dnsdist: Fix building on older OpenSSL versions (no engine, no async)

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 776580803b6f50c10746316a17fc86ef97db2541..cb1336b463e44147ed833a383cf5a4345bf3c63f 100644 (file)
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -12,7 +12,9 @@
 #include <pthread.h>
 
 #include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
 #include <openssl/rand.h>
@@ -65,7 +67,9 @@ static void openssl_thread_cleanup()
 #endif /* (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL) */
 
 static std::atomic<uint64_t> s_users;
+#ifndef OPENSSL_NO_ENGINE
 static LockGuarded<std::unordered_map<std::string, std::unique_ptr<ENGINE, int(*)(ENGINE*)>>> s_engines;
+#endif
 static int s_ticketsKeyIndex{-1};
 static int s_countersIndex{-1};
 static int s_keyLogIndex{-1};
@@ -107,11 +111,13 @@ void registerOpenSSLUser()
 void unregisterOpenSSLUser()
 {
   if (s_users.fetch_sub(1) == 1) {
+#ifndef OPENSSL_NO_ENGINE
     for (auto& [name, engine] : *s_engines.lock()) {
       ENGINE_finish(engine.get());
       engine.reset();
     }
     s_engines.lock()->clear();
+#endif
 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x2090100fL))
     ERR_free_strings();
 
@@ -129,6 +135,9 @@ void unregisterOpenSSLUser()
 
 std::pair<bool, std::string> libssl_load_engine(const std::string& engineName, const std::optional<std::string>& defaultString)
 {
+#ifdef OPENSSL_NO_ENGINE
+  return { false, "OpenSSL has been built without engine support" };
+#else
   if (s_users.load() == 0) {
     /* We need to make sure that OpenSSL has been properly initialized before loading an engine.
        This messes up our accounting a bit, so some memory might not be properly released when
@@ -161,6 +170,7 @@ std::pair<bool, std::string> libssl_load_engine(const std::string& engineName, c
 
   engines->insert({engineName, std::move(engine)});
   return { true, "" };
+#endif
 }
 
 void* libssl_get_ticket_key_callback_data(SSL* s)

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index a716932f5f833f767f9d4e10b9da27b336dc8e26..ce531313d95467029adc0a954c1da3a295f86f1a 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -146,23 +146,25 @@ public:
 
   std::vector<int> getAsyncFDs() override
   {
+    std::vector<int> results;
+#ifdef SSL_MODE_ASYNC
     if (SSL_waiting_for_async(d_conn.get()) != 1) {
-      return {};
+      return results;
     }
 
     OSSL_ASYNC_FD fds[32];
     size_t numfds = sizeof(fds)/sizeof(*fds);
     SSL_get_all_async_fds(d_conn.get(), nullptr, &numfds);
     if (numfds == 0) {
-      return {};
+      return results;
     }
 
     SSL_get_all_async_fds(d_conn.get(), fds, &numfds);
-    std::vector<int> results;
     results.reserve(numfds);
     for (size_t idx = 0; idx < numfds; idx++) {
       results.push_back(fds[idx]);
     }
+#endif
     return results;
   }
 
@@ -186,9 +188,11 @@ public:
     else if (error == SSL_ERROR_ZERO_RETURN) {
       throw std::runtime_error("TLS connection closed by remote end");
     }
+#ifdef SSL_MODE_ASYNC
     else if (error == SSL_ERROR_WANT_ASYNC) {
       return IOState::Async;
     }
+#endif
     else {
       if (g_verbose) {
         throw std::runtime_error("Error while processing TLS connection: (" + std::to_string(error) + ") " + libssl_get_error_string());

diff --git a/pdns/tcpiohandler.hh b/pdns/tcpiohandler.hh
index 87822e091b0598215f961c951a4aa52bc1cf834d..48968e41bce490130855228ef1e8679f7c41083e 100644 (file)
--- a/pdns/tcpiohandler.hh
+++ b/pdns/tcpiohandler.hh
@@ -9,6 +9,7 @@
 #include "misc.hh"
 #include "noinitvector.hh"
 
+/* Async is only returned for TLS connections, if OpenSSL's async mode has been enabled */
 enum class IOState : uint8_t { Done, NeedRead, NeedWrite, Async };
 
 class TLSSession