SSL_library_init();
_init = true;
}
-# define TLS_server_method SSLv23_server_method
-# define TLS_client_method SSLv23_client_method
+# ifndef TLS_server_method
+# define TLS_server_method SSLv23_server_method
+# endif
+# ifndef TLS_client_method
+# define TLS_client_method SSLv23_client_method
+# endif
#endif
if (server) {
uloop_timeout_set(&us->error_timer, 0);
}
-#ifndef WOLFSSL_OPENSSL_H_
+#ifndef NO_X509_CHECK_HOST
static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
{
if (!us->peer_cn)
return false;
+# ifndef WOLFSSL_OPENSSL_H_
ret = X509_check_host(cert, us->peer_cn, 0, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL);
+# else
+ ret = wolfSSL_X509_check_host(cert, us->peer_cn, 0, 0, NULL);
+# endif
return ret == 1;
}
+#endif
static void ustream_ssl_verify_cert(struct ustream_ssl *us)
{
return;
us->valid_cert = true;
+#ifndef NO_X509_CHECK_HOST
us->valid_cn = ustream_ssl_verify_cn(us, cert);
+#endif
X509_free(cert);
}
-#endif
__hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
{
void *ssl = us->ssl;
int r;
+ ERR_clear_error();
+
if (us->server)
r = SSL_accept(ssl);
else
r = SSL_connect(ssl);
if (r == 1) {
-#ifndef WOLFSSL_OPENSSL_H_
ustream_ssl_verify_cert(us);
-#endif
return U_SSL_OK;
}
__hidden int __ustream_ssl_write(struct ustream_ssl *us, const char *buf, int len)
{
void *ssl = us->ssl;
- int ret = SSL_write(ssl, buf, len);
+ int ret;
+
+ ERR_clear_error();
+
+ ret = SSL_write(ssl, buf, len);
if (ret < 0) {
int err = SSL_get_error(ssl, ret);
__hidden int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len)
{
- int ret = SSL_read(us->ssl, buf, len);
+ int ret;
+
+ ERR_clear_error();
+
+ ret = SSL_read(us->ssl, buf, len);
if (ret < 0) {
ret = SSL_get_error(us->ssl, ret);