From: W.C.A. Wijngaards Date: Fri, 14 Feb 2020 12:23:58 +0000 (+0100) Subject: dnstap io, fix to compile without ssl. X-Git-Tag: 1.11.0rc1~120^2~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=465af5845731c4cf42fed27731ae9654161c9d57;p=thirdparty%2Funbound.git dnstap io, fix to compile without ssl. --- diff --git a/dnstap/dtstream.c b/dnstap/dtstream.c index 7474de1e3..ba545dd7c 100644 --- a/dnstap/dtstream.c +++ b/dnstap/dtstream.c @@ -83,8 +83,10 @@ static int dtio_add_output_event_write(struct dt_io_thread* dtio); static void dtio_reconnect_enable(struct dt_io_thread* dtio); /** stop from stop_flush event loop */ static void dtio_stop_flush_exit(struct stop_flush_info* info); +#ifdef HAVE_SSL /** enable briefly waiting for a read event, for SSL negotiation */ static int dtio_enable_brief_read(struct dt_io_thread* dtio); +#endif struct dt_msg_queue* dt_msg_queue_create(void) @@ -638,6 +640,7 @@ static int dtio_check_nb_connect(struct dt_io_thread* dtio) return 1; /* everything okay */ } +#ifdef HAVE_SSL /** write to ssl output * returns number of bytes written, 0 if nothing happened, * try again later, or -1 if the channel is to be closed. */ @@ -679,6 +682,7 @@ static int dtio_write_ssl(struct dt_io_thread* dtio, uint8_t* buf, } return r; } +#endif /* HAVE_SSL */ /** write buffer to output. * returns number of bytes written, 0 if nothing happened, @@ -689,8 +693,10 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf, ssize_t ret; if(dtio->fd == -1) return -1; +#ifdef HAVE_SSL if(dtio->ssl) return dtio_write_ssl(dtio, buf, len); +#endif ret = send(dtio->fd, (void*)buf, len, 0); if(ret == -1) { #ifndef USE_WINSOCK @@ -948,6 +954,7 @@ static void dtio_sleep(struct dt_io_thread* dtio) (void)dtio_add_output_event_read(dtio); } +#ifdef HAVE_SSL /** enable the brief read condition */ static int dtio_enable_brief_read(struct dt_io_thread* dtio) { @@ -963,7 +970,9 @@ static int dtio_enable_brief_read(struct dt_io_thread* dtio) } return dtio_add_output_event_read(dtio); } +#endif /* HAVE_SSL */ +#ifdef HAVE_SSL /** disable the brief read condition */ static int dtio_disable_brief_read(struct dt_io_thread* dtio) { @@ -979,7 +988,9 @@ static int dtio_disable_brief_read(struct dt_io_thread* dtio) } return dtio_add_output_event_write(dtio); } +#endif /* HAVE_SSL */ +#ifdef HAVE_SSL /** check peer verification after ssl handshake connection, false if closed*/ static int dtio_ssl_check_peer(struct dt_io_thread* dtio) { @@ -1030,7 +1041,9 @@ static int dtio_ssl_check_peer(struct dt_io_thread* dtio) } return 1; } +#endif /* HAVE_SSL */ +#ifdef HAVE_SSL /** perform ssl handshake, returns 1 if okay, 0 to stop */ static int dtio_ssl_handshake(struct dt_io_thread* dtio, struct stop_flush_info* info) @@ -1116,6 +1129,7 @@ static int dtio_ssl_handshake(struct dt_io_thread* dtio, } return 1; } +#endif /* HAVE_SSL */ /** callback for the dnstap events, to write to the output */ static void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) @@ -1137,11 +1151,13 @@ static void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) /* nonblocking connect check passed, continue */ } +#ifdef HAVE_SSL if(dtio->ssl && (!dtio->ssl_handshake_done || dtio->ssl_brief_read)) { if(!dtio_ssl_handshake(dtio, NULL)) return; } +#endif if((bits&UB_EV_READ)) { if(!dtio_check_close(dtio)) @@ -1352,11 +1368,13 @@ static void dtio_stop_ev_cb(int ATTR_UNUSED(fd), short bits, void* arg) } /* nonblocking connect check passed, continue */ } +#ifdef HAVE_SSL if(dtio->ssl && (!dtio->ssl_handshake_done || dtio->ssl_brief_read)) { if(!dtio_ssl_handshake(dtio, info)) return; } +#endif if((bits&UB_EV_READ)) { if(!dtio_check_close(dtio)) { diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c index eda75e0c0..803236196 100644 --- a/dnstap/unbound-dnstap-socket.c +++ b/dnstap/unbound-dnstap-socket.c @@ -178,7 +178,9 @@ static void tap_socket_close(struct tap_socket* s) static void tap_socket_delete(struct tap_socket* s) { if(!s) return; +#ifdef HAVE_SSL SSL_CTX_free(s->sslctx); +#endif