The list of currently supported predicates is the following:
+ - awslc_api_atleast(<ver>): returns true if the current awslc API number
+ is at least as recent as <ver> otherwise false.
+ Example: awslc_api_atleast(35)
+
+ - awslc_api_before(<ver>): returns true if the current awslc API number
+ is strictly older than <ver> otherwise false.
+ Example: awslc_api_before(26)
+
- defined(<name>) : returns true if an environment variable <name>
exists, regardless of its contents
CFG_PRED_OSSL_VERSION_ATLEAST, // "openssl_version_atleast"
CFG_PRED_OSSL_VERSION_BEFORE, // "openssl_version_before"
CFG_PRED_SSLLIB_NAME_STARTSWITH, // "ssllib_name_startswith"
+ CFG_PRED_AWSLC_API_ATLEAST, // "awslc_api_atleast"
+ CFG_PRED_AWSLC_API_BEFORE, // "awslc_api_before"
CFG_PRED_ENABLED, // "enabled"
};
value = atol(text);
return value && value < min;
}
-
+/* compare the current AWS-LC API number to a string */
+int awslc_compare_current_api(const char *version);
/* compare the current OpenSSL version to a string */
int openssl_compare_current_version(const char *version);
/* compare the current OpenSSL name to a string */
{ "openssl_version_atleast", CFG_PRED_OSSL_VERSION_ATLEAST, ARG1(1, STR) },
{ "openssl_version_before", CFG_PRED_OSSL_VERSION_BEFORE, ARG1(1, STR) },
{ "ssllib_name_startswith", CFG_PRED_SSLLIB_NAME_STARTSWITH, ARG1(1, STR) },
+ { "awslc_api_atleast", CFG_PRED_AWSLC_API_ATLEAST, ARG1(1, STR) },
+ { "awslc_api_before", CFG_PRED_AWSLC_API_BEFORE, ARG1(1, STR) },
{ "enabled", CFG_PRED_ENABLED, ARG1(1, STR) },
{ NULL, CFG_PRED_NONE, 0 }
};
ret = opensslret > 0;
break;
}
+ case CFG_PRED_AWSLC_API_ATLEAST: { // checks if the current AWSLC API is at least this one
+ int awslcret = awslc_compare_current_api(term->args[0].data.str.area);
+
+ if (awslcret < -1) /* can't parse the string or no AWS-LC available */
+ ret = -1;
+ else
+ ret = awslcret <= 0;
+ break;
+ }
+ case CFG_PRED_AWSLC_API_BEFORE: { // checks if the current AWSLC API is older than this one
+ int awslcret = awslc_compare_current_api(term->args[0].data.str.area);
+
+ if (awslcret < -1) /* can't parse the string or no AWS-LC available */
+ ret = -1;
+ else
+ ret = awslcret > 0;
+ break;
+ }
case CFG_PRED_SSLLIB_NAME_STARTSWITH: { // checks if the current SSL library's name starts with a specified string (can be used to distinguish OpenSSL from LibreSSL or BoringSSL)
ret = openssl_compare_current_name(term->args[0].data.str.area) == 0;
break;
return dist;
}
+/*
+ * This function compares the loaded AWS-LC API number with a string <version>
+ * This function use the same return code as compare_current_version:
+ *
+ * -1 : the version in argument is older than the current AWS-LC API
+ * 0 : the version in argument is the same as the current AWS-LC API
+ * 1 : the version in argument is newer than the current AWS-LC API
+ *
+ * Or some errors:
+ * -2 : AWS-LC is not available on this process
+ * -3 : the version in argument is not parsable
+ */
+int awslc_compare_current_api(const char *version)
+{
+#if defined(OPENSSL_IS_AWSLC) && defined(AWSLC_API_VERSION)
+ int numapi;
+ char *endptr;
+
+ numapi = strtol(version, &endptr, 10);
+ if (endptr == version || *endptr != '\0')
+ return -3;
+
+ if (numapi < AWSLC_API_VERSION)
+ return -1;
+ else if (numapi > AWSLC_API_VERSION)
+ return 1;
+ else
+ return 0;
+#else
+ return -2;
+#endif
+}
+
/*
* This function compares the loaded openssl version with a string <version>
* This function use the same return code as compare_current_version:
projects / thirdparty / haproxy.git / commitdiff
