@@ -1,5 +1,7 @@
cmake_minimum_required(VERSION 2.6)
+INCLUDE(CheckSymbolExists)
+
PROJECT(ustream-ssl C)
ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations)
@@ -13,6 +15,12 @@ ELSEIF(WOLFSSL)
ADD_DEFINITIONS(-DHAVE_WOLFSSL)
SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c)
SET(SSL_LIB wolfssl m)
+ SET(CMAKE_REQUIRED_LIBRARIES "-lwolfssl -lm")
+ CHECK_SYMBOL_EXISTS (wolfSSL_SSLSetIORecv "wolfssl/ssl.h"
+ HAVE_WOLFSSL_SSLSETIORECV)
+ IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
+ ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV)
+ ENDIF()
ELSE()
SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c)
SET(SSL_LIB crypto ssl)
@@ -67,8 +67,15 @@ static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx)
__hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn)
{
- wolfSSL_SetIOReadCtx(ssl, conn);
- wolfSSL_SetIOWriteCtx(ssl, conn);
+#ifndef NO_WOLFSSL_SSLSETIO_SEND_RECV
+ wolfSSL_SSLSetIORecv(ssl, io_recv_cb);
+ wolfSSL_SSLSetIOSend(ssl, io_send_cb);
+#else
wolfSSL_SetIORecv((void *) ctx, io_recv_cb);
wolfSSL_SetIOSend((void *) ctx, io_send_cb);
+ if (ssl == NULL)
+ return;
+#endif
+ wolfSSL_SetIOReadCtx(ssl, conn);
+ wolfSSL_SetIOWriteCtx(ssl, conn);
}
@@ -179,6 +179,9 @@ static int _ustream_ssl_init(struct ustream_ssl *us, struct ustream *conn, struc
us->conn = conn;
us->ctx = ctx;
+#if defined(HAVE_WOLFSSL) && defined(NO_WOLFSSL_SSLSETIO_SEND_RECV)
+ ustream_set_io(ctx, NULL, conn);
+#endif
us->ssl = __ustream_ssl_session_new(us->ctx);
if (!us->ssl)
return -ENOMEM;
Starting in v3.13.2, wolfSSL stores the BIO send and recv callbacks in the SSL struct. When the SSL session is created, it inherits the calls from the SSL_CTX, but they do not get updated when the SSL_CTX callbacks are changed. Currently, ustream-ssl sets the callbacks after the SSL session is created, causing failures. Client apps, such as uclient-fetch fail immediately to connect to https URLs with a 'Connection failed' error message. uhttpd seems unaffected. New calls to set them directly to the SSL struct were added in 4.1.0, so we can use them, with a check in CMakeLists.txt to detect their presence. Otherwise, another call to ustream_set_io is done before creating the SSL session to properly set the callbacks. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>