tls_wolfssl: clean-up; remove OpenSSL-isms

src/modules/tls_wolfssl/tls_cfg.c

@@ -60,8 +60,6 @@ struct cfg_group_tls default_tls_cfg = {
 		-1, /* ssl_max_send_fragment (use the default: 16k), requires openssl
 		   > 0.9.9 */
 		0,	/* ssl_read_ahead (off, not needed, we have our own buffering BIO)*/
-		-1, /* low_mem_threshold1 */
-		-1, /* low_mem_threshold2 */
 		10 * 1024 * 1024, /* ct_wq_max: 10 Mb by default */
 		64 * 1024,		  /* con_ct_wq_max: 64Kb by default */
 		4096,			  /* ct_wq_blk_size */
@@ -200,12 +198,6 @@ cfg_def_t tls_cfg_def[] = {{"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
 				" module versions it is better to have read ahead disabled, "
 				"since"
 				" everything it is buffered in memory anyway"},
-		{"low_mem_threshold1", CFG_VAR_INT | CFG_ATOMIC, -1, 1 << 30, 0, 0,
-				"sets the minimum amount of free memory for accepting new TLS"
-				" connections (KB)"},
-		{"low_mem_threshold2", CFG_VAR_INT | CFG_ATOMIC, -1, 1 << 30, 0, 0,
-				"sets the minimum amount of free memory after which no more TLS"
-				" operations will be attempted (even on existing connections)"},
 		{"ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 1 << 30, 0, 0,
 				"maximum bytes queued globally for write when write has to "
 				"wait due"

src/modules/tls_wolfssl/tls_cfg.h

@@ -90,8 +90,6 @@ struct cfg_group_tls
 	 * now)
 	 */
 	int ssl_read_ahead;
-	int low_mem_threshold1;
-	int low_mem_threshold2;
 	int ct_wq_max;		/* maximum overall tls write clear text queued bytes */
 	int con_ct_wq_max;	/* maximum clear text write queued bytes per con */
 	int ct_wq_blk_size; /* minimum block size for the clear text write queue */

src/modules/tls_wolfssl/tls_domain.c

@@ -598,8 +598,8 @@ static int load_crl(tls_domain_t *d)
 			return -1;
 		}
 		store = wolfSSL_CTX_get_cert_store(d->ctx[0]);
-		X509_STORE_set_flags(
-				store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
+		wolfSSL_X509_STORE_set_flags(
+				store, WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL);
 	}while(0);
 	return 0;
 }
@@ -621,27 +621,6 @@ static int set_cipher_list(tls_domain_t *d)
 	char *cipher_list;
 
 	cipher_list = d->cipher_list.s;
-#ifdef TLS_KSSL_WORKAROUND
-	if(openssl_kssl_malloc_bug) { /* is openssl bug #1467 present ? */
-		if(d->cipher_list.s == 0) {
-			/* use "DEFAULT:!KRB5" */
-			cipher_list = "DEFAULT:!KRB5";
-		} else {
-			/* append ":!KRB5" */
-			cipher_list =
-					shm_malloc(d->cipher_list.len + C_NO_KRB5_SUFFIX_LEN + 1);
-			if(cipher_list) {
-				memcpy(cipher_list, d->cipher_list.s, d->cipher_list.len);
-				memcpy(cipher_list + d->cipher_list.len, C_NO_KRB5_SUFFIX,
-						C_NO_KRB5_SUFFIX_LEN);
-				cipher_list[d->cipher_list.len + C_NO_KRB5_SUFFIX_LEN] = 0;
-				shm_free(d->cipher_list.s);
-				d->cipher_list.s = cipher_list;
-				d->cipher_list.len += C_NO_KRB5_SUFFIX_LEN;
-			}
-		}
-	}
-#endif /* TLS_KSSL_WORKAROUND */
 	if(!cipher_list)
 		return 0;
 
@@ -749,9 +728,9 @@ static int set_ssl_options(tls_domain_t *d)
 {
 	long options;
 
-	options = SSL_OP_ALL; /* all the bug workarounds by default */
-	options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-			   | SSL_OP_CIPHER_SERVER_PREFERENCE;
+	options = WOLFSSL_OP_ALL; /* all the bug workarounds by default */
+	options |= WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+			   | WOLFSSL_OP_CIPHER_SERVER_PREFERENCE;
 
 	do {
 		wolfSSL_CTX_set_options(d->ctx[0], options);
@@ -778,8 +757,8 @@ static int set_session_cache(tls_domain_t *d)
 		 * thus sessions among processes will not be reused
 		 */
 		wolfSSL_CTX_set_session_cache_mode(d->ctx[0],
-				cfg_get(tls, tls_cfg, session_cache) ? SSL_SESS_CACHE_SERVER
-													 : SSL_SESS_CACHE_OFF);
+				cfg_get(tls, tls_cfg, session_cache) ? WOLFSSL_SESS_CACHE_SERVER
+													 : WOLFSSL_SESS_CACHE_OFF);
 		/* not really needed is SSL_SESS_CACHE_OFF */
 		wolfSSL_CTX_set_session_id_context(d->ctx[0],
 				(unsigned char *)tls_session_id.s, tls_session_id.len);
@@ -815,6 +794,7 @@ static int tls_ssl_ctx_mode(WOLFSSL_CTX *ctx, long mode, void *clear)
  */
 static int tls_ssl_ctx_set_freelist(WOLFSSL_CTX *ctx, long val, void *unused)
 {
+	/* NOOP */
 	return 0;
 }
 
@@ -828,10 +808,7 @@ static int tls_ssl_ctx_set_freelist(WOLFSSL_CTX *ctx, long val, void *unused)
 static int tls_ssl_ctx_set_max_send_fragment(
 		WOLFSSL_CTX *ctx, long val, void *unused)
 {
-	/* WOLFFIX if (val >= 0)
-		return SSL_CTX_set_max_send_fragment(ctx, val) -1;
-	*/
-
+	/* NOOP */
 	return 0;
 }
 
@@ -863,7 +840,7 @@ static int tls_server_name_cb(SSL *ssl, int *ad, void *private)
 
 	orig_domain = (tls_domain_t *)private;
 	server_name.s =
-			(char *)wolfSSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+			(char *)wolfSSL_get_servername(ssl, WOLFSSL_SNI_HOST_NAME);
 	if(server_name.s) {
 		LM_DBG("received server_name (TLS extension): '%s'\n", server_name.s);
 	} else {