From: Remi Gacogne Date: Mon, 20 Sep 2021 09:02:59 +0000 (+0200) Subject: dnsdist: Fix building on older OpenSSL versions (no engine, no async) X-Git-Tag: auth-4.7.0-alpha1~120^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8bad0aa15bc840d2d3e2eca35d033cc8aa7bb1db;p=thirdparty%2Fpdns.git dnsdist: Fix building on older OpenSSL versions (no engine, no async) --- diff --git a/pdns/libssl.cc b/pdns/libssl.cc index 776580803b..cb1336b463 100644 --- a/pdns/libssl.cc +++ b/pdns/libssl.cc @@ -12,7 +12,9 @@ #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include #include @@ -65,7 +67,9 @@ static void openssl_thread_cleanup() #endif /* (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL) */ static std::atomic s_users; +#ifndef OPENSSL_NO_ENGINE static LockGuarded>> s_engines; +#endif static int s_ticketsKeyIndex{-1}; static int s_countersIndex{-1}; static int s_keyLogIndex{-1}; @@ -107,11 +111,13 @@ void registerOpenSSLUser() void unregisterOpenSSLUser() { if (s_users.fetch_sub(1) == 1) { +#ifndef OPENSSL_NO_ENGINE for (auto& [name, engine] : *s_engines.lock()) { ENGINE_finish(engine.get()); engine.reset(); } s_engines.lock()->clear(); +#endif #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x2090100fL)) ERR_free_strings(); @@ -129,6 +135,9 @@ void unregisterOpenSSLUser() std::pair libssl_load_engine(const std::string& engineName, const std::optional& defaultString) { +#ifdef OPENSSL_NO_ENGINE + return { false, "OpenSSL has been built without engine support" }; +#else if (s_users.load() == 0) { /* We need to make sure that OpenSSL has been properly initialized before loading an engine. This messes up our accounting a bit, so some memory might not be properly released when @@ -161,6 +170,7 @@ std::pair libssl_load_engine(const std::string& engineName, c engines->insert({engineName, std::move(engine)}); return { true, "" }; +#endif } void* libssl_get_ticket_key_callback_data(SSL* s) diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc index a716932f5f..ce531313d9 100644 --- a/pdns/tcpiohandler.cc +++ b/pdns/tcpiohandler.cc @@ -146,23 +146,25 @@ public: std::vector getAsyncFDs() override { + std::vector results; +#ifdef SSL_MODE_ASYNC if (SSL_waiting_for_async(d_conn.get()) != 1) { - return {}; + return results; } OSSL_ASYNC_FD fds[32]; size_t numfds = sizeof(fds)/sizeof(*fds); SSL_get_all_async_fds(d_conn.get(), nullptr, &numfds); if (numfds == 0) { - return {}; + return results; } SSL_get_all_async_fds(d_conn.get(), fds, &numfds); - std::vector results; results.reserve(numfds); for (size_t idx = 0; idx < numfds; idx++) { results.push_back(fds[idx]); } +#endif return results; } @@ -186,9 +188,11 @@ public: else if (error == SSL_ERROR_ZERO_RETURN) { throw std::runtime_error("TLS connection closed by remote end"); } +#ifdef SSL_MODE_ASYNC else if (error == SSL_ERROR_WANT_ASYNC) { return IOState::Async; } +#endif else { if (g_verbose) { throw std::runtime_error("Error while processing TLS connection: (" + std::to_string(error) + ") " + libssl_get_error_string()); diff --git a/pdns/tcpiohandler.hh b/pdns/tcpiohandler.hh index 87822e091b..48968e41bc 100644 --- a/pdns/tcpiohandler.hh +++ b/pdns/tcpiohandler.hh @@ -9,6 +9,7 @@ #include "misc.hh" #include "noinitvector.hh" +/* Async is only returned for TLS connections, if OpenSSL's async mode has been enabled */ enum class IOState : uint8_t { Done, NeedRead, NeedWrite, Async }; class TLSSession