/*
- * Copyright 2017 Facebook, Inc.
+ * Copyright 2016-present Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
#include <folly/io/async/ssl/OpenSSLUtils.h>
-#include <folly/ScopeGuard.h>
-#include <folly/portability/OpenSSL.h>
-#include <folly/portability/Sockets.h>
+
#include <glog/logging.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
+
#include <unordered_map>
+#include <folly/ScopeGuard.h>
+#include <folly/portability/Sockets.h>
+#include <folly/portability/Unistd.h>
+
namespace {
#ifdef OPENSSL_IS_BORINGSSL
// BoringSSL doesn't (as of May 2016) export the equivalent
static int boringssl_bio_fd_should_retry(int err);
#endif
-}
+} // namespace
namespace folly {
namespace ssl {
}
}
- for (size_t i = 0; i < (size_t)sk_GENERAL_NAME_num(altNames); i++) {
+ for (int i = 0; i < sk_GENERAL_NAME_num(altNames); i++) {
auto name = sk_GENERAL_NAME_value(altNames, i);
if ((addr4 != nullptr || addr6 != nullptr) && name->type == GEN_IPADD) {
// Extra const-ness for paranoia
}
void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
+ (void)ssl;
+ (void)ctx;
#if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
if (ssl) {
+ if (ctx) {
+ SSL_CTX_up_ref(ctx);
+ }
ssl->initial_ctx = ctx;
}
#endif
}
SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) {
+ (void)ssl;
#if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
if (ssl) {
return ssl->initial_ctx;
BIO_set_fd(b, sock, flags);
}
-} // ssl
-} // folly
+} // namespace ssl
+} // namespace folly
namespace {
#ifdef OPENSSL_IS_BORINGSSL
#if defined(OPENSSL_WINDOWS)
-#include <io.h>
-#pragma warning(push, 3)
-#include <windows.h>
-#pragma warning(pop)
-
int boringssl_bio_fd_should_retry(int i) {
if (i == -1) {
return boringssl_bio_fd_non_fatal_error((int)GetLastError());
#else // !OPENSSL_WINDOWS
-#include <unistd.h>
int boringssl_bio_fd_should_retry(int i) {
if (i == -1) {
return boringssl_bio_fd_non_fatal_error(errno);
#endif // OEPNSSL_IS_BORINGSSL
-}
+} // namespace