From b3526cbd2b8ca9e4eff4d4a0f1c3461cedcae776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Marie?= Date: Wed, 21 Dec 2016 08:58:16 +0100 Subject: [PATCH] Add LibreSSL 2.5.0 support --- openssl-sys/build.rs | 9 +++ openssl-sys/src/lib.rs | 55 +++++++++++------ openssl-sys/src/libressl.rs | 111 +++++------------------------------ openssl/build.rs | 4 ++ openssl/src/ssl/mod.rs | 3 + openssl/src/ssl/tests/mod.rs | 8 +-- openssl/src/version.rs | 7 ++- systest/build.rs | 6 +- 8 files changed, 81 insertions(+), 122 deletions(-) diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs index ce173192..ce990be3 100644 --- a/openssl-sys/build.rs +++ b/openssl-sys/build.rs @@ -247,6 +247,15 @@ fn validate_headers(include_dirs: &[PathBuf], } else if version_text.contains("0x10100") { println!("cargo:rustc-cfg=ossl110"); println!("cargo:version=110"); + } else if version_text.contains("0x20000000L") { + // Check if it is really LibreSSL + if version_header.lines().any(|l| { + l.contains("define ") && l.contains("LIBRESSL_VERSION_NUMBER") + }) { + println!("cargo:rustc-cfg=libressl"); + println!("cargo:libressl=true"); + println!("cargo:version=101"); + } } else { panic!(" diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 3ac3c2c2..8c4d1acf 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -17,6 +17,11 @@ mod ossl110; #[cfg(ossl110)] pub use ossl110::*; +#[cfg(libressl)] +mod libressl; +#[cfg(libressl)] +pub use libressl::*; + pub enum ASN1_INTEGER {} pub enum ASN1_STRING {} pub enum ASN1_TIME {} @@ -1075,8 +1080,11 @@ pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2; pub const SSL_MODE_AUTO_RETRY: c_long = 0x4; pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8; pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10; +#[cfg(not(libressl))] pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20; +#[cfg(not(libressl))] pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40; +#[cfg(not(libressl))] pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80; pub const SSL_ERROR_NONE: c_int = 0; @@ -1095,26 +1103,31 @@ pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; #[cfg(not(ossl101))] pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010; pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800; +#[cfg(not(libressl))] pub const SSL_OP_ALL: c_ulong = 0x80000BFF; pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000; pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000; pub const SSL_OP_NO_TICKET: c_ulong = 0x00004000; +#[cfg(not(libressl))] pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x00008000; pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: c_ulong = 0x00010000; +#[cfg(not(libressl))] pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x00020000; +#[cfg(not(libressl))] pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x00040000; pub const SSL_OP_CIPHER_SERVER_PREFERENCE: c_ulong = 0x00400000; pub const SSL_OP_TLS_ROLLBACK_BUG: c_ulong = 0x00800000; +#[cfg(not(libressl))] pub const SSL_OP_NO_SSLv3: c_ulong = 0x02000000; pub const SSL_OP_NO_TLSv1: c_ulong = 0x04000000; pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000; pub const SSL_OP_NO_TLSv1_1: c_ulong = 0x10000000; -#[cfg(not(ossl101))] +#[cfg(not(any(ossl101, libressl)))] pub const SSL_OP_NO_DTLSv1: c_ulong = 0x04000000; -#[cfg(not(ossl101))] +#[cfg(not(any(ossl101, libressl)))] pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; -#[cfg(not(ossl101))] +#[cfg(not(any(ossl101, libressl)))] pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; @@ -1292,9 +1305,9 @@ extern { pub fn BIO_new_socket(sock: c_int, close_flag: c_int) -> *mut BIO; pub fn BIO_read(b: *mut BIO, buf: *mut c_void, len: c_int) -> c_int; pub fn BIO_write(b: *mut BIO, buf: *const c_void, len: c_int) -> c_int; - #[cfg(ossl101)] + #[cfg(any(ossl101, libressl))] pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; pub fn BIO_set_flags(b: *mut BIO, flags: c_int); pub fn BIO_clear_flags(b: *mut BIO, flags: c_int); @@ -1375,11 +1388,11 @@ extern { pub fn DH_new() -> *mut DH; pub fn DH_free(dh: *mut DH); - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn DH_get_1024_160() -> *mut DH; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn DH_get_2048_224() -> *mut DH; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn DH_get_2048_256() -> *mut DH; pub fn EC_KEY_new() -> *mut EC_KEY; @@ -1495,11 +1508,11 @@ extern { type_: *const EVP_MD, e: *mut ENGINE, pkey: *mut