Small source fix makes using BoringSSL easier #52

Closed
byllyfish opened this Issue Mar 5, 2015 · 2 comments

Comments

Projects
None yet
3 participants
@byllyfish

I'm using BoringSSL with ASIO 1.11. BoringSSL is Google's downstream fork of OpenSSL that removes some of the cruft from OpenSSL while remaining source compatible. I've found three issues with ASIO, but I only really need one source fix (which is openssl-fork-agnostic):

diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
index 2c40d40..0229374 100644
--- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp
+++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
@@ -63,7 +63,11 @@ public:
     ::CRYPTO_set_id_callback(0);
     ::CRYPTO_set_locking_callback(0);
     ::ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    ::ERR_remove_thread_state(NULL);
+#else
     ::ERR_remove_state(0);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L
     ::EVP_cleanup();
     ::CRYPTO_cleanup_all_ex_data();
     ::CONF_modules_unload(1);

ERR_remove_state was deprecated in favor of ERR_remove_thread_state in OpenSSL 1.0.0 (although it remained for binary compatibility).

https://www.openssl.org/docs/crypto/ERR_remove_state.html

The other two issues are:

  1. CONF_modules_unload isn't declared or defined in BoringSSL. Config modules aren't supported.
  2. SSL_R_SHORT_READ isn't defined in BoringSSL. Unused error codes have been removed.

These last two issues can be handled in my own code with a header prefix:

#if defined(OPENSSL_IS_BORINGSSL)
extern "C" {
#if !defined(SSL_R_SHORT_READ)
# define SSL_R_SHORT_READ    SSL_R_UNEXPECTED_RECORD
#endif // !defined(SSL_R_SHORT_READ)
inline void CONF_modules_unload(int p) {}
}
#endif // defined(OPENSSL_IS_BORINGSSL)
@thughes

This comment has been minimized.

Show comment
Hide comment
@thughes

thughes Jun 23, 2015

+1

FWIW, it looks like SSL_R_SHORT_READ has been removed in openssl as well: openssl/openssl@45f55f6

thughes commented Jun 23, 2015

+1

FWIW, it looks like SSL_R_SHORT_READ has been removed in openssl as well: openssl/openssl@45f55f6

thughes added a commit to airtimemedia/boringssl that referenced this issue Jun 23, 2015

@BenPope BenPope referenced this issue in nghttp2/nghttp2 Sep 29, 2015

Closed

Support BoringSSL #373

@chriskohlhoff

This comment has been minimized.

Show comment
Hide comment
@chriskohlhoff

chriskohlhoff Dec 3, 2015

Owner

Fixed in commits 628e3ca, 5fa8053 and 92bfc62.

Note that a new ssl::error::stream_truncated error code has been added, rather than reusing SSL_R_SHORT_READ.

Owner

chriskohlhoff commented Dec 3, 2015

Fixed in commits 628e3ca, 5fa8053 and 92bfc62.

Note that a new ssl::error::stream_truncated error code has been added, rather than reusing SSL_R_SHORT_READ.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment