[PATCH ustream-ssl 11/12] wolfssl: remove now deprecated compatibility code

Petr Štetiar ynezz at true.cz
Thu Dec 10 10:41:33 EST 2020 

Mainly that NO_X509_CHECK_HOST is causing certificate validation issues
in some setups:

 root at OpenWrt:/# wget https://www.google.com
 Downloading 'https://www.google.com'
 Connecting to 172.217.23.196:443
 Connection error: Server hostname does not match SSL certificate

but instead of spending time on fixing it, I've simply decided to remove
it as we're now on wolfSSL 4.5.0 and those symbols should be avaialable
so no symbol detection and handling should be needed anymore.

Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 CMakeLists.txt       | 13 -------------
 ustream-io-wolfssl.c |  7 -------
 ustream-ssl.c        |  3 ---
 3 files changed, 23 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b883751f6e3e..c98b12ac8d99 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,7 +1,5 @@
 cmake_minimum_required(VERSION 2.6)
 
-INCLUDE(CheckSymbolExists)
-
 PROJECT(ustream-ssl C)
 
 ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3)
@@ -26,17 +24,6 @@ ELSEIF(WOLFSSL)
   SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c)
   SET(SSL_LIB ${wolfssl_library} m)
   SET(CMAKE_REQUIRED_LIBRARIES "${wolfssl_library} -lm")
-  CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
-		       HAVE_WOLFSSL_SSLSETIORECV)
-  IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
-    ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV)
-  ENDIF()
-  CHECK_SYMBOL_EXISTS (wolfSSL_X509_check_host
-		       "wolfssl/options.h;wolfssl/ssl.h"
-		       HAVE_WOLFSSL_X509_CHECK_HOST)
-  IF (NOT HAVE_WOLFSSL_X509_CHECK_HOST)
-    ADD_DEFINITIONS(-DNO_X509_CHECK_HOST)
-  ENDIF()
 ELSE()
   SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c)
   SET(SSL_LIB crypto ssl)
diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c
index db69499a8e4b..4ff85d34e333 100644
--- a/ustream-io-wolfssl.c
+++ b/ustream-io-wolfssl.c
@@ -67,15 +67,8 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx)
 
 __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn)
 {
-#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV
 	wolfSSL_SSLSetIORecv(ssl, io_recv_cb);
 	wolfSSL_SSLSetIOSend(ssl, io_send_cb);
-#else
-	wolfSSL_SetIORecv((void *) ctx, io_recv_cb);
-	wolfSSL_SetIOSend((void *) ctx, io_send_cb);
-	if (ssl == NULL)
-		return;
-#endif
 	wolfSSL_SetIOReadCtx(ssl, conn);
 	wolfSSL_SetIOWriteCtx(ssl, conn);
 }
diff --git a/ustream-ssl.c b/ustream-ssl.c
index 46ac5523d999..cd69f9e97449 100644
--- a/ustream-ssl.c
+++ b/ustream-ssl.c
@@ -199,9 +199,6 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc
 	us->conn = conn;
 	us->ctx = ctx;
 
-#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV)
-	ustream_set_io(ctx, NULL, conn);
-#endif
 	us->ssl = __ustream_ssl_session_new(us->ctx);
 	if (!us->ssl)
 		return -ENOMEM;

More information about the openwrt-devel mailing list