#define USE_ECH_OPENSSL
#endif
-#ifdef USE_ECH_OPENSSL
-# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
-# include <openssl/ech.h>
-# endif
-#endif /* USE_ECH_OPENSSL */
+#if defined(USE_ECH_OPENSSL) && !defined(HAVE_BORINGSSL_LIKE)
+#include <openssl/ech.h>
+#endif
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
#define OSSL_PACKAGE "OpenSSL"
#endif
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#ifdef HAVE_BORINGSSL_LIKE
typedef size_t numcert_t;
#else
typedef int numcert_t;
#define HAVE_RANDOM_INIT_BY_DEFAULT 1
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
- !defined(OPENSSL_IS_BORINGSSL) && \
- !defined(OPENSSL_IS_AWSLC)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(HAVE_BORINGSSL_LIKE)
#define HAVE_OPENSSL_VERSION
#endif
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#ifdef HAVE_BORINGSSL_LIKE
typedef uint32_t sslerr_t;
#else
typedef unsigned long sslerr_t;
*buf = '\0';
}
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#ifdef HAVE_BORINGSSL_LIKE
ERR_error_string_n((uint32_t)error, buf, size);
#else
ERR_error_string_n(error, buf, size);
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
if(altnames) {
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#ifdef HAVE_BORINGSSL_LIKE
size_t numalts;
size_t i;
#else
long curl_ssl_version_max;
/* convert curl min SSL version option to OpenSSL constant */
-#if (defined(OPENSSL_IS_BORINGSSL) || \
- defined(OPENSSL_IS_AWSLC) || \
- defined(LIBRESSL_VERSION_NUMBER))
+#if defined(HAVE_BORINGSSL_LIKE) || defined(LIBRESSL_VERSION_NUMBER)
uint16_t ossl_ssl_version_min = 0;
uint16_t ossl_ssl_version_max = 0;
#else
}
#endif
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#ifdef HAVE_BORINGSSL_LIKE
typedef uint32_t ctx_option_t;
#elif defined(HAVE_OPENSSL3)
typedef uint64_t ctx_option_t;
if(data->set.tls_ech & CURLECH_GREASE) {
infof(data, "ECH: will GREASE ClientHello");
-# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+# ifdef HAVE_BORINGSSL_LIKE
SSL_set_enable_ech_grease(octx->ssl, 1);
# else
SSL_set_options(octx->ssl, SSL_OP_ECH_GREASE);
# endif
}
else if(data->set.tls_ech & CURLECH_CLA_CFG) {
-# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+# ifdef HAVE_BORINGSSL_LIKE
/* have to do base64 decode here for BoringSSL */
const char *b64 = data->set.str[STRING_ECH_CONFIG];
Curl_resolv_unlink(data, &dns);
}
}
-# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+# ifdef HAVE_BORINGSSL_LIKE
if(trying_ech_now && outername) {
infof(data, "ECH: setting public_name not supported with BoringSSL");
return CURLE_SSL_CONNECT_ERROR;
return CURLE_SSL_CONNECT_ERROR;
}
}
-# endif /* OPENSSL_IS_BORINGSSL || OPENSSL_IS_AWSLC */
+# endif /* HAVE_BORINGSSL_LIKE */
if(trying_ech_now
&& SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
infof(data, "ECH: cannot force TLSv1.3 [ERROR]");
{
const char *curves = conn_config->curves;
if(curves) {
-#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+#ifdef HAVE_BORINGSSL_LIKE
#define OSSL_CURVE_CAST(x) (x)
#else
#define OSSL_CURVE_CAST(x) (char *)CURL_UNCONST(x)
CURLcode result = CURLE_OK;
size_t rcl = 0;
int rv = 1;
-# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
+# ifndef HAVE_BORINGSSL_LIKE
char *inner = NULL;
unsigned char *rcs = NULL;
char *outer = NULL;
/* nothing to trace if not doing ECH */
if(!ECH_ENABLED(data))
return;
-# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
+# ifndef HAVE_BORINGSSL_LIKE
rv = SSL_ech_get1_retry_config(ssl, &rcs, &rcl);
# else
SSL_get0_ech_retry_configs(ssl, &rcs, &rcl);
if(!result && b64str) {
infof(data, "ECH: retry_configs %s", b64str);
free(b64str);
-#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
+#ifndef HAVE_BORINGSSL_LIKE
rv = SSL_ech_get1_status(ssl, &inner, &outer);
infof(data, "ECH: retry_configs for %s from %s, %d %d",
inner ? inner : "NULL", outer ? outer : "NULL", reason, rv);
}
else
infof(data, "ECH: no retry_configs (rv = %d)", rv);
-# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
+# ifndef HAVE_BORINGSSL_LIKE
OPENSSL_free((void *)rcs);
# endif
return;
#endif
#ifdef USE_ECH_OPENSSL
else if((lib == ERR_LIB_SSL) &&
-# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
+# ifndef HAVE_BORINGSSL_LIKE
(reason == SSL_R_ECH_REQUIRED)) {
# else
(reason == SSL_R_ECH_REJECTED)) {
Curl_ossl_report_handshake(data, octx);
#ifdef USE_ECH_OPENSSL
-# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
+# ifndef HAVE_BORINGSSL_LIKE
if(ECH_ENABLED(data)) {
char *inner = NULL, *outer = NULL;
const char *status = NULL;
else {
infof(data, "ECH: result: status is not attempted");
}
-# endif /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */
-#endif /* USE_ECH_OPENSSL */
+# endif /* !HAVE_BORINGSSL_LIKE */
+#endif /* USE_ECH_OPENSSL */
#ifdef HAS_ALPN_OPENSSL
/* Sets data and len to negotiated protocol, len is 0 if no protocol was
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
!(defined(LIBRESSL_VERSION_NUMBER) && \
LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \
- !defined(OPENSSL_IS_BORINGSSL) && \
- !defined(OPENSSL_IS_AWSLC) && \
- !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ !defined(HAVE_BORINGSSL_LIKE) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
static void infof_certstack(struct Curl_easy *data, const SSL *ssl)
{
STACK_OF(X509) *certstack;
projects / thirdparty / curl.git / commitdiff
