[OpenWrt-Devel,ustream-ssl,v2,2/3] ustream-io-cyassl.c: fix client-mode connections
diff mbox series

Message ID 20190919021803.31271-3-cotequeiroz@gmail.com
State Accepted
Delegated to: Hauke Mehrtens
Headers show
Series
  • Untitled series #131438
Related show

Commit Message

Eneas U de Queiroz Sept. 19, 2019, 2:18 a.m. UTC
Starting in v3.13.2, wolfSSL stores the BIO send and recv callbacks
in the SSL struct.  When the SSL session is created, it inherits the
calls from the SSL_CTX, but they do not get updated when the SSL_CTX
callbacks are changed.

Currently, ustream-ssl sets the callbacks after the SSL session is
created, causing failures.  Client apps, such as uclient-fetch fail
immediately to connect to https URLs with a 'Connection failed' error
message.  uhttpd seems unaffected.

New calls to set them directly to the SSL struct were added in 4.1.0, so
we can use them, with a check in CMakeLists.txt to detect their
presence.  Otherwise, another call to ustream_set_io is done before
creating the SSL session to properly set the callbacks.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

Patch
diff mbox series

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3b557c3..6b3fc8c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,7 @@ 
 cmake_minimum_required(VERSION 2.6)
 
+INCLUDE(CheckSymbolExists)
+
 PROJECT(ustream-ssl C)
 ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations)
 
@@ -13,6 +15,12 @@  ELSEIF(WOLFSSL)
   ADD_DEFINITIONS(-DHAVE_WOLFSSL)
   SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c)
   SET(SSL_LIB wolfssl m)
+  SET(CMAKE_REQUIRED_LIBRARIES "-lwolfssl -lm")
+  CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
+		       HAVE_WOLFSSL_SSLSETIORECV)
+  IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
+    ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV)
+  ENDIF()
 ELSE()
   SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c)
   SET(SSL_LIB crypto ssl)
diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c
index 052518a..db69499 100644
--- a/ustream-io-wolfssl.c
+++ b/ustream-io-wolfssl.c
@@ -67,8 +67,15 @@  static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx)
 
 __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn)
 {
-	wolfSSL_SetIOReadCtx(ssl, conn);
-	wolfSSL_SetIOWriteCtx(ssl, conn);
+#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV
+	wolfSSL_SSLSetIORecv(ssl, io_recv_cb);
+	wolfSSL_SSLSetIOSend(ssl, io_send_cb);
+#else
 	wolfSSL_SetIORecv((void *) ctx, io_recv_cb);
 	wolfSSL_SetIOSend((void *) ctx, io_send_cb);
+	if (ssl == NULL)
+		return;
+#endif
+	wolfSSL_SetIOReadCtx(ssl, conn);
+	wolfSSL_SetIOWriteCtx(ssl, conn);
 }
diff --git a/ustream-ssl.c b/ustream-ssl.c
index dd0faf9..e6b084b 100644
--- a/ustream-ssl.c
+++ b/ustream-ssl.c
@@ -179,6 +179,9 @@  static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc
 	us->conn = conn;
 	us->ctx = ctx;
 
+#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV)
+	ustream_set_io(ctx, NULL, conn);
+#endif
 	us->ssl = __ustream_ssl_session_new(us->ctx);
 	if (!us->ssl)
 		return -ENOMEM;