summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRĂ©mi Verschelde <rverschelde@gmail.com>2017-09-24 08:47:28 +0200
committerGitHub <noreply@github.com>2017-09-24 08:47:28 +0200
commit35d15484fea001dbe167b675098159a95e2da19b (patch)
treeb50a3585879436dac6a1b76430eee851d237842e
parent9b3215b97730d6ceb3a9e30711642d66cf81afd0 (diff)
parent00c03bdd2b27b1d0214a451e545fefc9affad93c (diff)
Merge pull request #11528 from QuLogic/openssl110
Add support for OpenSSL 1.1.0.
-rw-r--r--modules/openssl/stream_peer_openssl.cpp60
-rw-r--r--modules/openssl/stream_peer_openssl.h5
-rw-r--r--platform/server/detect.py9
-rw-r--r--platform/x11/detect.py9
4 files changed, 54 insertions, 29 deletions
diff --git a/modules/openssl/stream_peer_openssl.cpp b/modules/openssl/stream_peer_openssl.cpp
index d40bf73883..c19bdc4214 100644
--- a/modules/openssl/stream_peer_openssl.cpp
+++ b/modules/openssl/stream_peer_openssl.cpp
@@ -29,6 +29,17 @@
/*************************************************************************/
#include "stream_peer_openssl.h"
+// Compatibility with OpenSSL 1.1.0.
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define BIO_set_num(b, n)
+#else
+#define BIO_set_num(b, n) ((b)->num = (n))
+
+#define BIO_set_init(b, i) ((b)->init = (i))
+#define BIO_set_data(b, p) ((b)->ptr = (p))
+#define BIO_get_data(b) ((b)->ptr)
+#endif
+
//hostname matching code from curl
bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) {
@@ -157,10 +168,10 @@ int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg
}
int StreamPeerOpenSSL::_bio_create(BIO *b) {
- b->init = 1;
- b->num = 0;
- b->ptr = NULL;
- b->flags = 0;
+ BIO_set_init(b, 1);
+ BIO_set_num(b, 0);
+ BIO_set_data(b, NULL);
+ BIO_clear_flags(b, ~0);
return 1;
}
@@ -168,9 +179,9 @@ int StreamPeerOpenSSL::_bio_destroy(BIO *b) {
if (b == NULL)
return 0;
- b->ptr = NULL; /* sb_tls_remove() will free it */
- b->init = 0;
- b->flags = 0;
+ BIO_set_data(b, NULL); /* sb_tls_remove() will free it */
+ BIO_set_init(b, 0);
+ BIO_clear_flags(b, ~0);
return 1;
}
@@ -178,7 +189,7 @@ int StreamPeerOpenSSL::_bio_read(BIO *b, char *buf, int len) {
if (buf == NULL || len <= 0) return 0;
- StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
+ StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)BIO_get_data(b);
ERR_FAIL_COND_V(sp == NULL, 0);
@@ -212,7 +223,7 @@ int StreamPeerOpenSSL::_bio_write(BIO *b, const char *buf, int len) {
if (buf == NULL || len <= 0) return 0;
- StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
+ StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)BIO_get_data(b);
ERR_FAIL_COND_V(sp == NULL, 0);
@@ -258,6 +269,26 @@ int StreamPeerOpenSSL::_bio_puts(BIO *b, const char *str) {
return _bio_write(b, str, strlen(str));
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+BIO_METHOD *StreamPeerOpenSSL::_bio_method = NULL;
+
+BIO_METHOD *StreamPeerOpenSSL::_get_bio_method() {
+ if (_bio_method) // already initialized.