EVP_PKEY) -> c_int; - #[cfg(ossl101)] + #[cfg(any(ossl101, libressl))] pub fn EVP_DigestVerifyFinal(ctx: *mut EVP_MD_CTX, sigret: *mut c_uchar, siglen: size_t) -> c_int; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn EVP_DigestVerifyFinal(ctx: *mut EVP_MD_CTX, sigret: *const c_uchar, siglen: size_t) -> c_int; @@ -1634,8 +1647,10 @@ extern { pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int; pub fn SSL_get_SSL_CTX(ssl: *const SSL) -> *mut SSL_CTX; pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX; - #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] + #[cfg(not(any(osslconf = "OPENSSL_NO_COMP", libressl)))] pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; + #[cfg(libressl)] + pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void; pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509; pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; pub fn SSL_get_version(ssl: *const SSL) -> *const c_char; @@ -1648,14 +1663,14 @@ extern { pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void; pub fn SSL_get_servername(ssl: *const SSL, name_type: c_int) -> *const c_char; pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM; pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long; pub fn SSL_shutdown(ssl: *mut SSL) -> c_int; pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; - #[cfg(ossl101)] + #[cfg(any(ossl101, libressl))] pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; pub fn SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME; pub fn SSL_set_tmp_dh_callback(ctx: *mut SSL, @@ -1664,8 +1679,10 @@ extern { keylength: c_int) -> *mut DH); - #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] + #[cfg(not(any(osslconf = "OPENSSL_NO_COMP", libressl)))] pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char; + #[cfg(libressl)] + pub fn SSL_COMP_get_name(comp: *const libc::c_void) -> *const c_char; pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char; pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int; @@ -1701,9 +1718,9 @@ extern { keylength: c_int) -> *mut DH); - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509; - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY; pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int; @@ -1787,9 +1804,9 @@ extern { #[cfg(not(ossl101))] pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn X509_VERIFY_PARAM_set_hostflags(param: *mut X509_VERIFY_PARAM, flags: c_uint); - #[cfg(not(ossl101))] + #[cfg(not(any(ossl101, libressl)))] pub fn X509_VERIFY_PARAM_set1_host(param: *mut X509_VERIFY_PARAM, name: *const c_char, namelen: size_t) -> c_int; diff --git a/openssl-sys/src/libressl.rs b/openssl-sys/src/libressl.rs index 4f418f14..0f20713e 100644 --- a/openssl-sys/src/libressl.rs +++ b/openssl-sys/src/libressl.rs @@ -3,7 +3,6 @@ use std::sync::{Once, ONCE_INIT}; use std::mem; use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong}; -#[cfg(not(ossl101))] use libc::time_t; #[repr(C)] @@ -88,7 +87,6 @@ pub struct RSA { pub _method_mod_p: *mut ::BN_MONT_CTX, pub _method_mod_q: *mut ::BN_MONT_CTX, - pub bignum_data: *mut c_char, pub blinding: *mut ::BN_BLINDING, pub mt_blinding: *mut ::BN_BLINDING, } @@ -155,7 +153,6 @@ pub struct BIO { #[repr(C)] pub struct CRYPTO_EX_DATA { pub sk: *mut ::stack_st_void, - pub dummy: c_int, } #[repr(C)] @@ -258,10 +255,6 @@ pub struct X509 { crldp: *mut c_void, altname: *mut c_void, nc: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] - rfc3779_addr: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_RFC3779"))] - rfc3779_asid: *mut c_void, #[cfg(not(osslconf = "OPENSSL_NO_SHA"))] sha1_hash: [c_uchar; 20], aux: *mut c_void, @@ -346,99 +339,26 @@ pub struct SSL_CTX { #[cfg(not(osslconf = "OPENSSL_NO_ENGINE"))] client_cert_engine: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_servername_callback: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsect_servername_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_key_name: [c_uchar; 16], - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_hmac_key: [c_uchar; 16], - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_tick_aes_key: [c_uchar; 16], - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_ticket_key_cb: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_cb: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_status_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_callback: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))] tlsext_opaque_prf_input_callback_arg: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_identity_hint: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_client_callback: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_PSK"))] - psk_server_callback: *mut c_void, - - #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] - freelist_max_len: c_uint, - #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] - wbuf_freelist: *mut c_void, - #[cfg(not(osslconf = "OPENSSL_NO_BUF_FREELISTS"))] - rbuf_freelist: *mut c_void, - - #[cfg(not(osslconf = "OPENSSL_NO_SRP"))] - srp_ctx: SRP_CTX, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] next_protos_advertised_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] next_protos_advertised_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] next_proto_select_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_NEXTPROTONEG")))] next_proto_select_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl101))] srtp_profiles: *mut c_void, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - srtp_profiles: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_select_cb: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_select_cb_arg: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_client_proto_list: *mut c_void, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), ossl102))] - alpn_client_proto_list_len: c_uint, - - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ecpointformatlist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ecpointformatlist: *mut c_uchar, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ellipticcurvelist_length: size_t, - #[cfg(all(not(osslconf = "OPENSSL_NO_TLSEXT"), not(osslconf = "OPENSSL_NO_EC"), ossl102))] - tlsext_ellipticcurvelist: *mut c_uchar, } #[repr(C)] -pub struct SRP_CTX { - SRP_cb_arg: *mut c_void, - TLS_ext_srp_username_callback: *mut c_void, - SRP_verify_param_callback: *mut c_void, - SRP_give_srp_client_pwd_callback: *mut c_void, - login: *mut c_void, - N: *mut c_void, - g: *mut c_void, - s: *mut c_void, - B: *mut c_void, - A: *mut c_void, - a: *mut c_void, - b: *mut c_void, - v: *mut c_void, - info: *mut c_void, - stringth: c_int, - srp_Mask: c_ulong, -} - -#[repr(C)] -#[cfg(not(ossl101))] pub struct X509_VERIFY_PARAM { pub name: *mut c_char, pub check_time: time_t, @@ -448,27 +368,30 @@ pub struct X509_VERIFY_PARAM { pub trust: c_int, pub depth: c_int, pub policies: *mut stack_st_ASN1_OBJECT, - pub id: *mut X509_VERIFY_PARAM_ID, + //pub id: *mut X509_VERIFY_PARAM_ID, } -#[cfg(not(ossl101))] pub enum X509_VERIFY_PARAM_ID {} pub const SSL_CTRL_OPTIONS: c_int = 32; pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77; -#[cfg(ossl102)] pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; -pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x00000001; -pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x00000002; -pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x00000008; -pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x00000020; -pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x00000080; -pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x00000100; -pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x00000200; +pub const SSL_OP_ALL: c_ulong = 0x80000014; +pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0; +pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0; +pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: c_ulong = 0x0; +pub const SSL_OP_NO_SSLv3: c_ulong = 0x0; +pub const SSL_OP_MICROSOFT_SESS_ID_BUG: c_ulong = 0x0; +pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: c_ulong = 0x0; +pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: c_ulong = 0x0; +pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0; +pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0; +pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0; +pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0; pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000; pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000; -pub const SSL_OP_NO_SSLv2: c_ulong = 0x01000000; +pub const SSL_OP_NO_SSLv2: c_ulong = 0x0; pub const SSLEAY_VERSION : c_int = 0; pub const SSLEAY_CFLAGS : c_int = 2; @@ -534,12 +457,10 @@ fn set_id_callback() {} // macros -#[cfg(ossl102)] pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int { ::SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff as c_long, ::std::ptr::null_mut()) as c_int } -#[cfg(ossl102)] pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int { ::SSL_ctrl(ssl, SSL_CTRL_SET_ECDH_AUTO, onoff as c_long, ::std::ptr::null_mut()) as c_int } @@ -578,15 +499,11 @@ extern { pub fn OPENSSL_add_all_algorithms_noconf(); pub fn HMAC_CTX_init(ctx: *mut ::HMAC_CTX); pub fn HMAC_CTX_cleanup(ctx: *mut ::HMAC_CTX); - #[cfg(not(osslconf = "OPENSSL_NO_SSL3_METHOD"))] - pub fn SSLv3_method() -> *const ::SSL_METHOD; pub fn TLSv1_method() -> *const ::SSL_METHOD; pub fn SSLv23_method() -> *const ::SSL_METHOD; pub fn TLSv1_1_method() -> *const ::SSL_METHOD; pub fn TLSv1_2_method() -> *const ::SSL_METHOD; pub fn DTLSv1_method() -> *const ::SSL_METHOD; - #[cfg(ossl102)] - pub fn DTLSv1_2_method() -> *const ::SSL_METHOD; pub fn SSL_get_ex_new_index(argl: c_long, argp: *mut c_void, new_func: Option<::CRYPTO_EX_new>, dup_func: Option<::CRYPTO_EX_dup>, diff --git a/openssl/build.rs b/openssl/build.rs index 7a0c60dc..954e9b0c 100644 --- a/openssl/build.rs +++ b/openssl/build.rs @@ -16,6 +16,10 @@ fn main() { _ => panic!("Unable to detect OpenSSL version"), } + if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") { + println!("cargo:rustc-cfg=libressl"); + } + if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { for var in vars.split(",") { println!("cargo:rustc-cfg=osslconf=\"{}\"", var); diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 6e0c92c3..9803949d 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -166,8 +166,11 @@ bitflags! { const SSL_MODE_AUTO_RETRY = ffi::SSL_MODE_AUTO_RETRY, const SSL_MODE_NO_AUTO_CHAIN = ffi::SSL_MODE_NO_AUTO_CHAIN, const SSL_MODE_RELEASE_BUFFERS = ffi::SSL_MODE_RELEASE_BUFFERS, + #[cfg(not(libressl))] const SSL_MODE_SEND_CLIENTHELLO_TIME = ffi::SSL_MODE_SEND_CLIENTHELLO_TIME, + #[cfg(not(libressl))] const SSL_MODE_SEND_SERVERHELLO_TIME = ffi::SSL_MODE_SEND_SERVERHELLO_TIME, + #[cfg(not(libressl))] const SSL_MODE_SEND_FALLBACK_SCSV = ffi::SSL_MODE_SEND_FALLBACK_SCSV, } } diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs index 2f6bbe1f..437bec8a 100644 --- a/openssl/src/ssl/tests/mod.rs +++ b/openssl/src/ssl/tests/mod.rs @@ -181,7 +181,7 @@ macro_rules! run_test( } #[test] - #[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) + #[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467) fn dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); $blk(SslMethod::dtls(), stream); @@ -432,7 +432,7 @@ run_test!(get_peer_certificate, |method, stream| { }); #[test] -#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) +#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467) fn test_write_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(iter::repeat("y\n")); let ctx = SslContext::builder(SslMethod::dtls()).unwrap(); @@ -771,7 +771,7 @@ fn test_alpn_server_select_none() { } #[test] -#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) +#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467) fn test_read_dtlsv1() { let (_s, stream) = Server::new_dtlsv1(Some("hello")); @@ -849,7 +849,7 @@ fn test_write_nonblocking() { } #[test] -#[cfg_attr(any(windows, target_arch = "arm"), ignore)] // FIXME(#467) +#[cfg_attr(any(libressl, windows, target_arch = "arm"), ignore)] // FIXME(#467) fn test_read_nonblocking() { let (_s, stream) = Server::new(); stream.set_nonblocking(true).unwrap(); diff --git a/openssl/src/version.rs b/openssl/src/version.rs index d7db39a7..2604914e 100644 --- a/openssl/src/version.rs +++ b/openssl/src/version.rs @@ -92,8 +92,13 @@ fn test_versions() { println!("Platform: '{}'", platform()); println!("Dir: '{}'", dir()); + #[cfg(not(libressl))] + fn expected_name() -> &'static str { "OpenSSL" } + #[cfg(libressl)] + fn expected_name() -> &'static str { "LibreSSL" } + assert!(number() > 0); - assert!(version().starts_with("OpenSSL")); + assert!(version().starts_with(expected_name())); assert!(c_flags().starts_with("compiler:")); assert!(built_on().starts_with("built on:")); assert!(dir().starts_with("OPENSSLDIR:")); diff --git a/systest/build.rs b/systest/build.rs index b0ca3250..2f0fd136 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -22,7 +22,11 @@ fn main() { } } - cfg.cfg(&format!("ossl{}", env::var("DEP_OPENSSL_VERSION").unwrap()), None); + if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") { + cfg.cfg("libressl", None); + } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") { + cfg.cfg(&format!("ossl{}", version), None); + } if let Ok(vars) = env::var("DEP_OPENSSL_CONF") { for var in vars.split(",") { cfg.cfg("osslconf", Some(var));