mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-24 12:20:59 +01:00
Code Issues Projects Releases Wiki Activity

BUILD: ssl: support OPENSSL_NO_ASYNC #define

Browse Source 
Support build without ASYNC support. This #define is set per default in
BoringSSL.
This commit is contained in:
Emmanuel Hocdet 2017-10-24 18:11:48 +02:00 committed by Willy Tarreau
parent f5e0d1f9fd
commit e966e4e451
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/ssl_sock.c
View File

@ -56,7 +56,7 @@
#include <openssl/engine.h> #include <openssl/engine.h>
#endif #endif
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
#include <openssl/async.h> #include <openssl/async.h>
#endif #endif
@ -362,7 +362,7 @@ fail_get:
} }
#endif #endif
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
/* /*
* openssl async fd handler * openssl async fd handler
*/ */
@ -3627,7 +3627,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE; options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
SSL_CTX_set_options(ctx, options); SSL_CTX_set_options(ctx, options);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
if (global_ssl.async) if (global_ssl.async)
mode |= SSL_MODE_ASYNC; mode |= SSL_MODE_ASYNC;
#endif #endif
@ -4125,7 +4125,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
options |= SSL_OP_NO_TICKET; options |= SSL_OP_NO_TICKET;
SSL_CTX_set_options(ctx, options); SSL_CTX_set_options(ctx, options);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
if (global_ssl.async) if (global_ssl.async)
mode |= SSL_MODE_ASYNC; mode |= SSL_MODE_ASYNC;
#endif #endif
@ -4638,7 +4638,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
fd_cant_recv(conn->handle.fd); fd_cant_recv(conn->handle.fd);
return 0; return 0;
} }
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
else if (ret == SSL_ERROR_WANT_ASYNC) { else if (ret == SSL_ERROR_WANT_ASYNC) {
ssl_async_process_fds(conn, conn->xprt_ctx); ssl_async_process_fds(conn, conn->xprt_ctx);
return 0; return 0;
@ -4722,7 +4722,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
fd_cant_recv(conn->handle.fd); fd_cant_recv(conn->handle.fd);
return 0; return 0;
} }
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
else if (ret == SSL_ERROR_WANT_ASYNC) { else if (ret == SSL_ERROR_WANT_ASYNC) {
ssl_async_process_fds(conn, conn->xprt_ctx); ssl_async_process_fds(conn, conn->xprt_ctx);
return 0; return 0;
@ -4784,7 +4784,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
reneg_ok: reneg_ok:
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
/* ASYNC engine API doesn't support moving read/write /* ASYNC engine API doesn't support moving read/write
* buffers. So we disable ASYNC mode right after * buffers. So we disable ASYNC mode right after
* the handshake to avoid buffer oveflows. * the handshake to avoid buffer oveflows.
@ -4908,7 +4908,7 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
/* handshake is running, and it needs to enable write */ /* handshake is running, and it needs to enable write */
conn->flags |= CO_FL_SSL_WAIT_HS; conn->flags |= CO_FL_SSL_WAIT_HS;
__conn_sock_want_send(conn); __conn_sock_want_send(conn);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
/* Async mode can be re-enabled, because we're leaving data state.*/ /* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async) if (global_ssl.async)
SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC); SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
@ -4920,7 +4920,7 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
/* handshake is running, and it may need to re-enable read */ /* handshake is running, and it may need to re-enable read */
conn->flags |= CO_FL_SSL_WAIT_HS; conn->flags |= CO_FL_SSL_WAIT_HS;
__conn_sock_want_recv(conn); __conn_sock_want_recv(conn);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
/* Async mode can be re-enabled, because we're leaving data state.*/ /* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async) if (global_ssl.async)
SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC); SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
@ -5021,7 +5021,7 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
/* handshake is running, and it may need to re-enable write */ /* handshake is running, and it may need to re-enable write */
conn->flags |= CO_FL_SSL_WAIT_HS; conn->flags |= CO_FL_SSL_WAIT_HS;
__conn_sock_want_send(conn); __conn_sock_want_send(conn);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
/* Async mode can be re-enabled, because we're leaving data state.*/ /* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async) if (global_ssl.async)
SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC); SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
@ -5036,7 +5036,7 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
/* handshake is running, and it needs to enable read */ /* handshake is running, and it needs to enable read */
conn->flags |= CO_FL_SSL_WAIT_HS; conn->flags |= CO_FL_SSL_WAIT_HS;
__conn_sock_want_recv(conn); __conn_sock_want_recv(conn);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
/* Async mode can be re-enabled, because we're leaving data state.*/ /* Async mode can be re-enabled, because we're leaving data state.*/
if (global_ssl.async) if (global_ssl.async)
SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC); SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
@ -5060,7 +5060,7 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
static void ssl_sock_close(struct connection *conn) { static void ssl_sock_close(struct connection *conn) {
if (conn->xprt_ctx) { if (conn->xprt_ctx) {
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
if (global_ssl.async) { if (global_ssl.async) {
OSSL_ASYNC_FD all_fd[32], afd; OSSL_ASYNC_FD all_fd[32], afd;
size_t num_all_fds = 0; size_t num_all_fds = 0;
@ -7407,7 +7407,7 @@ static int ssl_parse_global_ssl_async(char **args, int section_type, struct prox
struct proxy *defpx, const char *file, int line, struct proxy *defpx, const char *file, int line,
char **err) char **err)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
global_ssl.async = 1; global_ssl.async = 1;
return 0; return 0;
#else #else