tls: libressl: refactor set_options to work with macro implementations

Libressl uses macros for set_options(), causing compilation failure. Refactor the related code to work well with macro definitions for these apis. https://github.com/warmcat/libwebsockets/issues/2554
2025-03-09 00:00:04 +01:00 · 2022-02-08 04:58:13 +00:00 · 2022-02-08 04:58:13 +00:00 · 6c53da692e
commit 6c53da692e
parent 8cc4c1713d
2 changed files with 83 additions and 23 deletions
--- a/lib/tls/openssl/openssl-client.c
+++ b/lib/tls/openssl/openssl-client.c
@ -964,37 +964,67 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 			 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
 			 SSL_MODE_RELEASE_BUFFERS);

-	if (info->ssl_client_options_set)
-		SSL_CTX_set_options(vh->tls.ssl_client_ctx,
+#if !defined(USE_WOLFSSL)
+#if defined(LWS_WITH_BORINGSSL)
+				uint32_t
+#else
+#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && \
+	!defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
+		unsigned long
+#else
+		long
+#endif
+#endif
+#else
+		long
+#endif
+			ssl_client_options_set_value =
 #if !defined(USE_WOLFSSL)
 #if defined(LWS_WITH_BORINGSSL)
 				(uint32_t)
 #else
 #if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && \
 	!defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
-				    (unsigned long)
+				(unsigned long)
 #else
-				    (long)
+				(long)
 #endif
 #endif
 #endif
-				    info->ssl_client_options_set);
+			info->ssl_client_options_set;
+
+	if (info->ssl_client_options_set)
+		SSL_CTX_set_options(vh->tls.ssl_client_ctx, ssl_client_options_set_value);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL)

 	/* SSL_clear_options introduced in 0.9.8m */
-#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL)
-	if (info->ssl_client_options_clear)
-		SSL_CTX_clear_options(vh->tls.ssl_client_ctx,
+#if defined(LWS_WITH_BORINGSSL)
+                uint32_t
+#else
+#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && \
+	!defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
+		unsigned long
+#else
+		long
+#endif
+#endif
+
+			ssl_client_options_clear_value =
 #if defined(LWS_WITH_BORINGSSL)
 				(uint32_t)
 #else
 #if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && \
 	!defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
-				    (unsigned long)
+				(unsigned long)
 #else
-				    (long)
+				(long)
 #endif
 #endif
-				      info->ssl_client_options_clear);
+			info->ssl_client_options_clear;
+
+	if (info->ssl_client_options_clear)
+		SSL_CTX_clear_options(vh->tls.ssl_client_ctx, ssl_client_options_clear_value);
 #endif

 	if (cipher_list)
--- a/lib/tls/openssl/openssl-server.c
+++ b/lib/tls/openssl/openssl-server.c
@ -579,8 +579,20 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
 			 __func__);
 	}

-	if (info->ssl_options_set)
-		SSL_CTX_set_options(vhost->tls.ssl_ctx,
+#if defined(USE_WOLFSSL)
+		long
+#else
+#if defined(LWS_WITH_BORINGSSL)
+		uint32_t
+#else
+#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && !defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
+		unsigned long
+#else
+		long
+#endif
+#endif
+#endif
+			ssl_options_set_value =
 #if defined(USE_WOLFSSL)
 				(long)
 #else
@ -588,32 +600,50 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
 				(uint32_t)
 #else
 #if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && !defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
-				    (unsigned long)
+				(unsigned long)
 #else
-				    (long)
+				(long)
 #endif
 #endif
 #endif
-				info->ssl_options_set);
+					info->ssl_options_set;
+
+	if (info->ssl_options_set)
+		SSL_CTX_set_options(vhost->tls.ssl_ctx, ssl_options_set_value);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL)

 /* SSL_clear_options introduced in 0.9.8m */
-#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL)
-	if (info->ssl_options_clear)
-		SSL_CTX_clear_options(vhost->tls.ssl_ctx,
+#if defined(LWS_WITH_BORINGSSL)
+	uint32_t
+#else
+#if (OPENSSL_VERSION_NUMBER >= 0x10003000l)  && !defined(LIBRESSL_VERSION_NUMBER)/* not documented by openssl */
+	unsigned long
+#else
+	long
+#endif
+#endif
+
+	ssl_options_clear_value =
 #if defined(LWS_WITH_BORINGSSL)
 				(uint32_t)
 #else
 #if (OPENSSL_VERSION_NUMBER >= 0x10003000l)  && !defined(LIBRESSL_VERSION_NUMBER)/* not documented by openssl */
-				    (unsigned long)
+				(unsigned long)
 #else
-				    (long)
+				(long)
 #endif
 #endif
-				      info->ssl_options_clear);
-#endif
+					info->ssl_options_clear;
+
+	if (info->ssl_options_clear) {
+		SSL_CTX_clear_options(vhost->tls.ssl_ctx, ssl_options_clear_value);
+	}

 	lwsl_info(" SSL options 0x%lX\n",
 			(unsigned long)SSL_CTX_get_options(vhost->tls.ssl_ctx));
+#endif
+
 	if (!vhost->tls.use_ssl ||
 	    (!info->ssl_cert_filepath && !info->server_ssl_cert_mem))
 		return 0;