+ return _bio_method;
+
+ /* it's a source/sink BIO */
+ _bio_method = BIO_meth_new(100 | 0x400, "streampeer glue");
+ BIO_meth_set_write(_bio_method, _bio_write);
+ BIO_meth_set_read(_bio_method, _bio_read);
+ BIO_meth_set_puts(_bio_method, _bio_puts);
+ BIO_meth_set_gets(_bio_method, _bio_gets);
+ BIO_meth_set_ctrl(_bio_method, _bio_ctrl);
+ BIO_meth_set_create(_bio_method, _bio_create);
+ BIO_meth_set_destroy(_bio_method, _bio_destroy);
+
+ return _bio_method;
+}
+#else
BIO_METHOD StreamPeerOpenSSL::_bio_method = {
/* it's a source/sink BIO */
(100 | 0x400),
@@ -271,6 +302,11 @@ BIO_METHOD StreamPeerOpenSSL::_bio_method = {
_bio_destroy
};
+BIO_METHOD *StreamPeerOpenSSL::_get_bio_method() {
+ return &_bio_method;
+}
+#endif
+
Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String &p_for_hostname) {
if (connected)
@@ -330,8 +366,8 @@ Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida
}
ssl = SSL_new(ctx);
- bio = BIO_new(&_bio_method);
- bio->ptr = this;
+ bio = BIO_new(_get_bio_method());
+ BIO_set_data(bio, this);
SSL_set_bio(ssl, bio, bio);
if (p_for_hostname != String()) {
@@ -532,7 +568,9 @@ void StreamPeerOpenSSL::initialize_ssl() {
load_certs_func = _load_certs;
_create = _create_func;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use
+#endif
SSL_library_init(); // Initialize OpenSSL's SSL libraries
SSL_load_error_strings(); // Load SSL error strings
ERR_load_BIO_strings(); // Load BIO error strings
diff --git a/modules/openssl/stream_peer_openssl.h b/modules/openssl/stream_peer_openssl.h
index 1e445ef681..535114058d 100644
--- a/modules/openssl/stream_peer_openssl.h
+++ b/modules/openssl/stream_peer_openssl.h
@@ -53,7 +53,12 @@ private:
static int _bio_gets(BIO *b, char *buf, int len);
static int _bio_puts(BIO *b, const char *str);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ static BIO_METHOD *_bio_method;
+#else
static BIO_METHOD _bio_method;
+#endif
+ static BIO_METHOD *_get_bio_method();
static bool _match_host_name(const char *name, const char *hostname);
static Error _match_common_name(const char *hostname, const X509 *server_cert);
diff --git a/platform/server/detect.py b/platform/server/detect.py
index 2bb4b59e94..0a3158e7e8 100644
--- a/platform/server/detect.py
+++ b/platform/server/detect.py
@@ -65,15 +65,6 @@ def configure(env):
# FIXME: Check for existence of the libs before parsing their flags with pkg-config
if (env['builtin_openssl'] == 'no'):
- # Currently not compatible with OpenSSL 1.1.0+
- # https://github.com/godotengine/godot/issues/8624
- import subprocess
- openssl_version = subprocess.check_output(['pkg-config', 'openssl', '--modversion']).strip('\n')
- if (openssl_version >= "1.1.0"):
- print("Error: Found system-installed OpenSSL %s, currently only supporting version 1.0.x." % openssl_version)
- print("Aborting.. You can compile with 'builtin_openssl=yes' to use the bundled version.\n")
- sys.exit(255)
-
env.ParseConfig('pkg-config openssl --cflags --libs')
if (env['builtin_libwebp'] == 'no'):
diff --git a/platform/x11/detect.py b/platform/x11/detect.py
index efd388e44f..f0503e8bfa 100644
--- a/platform/x11/detect.py
+++ b/platform/x11/detect.py
@@ -134,15 +134,6 @@ def configure(env):
# FIXME: Check for existence of the libs before parsing their flags with pkg-config
if (env['builtin_openssl'] == 'no'):
- # Currently not compatible with OpenSSL 1.1.0+
- # https://github.com/godotengine/godot/issues/8624
- import subprocess
- openssl_version = subprocess.check_output(['pkg-config', 'openssl', '--modversion']).strip('\n')
- if (openssl_version >= "1.1.0"):
- print("Error: Found system-installed OpenSSL %s, currently only supporting version 1.0.x." % openssl_version)
- print("Aborting.. You can compile with 'builtin_openssl=yes' to use the bundled version.\n")
- sys.exit(255)
-
env.ParseConfig('pkg-config openssl --cflags --libs')
if (env['builtin_libwebp'] == 'no'):