Please consider adding fallback to WolfSSL support for TLS

Howdy,

Since some consider OpenSSL incompatible with the GPL, it would be handy to utilize WolfSSL's compatibility layer in hopm.

A (poor, I'm not good with autoconf/m4/make) example follows:

```
diff --git a/m4/ax_arg_openssl.m4 b/m4/ax_arg_openssl.m4
index 972dfd0..115bdd0 100644
--- a/m4/ax_arg_openssl.m4
+++ b/m4/ax_arg_openssl.m4
@@ -15,7 +15,8 @@ if test "$cf_enable_openssl" != "no"; then
     dnl Do the auto-probe here.  Check some common directory paths.
     for dirs in /usr/local/ssl /usr/pkg /usr/local /usr/lib /usr/lib/ssl\
                 /opt /opt/openssl /usr/local/openssl; do
-      if test -f "${dirs}/include/openssl/opensslv.h"; then
+      if test -f "${dirs}/include/openssl/opensslv.h" ||
+         test -f "${dirs}/include/wolfssl/openssl/opensslv.h"; then
         cf_openssl_basedir="${dirs}"
         break
       fi
@@ -28,6 +29,9 @@ if test "$cf_enable_openssl" != "no"; then
     if test -f "${cf_openssl_basedir}/include/openssl/opensslv.h"; then
       CPPFLAGS="-I${cf_openssl_basedir}/include $CPPFLAGS"
       LDFLAGS="-L${cf_openssl_basedir}/lib $LDFLAGS"
+    elif test -f "${cf_openssl_basedir}/include/wolfssl/openssl/opensslv.h"; then
+      CPPFLAGS="-I${cf_openssl_basedir}/include -I${cf_openssl_basedir}/include/wolfssl $CPPFLAGS"
+      LDFLAGS="-L${cf_openssl_basedir}/lib $LDFLAGS"
     else
       dnl OpenSSL wasn't found in the directory specified.  Naughty
       dnl administrator...
@@ -40,7 +44,8 @@ if test "$cf_enable_openssl" != "no"; then
     dnl We can't do this check above, because some people want two versions
     dnl of OpenSSL installed (stock FreeBSD 4.x/5.x and /usr/local/ssl)
     dnl and they want /usr/local/ssl to have preference.
-    if test -f "/usr/include/openssl/opensslv.h"; then
+    if test -f "/usr/include/openssl/opensslv.h" ||
+       test -f "/usr/include/wolfssl/openssl/opensslv.h"; then
       cf_openssl_basedir="/usr"
     fi
   fi
@@ -78,5 +83,12 @@ AS_IF([test "$cf_enable_openssl" != "no"],
     AS_IF([test "$ac_cv_lib_crypto_RSA_free" = "yes"],
       [AC_CHECK_LIB(ssl, SSL_connect)])
     ],[AC_MSG_RESULT(no - LibreSSL/OpenSSL support disabled)
+    cf_enable_openssl="no"])
+  AC_CHECK_HEADERS([wolfssl/openssl/ssl.h],
+    [AC_SEARCH_LIBS([wolfSSL_CTX_new], [wolfssl])
+    AC_DEFINE([HAVE_LIBWOLFSSL], 1, [Define to 1 if you have libwolfssl.])
+    AC_MSG_NOTICE(Using fallback WolfSSL support)
+    cf_enable_openssl="yes"
+    ],[AC_MSG_RESULT(no - LibreSSL/OpenSSL support disabled)
     cf_enable_openssl="no"])])
 ])
diff --git a/src/libopm/src/libopm.c b/src/libopm/src/libopm.c
index 89b376f..48be381 100644
--- a/src/libopm/src/libopm.c
+++ b/src/libopm/src/libopm.c
@@ -32,6 +32,10 @@
 #include <poll.h>
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/ssl.h>
+#elif HAVE_LIBWOLFSSL
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
 #endif
 
 #include "config.h"
@@ -546,7 +550,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
   OPM_SCAN_T *ret;
   OPM_CONNECTION_T *conn;
   OPM_NODE_T *node, *p;
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   static int tls_init = 0;
   static SSL_CTX *ctx_client;
 
@@ -572,7 +576,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
     conn->protocol = ((OPM_PROTOCOL_CONFIG_T *)p->data)->type;
     conn->port     = ((OPM_PROTOCOL_CONFIG_T *)p->data)->port;
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
     if (conn->protocol->use_tls)
       /* SSL_new does only fail if OOM in which case HOPM exits anyway */
       conn->tls_handle = SSL_new(ctx_client);
@@ -592,7 +596,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
     conn->protocol = ((OPM_PROTOCOL_CONFIG_T *)p->data)->type;
     conn->port     = ((OPM_PROTOCOL_CONFIG_T *)p->data)->port;
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
     if (conn->protocol->use_tls)
       /* SSL_new does only fail if OOM in which case HOPM exits anyway */
       conn->tls_handle = SSL_new(ctx_client);
@@ -820,7 +824,7 @@ libopm_check_closed(OPM_T *scanner)
 
       if (conn->state == OPM_STATE_CLOSED)
       {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
         if (conn->protocol->use_tls)
         {
           SSL_set_shutdown(conn->tls_handle, SSL_RECEIVED_SHUTDOWN);
@@ -842,7 +846,7 @@ libopm_check_closed(OPM_T *scanner)
 
       if (((present - conn->creation) >= timeout) && conn->state != OPM_STATE_UNESTABLISHED)
       {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
         if (conn->protocol->use_tls)
         {
           SSL_set_shutdown(conn->tls_handle, SSL_RECEIVED_SHUTDOWN);
@@ -932,7 +936,7 @@ libopm_do_connect(OPM_T * scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 
   connect(conn->fd, (struct sockaddr *)addr, sizeof(*addr));
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   if (conn->protocol->use_tls)
     SSL_set_fd(conn->tls_handle, conn->fd);
 #endif
@@ -1049,7 +1053,7 @@ libopm_check_poll(OPM_T *scanner)
 static int
 libopm_do_readready_tls(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   int max_read, length;
   char readbuf[LIBOPM_TLS_RECORD_SIZE];
 
@@ -1256,7 +1260,7 @@ libopm_do_writeready(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
   OPM_PROTOCOL_T *protocol;
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   if (conn->protocol->use_tls)
   {
     if (!SSL_is_init_finished(conn->tls_handle))
diff --git a/src/libopm/src/proxy.c b/src/libopm/src/proxy.c
index 84baadf..d198d89 100644
--- a/src/libopm/src/proxy.c
+++ b/src/libopm/src/proxy.c
@@ -27,6 +27,10 @@
 #include <string.h>
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/ssl.h>
+#elif HAVE_LIBWOLFSSL
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
 #endif
 
 #include "config.h"
@@ -276,7 +280,7 @@ libopm_proxy_dreambox_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *
 int
 libopm_proxy_https_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   size_t len = snprintf(SENDBUF, SENDBUFLEN, "CONNECT %s:%d HTTP/1.0\r\n\r\n",
                         (char *)libopm_config(scanner->config, OPM_CONFIG_SCAN_IP),
                         *(int *)libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT));
@@ -296,7 +300,7 @@ libopm_proxy_https_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *con
 int
 libopm_proxy_httpspost_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   size_t len;
   int scan_port;
   char *scan_ip;
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Please consider adding fallback to WolfSSL support for TLS #35

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Please consider adding fallback to WolfSSL support for TLS #35

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions