.c
View File 

@@ -247,8 +247,6 @@ static void ustream_ssl_error(struct ustream_ssl *us, int ret)
 
 	uloop_timeout_set(&us->error_timer, 0);
 
 }
 
 
-#ifndef NO_X509_CHECK_HOST
 
-
 
 static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
 
 {
 
 	int ret;
 
@@ -264,8 +262,6 @@ static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
 
 	return ret == 1;
 
 }
 
 
-#endif
 
-
 
 static void ustream_ssl_verify_cert(struct ustream_ssl *us)
 
 {
 
 	void *ssl = us->ssl;
 
@@ -284,9 +280,8 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
 
 		return;
 
 
 	us->valid_cert = true;
 
-#ifndef NO_X509_CHECK_HOST
 
 	us->valid_cn = ustream_ssl_verify_cn(us, cert);
 
-#endif
 
+
 
 	X509_free(cert);
 
 }

+ 0 - 3
ustream-ssl.c
View File 

@@ -199,9 +199,6 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc
 
 	us->conn = conn;
 
 	us->ctx = ctx;
 
 
-#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV)
 
-	ustream_set_io(ctx, NULL, conn);
 
-#endif
 
 	us->ssl = __ustream_ssl_session_new(us->ctx);
 
 	if (!us->ssl)
 
 		return -ENOMEM;