2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 // This must come before the OpenSSL includes.
20 #include <folly/portability/Windows.h>
22 #include <openssl/ssl.h>
23 #include <openssl/x509.h>
28 // BoringSSL doesn't have notion of versioning although it defines
29 // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are
30 // intended to be specific to OpenSSL.
31 #if !defined(OPENSSL_IS_BORINGSSL)
32 #define FOLLY_OPENSSL_IS_101 \
33 (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \
34 OPENSSL_VERSION_NUMBER < 0x1000200fL)
35 #define FOLLY_OPENSSL_IS_102 \
36 (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
37 OPENSSL_VERSION_NUMBER < 0x10100000L)
38 #define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L)
39 #endif // !defined(OPENSSL_IS_BORINGSSL)
41 // BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.
42 #if defined(OPENSSL_IS_BORINGSSL) || \
43 (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
44 !defined(OPENSSL_NO_TLSEXT))
45 #define FOLLY_OPENSSL_HAS_ALPN 1
47 #define FOLLY_OPENSSL_HAS_ALPN 0
50 // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI.
51 #if defined(OPENSSL_IS_BORINGSSL) || \
52 (OPENSSL_VERSION_NUMBER >= 0x00908070L && \
53 !defined(OPENSSL_NO_TLSEXT))
54 #define FOLLY_OPENSSL_HAS_SNI 1
56 #define FOLLY_OPENSSL_HAS_SNI 0
59 // This class attempts to "unify" the OpenSSL libssl APIs between OpenSSL 1.0.2,
60 // 1.1.0 and BoringSSL. The general idea is to provide wrapper methods for 1.0.2
61 // which already exist in BoringSSL and 1.1.0, but there are few APIs such as
62 // SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed
65 #ifdef OPENSSL_IS_BORINGSSL
67 int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list);
68 int TLS1_get_client_version(SSL* s);
69 int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
70 int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
72 #elif FOLLY_OPENSSL_IS_102 || FOLLY_OPENSSL_IS_101
74 int SSL_CTX_up_ref(SSL_CTX* session);
75 int SSL_SESSION_up_ref(SSL_SESSION* session);
76 int X509_up_ref(X509* x);
77 int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
78 int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
80 #elif FOLLY_OPENSSL_IS_110
83 #warning Compiling with unsupported OpenSSL version