search

orthecreedence / cl-async

Asynchronous IO library for Common Lisp.
MIT License
272 stars 40 forks source link

as-ssl:tcp-ssl-connect fails with openssl 1.1.1k #188

Closed hdasch closed 2 years ago

hdasch commented 3 years ago

Recent(ish) openssl libraries produce The alien function "SSLv23_method" is undefined errors with as-ssl:tcp-ssl-connect. This occurs on libssl1.1 (1.1.k-1+debian) on Debian 11 and openssl 1.1.1.l-1 on Arch.

The openssl/ssl.h header file "#define"s SSLv23_metod to TLS_method to hide part of the API changes. That does not help cffi implementations.

Moreover, handshake completion detection also changed. This patch allows as-ssl to work with recent versions, but breaks with older versions of the API. It is not clear to me how to detect the library version to support both.

Suggestions welcome.

---
 src/ssl/util.lisp | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/ssl/util.lisp b/src/ssl/util.lisp
index e065475..f422640 100644
--- a/src/ssl/util.lisp
+++ b/src/ssl/util.lisp
@@ -91,6 +91,8 @@

 (defconstant +ssl-ctrl-options+ 32)

+(defconstant +tls_st_ok+ 1)
+
 (defconstant +bio-ctrl-reset+ 1)
 (defconstant +bio-ctrl-eof+ 2)
 (defconstant +bio-ctrl-info+ 3)
@@ -132,7 +134,7 @@
 (cffi:defcfun ("TLSv1_method" ssl-tlsv1-method) :pointer)
 (cffi:defcfun ("TLSv1_client_method" ssl-tlsv1-client-method) :pointer)
 (cffi:defcfun ("TLSv1_server_method" ssl-tlsv1-server-method) :pointer)
-(cffi:defcfun ("SSLv23_method" ssl-sslv23-method) :pointer)
+(cffi:defcfun ("TLS_method" ssl-sslv23-method) :pointer)
 (cffi:defcfun ("SSLv23_client_method" ssl-sslv23-client-method) :pointer)
 (cffi:defcfun ("SSLv23_server_method" ssl-sslv23-server-method) :pointer)
 (cffi:defcfun ("SSL_CTX_new" ssl-ctx-new) :pointer
@@ -214,11 +216,20 @@
   (len :int))

 (defun & (&rest vals) (not (zerop (apply 'logand vals))))
-(defun ssl-is-init-finished (ssl) (& (ssl-state ssl) +ssl-st-ok+))
-(defun ssl-in-init (ssl) (& (ssl-state ssl) +ssl-st-init+))
-(defun ssl-in-before (ssl) (& (ssl-state ssl) +ssl-st-before+))
-(defun ssl-in-connect-init (ssl) (& (ssl-state ssl) +ssl-st-connect+))
-(defun ssl-in-accept-init (ssl) (& (ssl-state ssl) +ssl-st-accept+))
+
+(cffi:defcfun ("SSL_get_state" ssl-get-state) :int
+  (ssl :pointer))
+(cffi:defcfun ("SSL_in_init" ssl-in-init) :int
+  (ssl :pointer))
+(cffi:defcfun ("SSL_in_before" ssl-in-before) :int
+  (ssl :pointer))
+(cffi:defcfun ("SSL_is_server" ssl-is-server) :int
+  (ssl :pointer))
+
+(defun ssl-is-init-finished (ssl)
+  (= (ssl-get-state ssl) +tls_st_ok+))
+(defun ssl-in-connect-init (ssl) (& (ssl-in-init ssl) (not (ssl-is-server ssl))))
+(defun ssl-in-accept-init (ssl) (& (ssl-in-init ssl) (ssl-is-server ssl)))
 (defun ssl-bio-set-mem-eof-return (bio v) (ssl-bio-ctrl bio +bio-c-set-buf-mem-eof-return+ v (cffi:null-pointer)))

 (defun ssl-ctx-set-options (ctx options)
-- 
2.33.0
hdasch commented 2 years ago

Fixed by pull request #190.