1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
Hack OpenSSL bindings to recognize LibreSSL
This patch is based on https://github.com/crystal-lang/crystal/pull/5676.
diff --git a/src/openssl/lib_crypto.cr b/src/openssl/lib_crypto.cr
--- a/src/openssl/lib_crypto.cr
+++ b/src/openssl/lib_crypto.cr
@@ -2,10 +2,22 @@
lib LibCrypto
- OPENSSL_110 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.1.0 libcrypto || printf %s false`.stringify != "false" }}
- OPENSSL_102 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.0.2 libcrypto || printf %s false`.stringify != "false" }}
+ # An extra zero is appended to the output of LIBRESSL_VERSION to make it 0 when LibreSSL does not exist on the system.
+ # Any comparisons to it should be affixed with an extra zero as well e.g. `(LIBRESSL_VERSION_NUMBER >= 0x2050500F0)`.
+ LIBRESSL_VERSION = {{ system("echo \"#include <openssl/opensslv.h>\nLIBRESSL_VERSION_NUMBER\" | " +
+ (env("CC") || "cc") + " " + `pkg-config --cflags --silence-errors libssl || true`.chomp.stringify + " -E -").chomp.split('\n').last.split('L').first.id + "0" }}
+ OPENSSL_VERSION = {{ system("echo \"#include <openssl/opensslv.h>\nOPENSSL_VERSION_NUMBER\" | " +
+ (env("CC") || "cc") + " " + `pkg-config --cflags --silence-errors libssl || true`.chomp.stringify + " -E -").chomp.split('\n').last.split('L').first.id }}
end
{% end %}
-@[Link(ldflags: "`command -v pkg-config > /dev/null && pkg-config --libs --silence-errors libcrypto || printf %s '-lcrypto'`")]
+{% begin %}
+ lib LibCrypto
+ OPENSSL_110 = {{ (LibCrypto::LIBRESSL_VERSION == 0) && (LibCrypto::OPENSSL_VERSION >= 0x10101000) }}
+ OPENSSL_102 = {{ (LibCrypto::LIBRESSL_VERSION == 0) && (LibCrypto::OPENSSL_VERSION >= 0x10002000) }}
+ LIBRESSL_250 = {{ LibCrypto::LIBRESSL_VERSION >= 0x205000000 }}
+ end
+{% end %}
+
+@[Link(ldflags: "`command -v pkg-config > /dev/null && pkg-config --libs --silence-errors libcrypto || printf %s ' -lcrypto'`")]
lib LibCrypto
alias Char = LibC::Char
alias Int = LibC::Int
diff --git a/src/openssl/lib_ssl.cr b/src/openssl/lib_ssl.cr
--- a/src/openssl/lib_ssl.cr
+++ b/src/openssl/lib_ssl.cr
@@ -2,8 +2,9 @@
{% begin %}
lib LibSSL
- OPENSSL_110 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.1.0 libssl || printf %s false`.stringify != "false" }}
- OPENSSL_102 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.0.2 libssl || printf %s false`.stringify != "false" }}
+ OPENSSL_110 = {{ LibCrypto::OPENSSL_110 }}
+ OPENSSL_102 = {{ LibCrypto::OPENSSL_102 }}
+ LIBRESSL_250 = {{ LibCrypto::LIBRESSL_250 }}
end
{% end %}
@@ -198,13 +199,17 @@
fun sslv23_method = SSLv23_method : SSLMethod
{% end %}
- {% if OPENSSL_102 %}
+ {% if OPENSSL_102 || LIBRESSL_250 %}
alias ALPNCallback = (SSL, Char**, Char*, Char*, Int, Void*) -> Int
- alias X509VerifyParam = LibCrypto::X509VerifyParam
- fun ssl_get0_param = SSL_get0_param(handle : SSL) : X509VerifyParam
fun ssl_get0_alpn_selected = SSL_get0_alpn_selected(handle : SSL, data : Char**, len : LibC::UInt*) : Void
fun ssl_ctx_set_alpn_select_cb = SSL_CTX_set_alpn_select_cb(ctx : SSLContext, cb : ALPNCallback, arg : Void*) : Void
+ {% end %}
+
+ {% if OPENSSL_102 %}
+ alias X509VerifyParam = LibCrypto::X509VerifyParam
+
+ fun ssl_get0_param = SSL_get0_param(handle : SSL) : X509VerifyParam
fun ssl_ctx_get0_param = SSL_CTX_get0_param(ctx : SSLContext) : X509VerifyParam
fun ssl_ctx_set1_param = SSL_CTX_set1_param(ctx : SSLContext, param : X509VerifyParam) : Int
{% end %}
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
--- a/src/openssl/ssl/context.cr
+++ b/src/openssl/ssl/context.cr
@@ -304,7 +304,7 @@ abstract class OpenSSL::SSL::Context
LibSSL.ssl_ctx_set_verify(@handle, mode, nil)
end
- {% if LibSSL::OPENSSL_102 %}
+ {% if LibSSL::OPENSSL_102 || LibSSL::LIBRESSL_250 %}
@alpn_protocol : Pointer(Void)?
@@ -337,6 +337,10 @@ abstract class OpenSSL::SSL::Context
LibSSL.ssl_ctx_set_alpn_select_cb(@handle, alpn_cb, alpn_protocol)
end
+ {% end %}
+
+ {% if LibSSL::OPENSSL_102 %}
+
# Set this context verify param to the default one of the given name.
#
# Depending on the OpenSSL version, the available defaults are
diff --git a/src/openssl/ssl/socket.cr b/src/openssl/ssl/socket.cr
--- a/src/openssl/ssl/socket.cr
+++ b/src/openssl/ssl/socket.cr
@@ -119,7 +119,7 @@ abstract class OpenSSL::SSL::Socket < IO
@bio.io.flush
end
- {% if LibSSL::OPENSSL_102 %}
+ {% if LibSSL::OPENSSL_102 || LibSSL::LIBRESSL_250 %}
# Returns the negotiated ALPN protocol (eg: `"h2"`) of `nil` if no protocol was
# negotiated.
def alpn_protocol
|
