[OpenWrt-Devel] [PATCH ustream-ssl 1/2] ustream-io-cyassl.c: fix client-mode connections

Eneas U de Queiroz cotequeiroz at gmail.com
Thu Sep 12 15:55:57 EDT 2019


Starting in v3.13.2, wolfSSL added calls to set the BIO send and recv
callbacks used by the SSL struct.  When the SSL session is created, it
inherits the calls from the SSL_CTX, but they do not get updated when
the SSL_CTX callbacks are changed.

ustream-ssl sets the callbacks after the SSL structure is created, so
it needs to use the SSL functions.

Client apps, such as uclient_fetch fail immediately to connect to https
URLs with a 'Connection failed' error message.  uhttpd seems unaffected.

This commit adds a check in CMakeLists.txt to detect the presence of the
new call, maintaining backward compatibility.

Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>

---
This was tested on a WRT3200ACM running openwrt master, using
uclient-fetch and uhttpd.

I've also tested on x86_64 (not on openwrt, though) for compatibility
with previous versions of wolfssl, so it _should_ be safe to use this
for 18.06 as well.

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c4a3c44..b99b242 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,7 @@
 cmake_minimum_required(VERSION 2.6)
 
 INCLUDE(CheckIncludeFiles)
+INCLUDE(CheckSymbolExists)
 
 PROJECT(ustream-ssl C)
 ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations)
@@ -16,6 +17,12 @@ ELSEIF(CYASSL)
   SET(CMAKE_EXTRA_INCLUDE_FILES cyassl/ssl.h)
   IF (HAVE_CYASSL_VERSION_H)
     ADD_DEFINITIONS(-DHAVE_CYASSL_VERSION_H)
+    SET(CMAKE_REQUIRED_LIBRARIES "-lwolfssl")
+    CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
+			 HAVE_WOLFSSL_SSLSETIORECV)
+    IF (HAVE_WOLFSSL_SSLSETIORECV)
+      ADD_DEFINITIONS(-DWOLFSSL_SSLSETIO_SEND_RECV)
+    ENDIF()
   ENDIF()
   ADD_DEFINITIONS(-DHAVE_CYASSL)
   SET(SSL_SRC ustream-io-cyassl.c ustream-openssl.c)
diff --git a/ustream-io-cyassl.c b/ustream-io-cyassl.c
index d97d55e..17a8e94 100644
--- a/ustream-io-cyassl.c
+++ b/ustream-io-cyassl.c
@@ -101,6 +101,11 @@ __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustr
 {
 	CyaSSL_SetIOReadCtx(ssl, conn);
 	CyaSSL_SetIOWriteCtx(ssl, conn);
+#ifdef WOLFSSL_SSLSETIO_SEND_RECV
+	wolfSSL_SSLSetIORecv((void *) ssl, io_recv_cb);
+	wolfSSL_SSLSetIOSend((void *) ssl, io_send_cb);
+#else
 	CyaSSL_SetIORecv((void *) ctx, io_recv_cb);
 	CyaSSL_SetIOSend((void *) ctx, io_send_cb);
+#endif
 }

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list