subject:"\[PATCH\] introduce guard for SCTL openssl specific functions"

Re: [PATCH] introduce guard for SCTL openssl specific functions

2021-02-18 Thread William Lallemand

On Thu, Feb 18, 2021 at 07:06:14PM +0500, Илья Шипицин wrote:
> ping :)
> 
> On Sat, Feb 13, 2021, 11:48 AM Илья Шипицин  wrote:
> 
> > I changed macro name, new patch attached
> >

Merged, thanks.


-- 
William Lallemand

Re: [PATCH] introduce guard for SCTL openssl specific functions

2021-02-18 Thread Илья Шипицин

ping :)

On Sat, Feb 13, 2021, 11:48 AM Илья Шипицин  wrote:

> I changed macro name, new patch attached
>
> сб, 13 февр. 2021 г. в 03:41, William Lallemand :
>
>> On Sat, Feb 13, 2021 at 12:21:56AM +0500, Илья Шипицин wrote:
>> > Hello,
>> >
>> > let as switch to feature macro instead of HA_OPENSSL_VERSION.
>> >
>> > Ilya
>>
>> Hello Ilya,
>>
>> For more concistency with the other macros I'd rather use
>> "HAVE_SSL_SCTL" instead of "HAVE_OPENSSL_SCTL".
>>
>> Regards,
>>
>> --
>> William Lallemand
>>
>

Re: [PATCH] introduce guard for SCTL openssl specific functions

2021-02-12 Thread Илья Шипицин

I changed macro name, new patch attached

сб, 13 февр. 2021 г. в 03:41, William Lallemand :

> On Sat, Feb 13, 2021 at 12:21:56AM +0500, Илья Шипицин wrote:
> > Hello,
> >
> > let as switch to feature macro instead of HA_OPENSSL_VERSION.
> >
> > Ilya
>
> Hello Ilya,
>
> For more concistency with the other macros I'd rather use
> "HAVE_SSL_SCTL" instead of "HAVE_OPENSSL_SCTL".
>
> Regards,
>
> --
> William Lallemand
>
From 48fda0400d94c354f3eee937896eae5c22e67705 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Sat, 13 Feb 2021 11:45:33 +0500
Subject: [PATCH] BUILD: ssl: introduce fine guard for OpenSSL specific SCTL
 functions

SCTL (signed certificate timestamp list) specified in RFC6962
was implemented in c74ce24cd22e8c683ba0e5353c0762f8616e597d, let
us introduce macro HAVE_SSL_SCTL for the HAVE_SSL_SCTL sake,
which in turn is based on SN_ct_cert_scts, which comes in the same commit
---
 include/haproxy/openssl-compat.h | 4 
 src/ssl_ckch.c   | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 3fe58be40..b5f05d1ae 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -57,6 +57,10 @@
 #define HAVE_SSL_CTX_get0_privatekey
 #endif
 
+#if (defined(SN_ct_cert_scts) && !defined(OPENSSL_NO_TLSEXT))
+#define HAVE_SSL_SCTL
+#endif
+
 #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
 /* Functions present in OpenSSL 0.9.8, older not tested */
 static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index f654b4b52..8aa29bd22 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -320,7 +320,7 @@ int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *c
 		goto end;
 	}
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SSL_SCTL
 	/* try to load the sctl file */
 	if (global_ssl.extra_files & SSL_GF_SCTL) {
 		struct stat st;
@@ -939,7 +939,7 @@ enum {
 	CERT_TYPE_OCSP,
 #endif
 	CERT_TYPE_ISSUER,
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SSL_SCTL
 	CERT_TYPE_SCTL,
 #endif
 	CERT_TYPE_MAX,
@@ -956,7 +956,7 @@ struct {
 #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
 	[CERT_TYPE_OCSP]   = { "ocsp",CERT_TYPE_OCSP, _sock_load_ocsp_response_from_file },
 #endif
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_SSL_SCTL
 	[CERT_TYPE_SCTL]   = { "sctl",CERT_TYPE_SCTL, _sock_load_sctl_from_file },
 #endif
 	[CERT_TYPE_ISSUER] = { "issuer",  CERT_TYPE_ISSUER,   _sock_load_issuer_file_into_ckch },
-- 
2.29.2

Re: [PATCH] introduce guard for SCTL openssl specific functions

2021-02-12 Thread William Lallemand

On Sat, Feb 13, 2021 at 12:21:56AM +0500, Илья Шипицин wrote:
> Hello,
> 
> let as switch to feature macro instead of HA_OPENSSL_VERSION.
> 
> Ilya

Hello Ilya,

For more concistency with the other macros I'd rather use
"HAVE_SSL_SCTL" instead of "HAVE_OPENSSL_SCTL".

Regards,

-- 
William Lallemand

[PATCH] introduce guard for SCTL openssl specific functions

2021-02-12 Thread Илья Шипицин

Hello,

let as switch to feature macro instead of HA_OPENSSL_VERSION.

Ilya
From ddae23ca3503f29416cb04dc5689282be67df087 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Sat, 13 Feb 2021 00:16:58 +0500
Subject: [PATCH] BUILD: ssl: introduce fine guard for OpenSSL specific SCTL
 functions

SCTL (signed certificate timestamp list) specified in RFC6962
was implemented in c74ce24cd22e8c683ba0e5353c0762f8616e597d, let
us introduce macro HAVE_OPENSSL_SCTL for the HAVE_OPENSSL_SCTL sake,
which in turn is based on SN_ct_cert_scts, which comes in the same commit
---
 include/haproxy/openssl-compat.h | 4 
 src/ssl_ckch.c   | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 3fe58be40..f3044228a 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -57,6 +57,10 @@
 #define HAVE_SSL_CTX_get0_privatekey
 #endif
 
+#if (defined(SN_ct_cert_scts) && !defined(OPENSSL_NO_TLSEXT))
+#define HAVE_OPENSSL_SCTL
+#endif
+
 #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
 /* Functions present in OpenSSL 0.9.8, older not tested */
 static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index f654b4b52..d0cc562c0 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -320,7 +320,7 @@ int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *c
 		goto end;
 	}
 
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_OPENSSL_SCTL
 	/* try to load the sctl file */
 	if (global_ssl.extra_files & SSL_GF_SCTL) {
 		struct stat st;
@@ -939,7 +939,7 @@ enum {
 	CERT_TYPE_OCSP,
 #endif
 	CERT_TYPE_ISSUER,
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_OPENSSL_SCTL
 	CERT_TYPE_SCTL,
 #endif
 	CERT_TYPE_MAX,
@@ -956,7 +956,7 @@ struct {
 #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
 	[CERT_TYPE_OCSP]   = { "ocsp",CERT_TYPE_OCSP, _sock_load_ocsp_response_from_file },
 #endif
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
+#ifdef HAVE_OPENSSL_SCTL
 	[CERT_TYPE_SCTL]   = { "sctl",CERT_TYPE_SCTL, _sock_load_sctl_from_file },
 #endif
 	[CERT_TYPE_ISSUER] = { "issuer",  CERT_TYPE_ISSUER,   _sock_load_issuer_file_into_ckch },
-- 
2.29.2

Re: [PATCH] introduce guard for SCTL openssl specific functions

Re: [PATCH] introduce guard for SCTL openssl specific functions

Re: [PATCH] introduce guard for SCTL openssl specific functions

Re: [PATCH] introduce guard for SCTL openssl specific functions

[PATCH] introduce guard for SCTL openssl specific functions

5 matches

Site Navigation

Mail list logo

Footer information