Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / fa15af66b99dd82fb5c6f354e6b96708942a4cf1^! / .
commitfa15af66b99dd82fb5c6f354e6b96708942a4cf1[log] [tgz]
authorValentine Krasnobaeva <vkrasnobaeva@haproxy.com>Tue May 28 11:01:11 2024 +0200
committerAmaury Denoyelle <adenoyelle@haproxy.com>Thu Jun 06 18:43:56 2024 +0200
treee3eefc36921fb944c73fe1dbdddc3e63ae1a6409
parent25a7e1669aa6a0f367e696062c176991799f319d [diff]
CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp

Due to the support of different TLS/SSL libraries and its different versions,
sometimes we are forced to use different internal typedefs and callback
functions. We strive to avoid this, but time to time "#ifdef... #endif"
become inevitable.

In particular, in ssl_sock_load_ocsp() we define a 'callback' variable, which
will contain a function pointer to our OCSP stapling callback, assigned
further via SSL_CTX_set_tlsext_status_cb() to the intenal SSL context
struct in a linked crypto library.

If this linked crypto library is OpenSSL 1.x.x/3.x.x, for setting and
getting this callback we have the following API signatures
(see doc/man3/SSL_CTX_set_tlsext_status_cb.pod):

  long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));
  long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));

If we are using WolfSSL, same APIs expect tlsextStatusCb function prototype,
provided via the typedef below (see wolfssl/wolfssl/ssl.h):

  typedef int(*tlsextStatusCb)(WOLFSSL* ssl, void*);
  WOLFSSL_API int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb);
  WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb);

It seems, that in OpenSSL < 1.0.0, there was no support for OCSP extention, so
no need to set this callback.

Let's avoid #ifndef... #endif for this 'callback' variable definition to keep
things clear. #ifndef... #endif are usually less readable, than
straightforward "#ifdef... #endif".

(cherry picked from commit fb7b46d267af0b21e59eaddaca13e64f9d19c4e4)
 [ad: picked to ease next patch apply]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 3f52663eec41a87f5b21780f67cd6e7e1f1f93e0)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d2c28a2..599e8b2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -1116,10 +1116,10 @@
 	struct certificate_ocsp *ocsp = NULL, *iocsp;
 	char *warn = NULL;
 	unsigned char *p;
-#ifndef USE_OPENSSL_WOLFSSL
-	void (*callback) (void);
-#else
+#ifdef USE_OPENSSL_WOLFSSL
 	tlsextStatusCb callback;
+#else
+	void (*callback) (void);
 #endif
 	struct buffer *ocsp_uri = get_trash_chunk();
 	char *err = NULL;