ub_event_free(s->ev); free(s->socketpath); free(s->ip); @@ -702,6 +704,8 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, return ret; } +/* define routine for have_ssl only to avoid unused function warning */ +#ifdef HAVE_SSL /** set to wait briefly for a write event, for one event call */ static void tap_enable_brief_write(struct tap_data* data) { @@ -712,7 +716,10 @@ static void tap_enable_brief_write(struct tap_data* data) log_err("could not ub_event_add in tap_enable_brief_write"); data->ssl_brief_write = 1; } +#endif /* HAVE_SSL */ +/* define routine for have_ssl only to avoid unused function warning */ +#ifdef HAVE_SSL /** stop the brief wait for a write event. back to reading. */ static void tap_disable_brief_write(struct tap_data* data) { @@ -723,7 +730,9 @@ static void tap_disable_brief_write(struct tap_data* data) log_err("could not ub_event_add in tap_disable_brief_write"); data->ssl_brief_write = 0; } +#endif /* HAVE_SSL */ +#ifdef HAVE_SSL /** receive bytes over ssl stream, prints errors if bad, * returns 0: closed/error, -1: continue, >0 number of bytes */ static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len) @@ -764,13 +773,16 @@ static ssize_t ssl_read_bytes(struct tap_data* data, void* buf, size_t len) } return r; } +#endif /* HAVE_SSL */ /** receive bytes on the tap connection, prints errors if bad, * returns 0: closed/error, -1: continue, >0 number of bytes */ static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) { +#ifdef HAVE_SSL if(data->ssl) return ssl_read_bytes(data, buf, len); +#endif return receive_bytes(data, data->fd, buf, len); } @@ -779,7 +791,9 @@ void tap_data_free(struct tap_data* data) { ub_event_del(data->ev); ub_event_free(data->ev); +#ifdef HAVE_SSL SSL_free(data->ssl); +#endif close(data->fd); free(data->id); free(data->frame); @@ -865,6 +879,7 @@ static int reply_with_finish(int fd) return 1; } +#ifdef HAVE_SSL /** check SSL peer certificate, return 0 on fail */ static int tap_check_peer(struct tap_data* data) { @@ -910,7 +925,9 @@ static int tap_check_peer(struct tap_data* data) } return 1; } +#endif /* HAVE_SSL */ +#ifdef HAVE_SSL /** perform SSL handshake, return 0 to wait for events, 1 if done */ static int tap_handshake(struct tap_data* data) { @@ -974,17 +991,20 @@ static int tap_handshake(struct tap_data* data) } return 1; } +#endif /* HAVE_SSL */ /** callback for dnstap listener */ static void tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) { struct tap_data* data = (struct tap_data*)arg; if(verbosity>=3) log_info("tap callback"); +#ifdef HAVE_SSL if(data->ssl && (!data->ssl_handshake_done || data->ssl_brief_write)) { if(!tap_handshake(data)) return; } +#endif while(data->len_done < 4) { uint32_t l = (uint32_t)data->len; ssize_t ret = tap_receive(data, @@ -1351,6 +1371,7 @@ int main(int argc, char** argv) argv += optind; if(usessl) { +#ifdef HAVE_SSL #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) ERR_load_SSL_strings(); #endif @@ -1368,6 +1389,7 @@ int main(int argc, char** argv) #else (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); #endif +#endif /* HAVE_SSL */ } setup_and_run(&local_list, &tcp_list, &tls_list, server_key, server_cert, verifypem); diff --git a/services/outside_network.c b/services/outside_network.c index 612767056..721dd335a 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -375,7 +375,9 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) pend->c->ssl_shake_state = comm_ssl_shake_write; if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name)) { pend->c->fd = s; +#ifdef HAVE_SSL SSL_free(pend->c->ssl); +#endif pend->c->ssl = NULL; comm_point_close(pend->c); return 0; diff --git a/util/net_help.c b/util/net_help.c index 007eaff0b..98c92ad86 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -1223,6 +1223,8 @@ int set_auth_name_on_ssl(void* ssl, char* auth_name) if(!auth_name) return 1; #ifdef HAVE_SSL (void)SSL_set_tlsext_host_name(ssl, auth_name); +#else + (void)ssl; #endif #ifdef HAVE_SSL_SET1_HOST SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);