Since some consider OpenSSL incompatible with the GPL, it would be handy to utilize WolfSSL's compatibility layer in hopm.
diff --git a/m4/ax_arg_openssl.m4 b/m4/ax_arg_openssl.m4
index 972dfd0..115bdd0 100644
--- a/m4/ax_arg_openssl.m4
+++ b/m4/ax_arg_openssl.m4
@@ -15,7 +15,8 @@ if test "$cf_enable_openssl" != "no"; then
dnl Do the auto-probe here. Check some common directory paths.
for dirs in /usr/local/ssl /usr/pkg /usr/local /usr/lib /usr/lib/ssl\
/opt /opt/openssl /usr/local/openssl; do
- if test -f "${dirs}/include/openssl/opensslv.h"; then
+ if test -f "${dirs}/include/openssl/opensslv.h" ||
+ test -f "${dirs}/include/wolfssl/openssl/opensslv.h"; then
cf_openssl_basedir="${dirs}"
break
fi
@@ -28,6 +29,9 @@ if test "$cf_enable_openssl" != "no"; then
if test -f "${cf_openssl_basedir}/include/openssl/opensslv.h"; then
CPPFLAGS="-I${cf_openssl_basedir}/include $CPPFLAGS"
LDFLAGS="-L${cf_openssl_basedir}/lib $LDFLAGS"
+ elif test -f "${cf_openssl_basedir}/include/wolfssl/openssl/opensslv.h"; then
+ CPPFLAGS="-I${cf_openssl_basedir}/include -I${cf_openssl_basedir}/include/wolfssl $CPPFLAGS"
+ LDFLAGS="-L${cf_openssl_basedir}/lib $LDFLAGS"
else
dnl OpenSSL wasn't found in the directory specified. Naughty
dnl administrator...
@@ -40,7 +44,8 @@ if test "$cf_enable_openssl" != "no"; then
dnl We can't do this check above, because some people want two versions
dnl of OpenSSL installed (stock FreeBSD 4.x/5.x and /usr/local/ssl)
dnl and they want /usr/local/ssl to have preference.
- if test -f "/usr/include/openssl/opensslv.h"; then
+ if test -f "/usr/include/openssl/opensslv.h" ||
+ test -f "/usr/include/wolfssl/openssl/opensslv.h"; then
cf_openssl_basedir="/usr"
fi
fi
@@ -78,5 +83,12 @@ AS_IF([test "$cf_enable_openssl" != "no"],
AS_IF([test "$ac_cv_lib_crypto_RSA_free" = "yes"],
[AC_CHECK_LIB(ssl, SSL_connect)])
],[AC_MSG_RESULT(no - LibreSSL/OpenSSL support disabled)
+ cf_enable_openssl="no"])
+ AC_CHECK_HEADERS([wolfssl/openssl/ssl.h],
+ [AC_SEARCH_LIBS([wolfSSL_CTX_new], [wolfssl])
+ AC_DEFINE([HAVE_LIBWOLFSSL], 1, [Define to 1 if you have libwolfssl.])
+ AC_MSG_NOTICE(Using fallback WolfSSL support)
+ cf_enable_openssl="yes"
+ ],[AC_MSG_RESULT(no - LibreSSL/OpenSSL support disabled)
cf_enable_openssl="no"])])
])
diff --git a/src/libopm/src/libopm.c b/src/libopm/src/libopm.c
index 89b376f..48be381 100644
--- a/src/libopm/src/libopm.c
+++ b/src/libopm/src/libopm.c
@@ -32,6 +32,10 @@
#include <poll.h>
#ifdef HAVE_LIBCRYPTO
#include <openssl/ssl.h>
+#elif HAVE_LIBWOLFSSL
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
#endif
#include "config.h"
@@ -546,7 +550,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
OPM_SCAN_T *ret;
OPM_CONNECTION_T *conn;
OPM_NODE_T *node, *p;
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
static int tls_init = 0;
static SSL_CTX *ctx_client;
@@ -572,7 +576,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
conn->protocol = ((OPM_PROTOCOL_CONFIG_T *)p->data)->type;
conn->port = ((OPM_PROTOCOL_CONFIG_T *)p->data)->port;
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
if (conn->protocol->use_tls)
/* SSL_new does only fail if OOM in which case HOPM exits anyway */
conn->tls_handle = SSL_new(ctx_client);
@@ -592,7 +596,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
conn->protocol = ((OPM_PROTOCOL_CONFIG_T *)p->data)->type;
conn->port = ((OPM_PROTOCOL_CONFIG_T *)p->data)->port;
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
if (conn->protocol->use_tls)
/* SSL_new does only fail if OOM in which case HOPM exits anyway */
conn->tls_handle = SSL_new(ctx_client);
@@ -820,7 +824,7 @@ libopm_check_closed(OPM_T *scanner)
if (conn->state == OPM_STATE_CLOSED)
{
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
if (conn->protocol->use_tls)
{
SSL_set_shutdown(conn->tls_handle, SSL_RECEIVED_SHUTDOWN);
@@ -842,7 +846,7 @@ libopm_check_closed(OPM_T *scanner)
if (((present - conn->creation) >= timeout) && conn->state != OPM_STATE_UNESTABLISHED)
{
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
if (conn->protocol->use_tls)
{
SSL_set_shutdown(conn->tls_handle, SSL_RECEIVED_SHUTDOWN);
@@ -932,7 +936,7 @@ libopm_do_connect(OPM_T * scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
connect(conn->fd, (struct sockaddr *)addr, sizeof(*addr));
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
if (conn->protocol->use_tls)
SSL_set_fd(conn->tls_handle, conn->fd);
#endif
@@ -1049,7 +1053,7 @@ libopm_check_poll(OPM_T *scanner)
static int
libopm_do_readready_tls(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
{
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
int max_read, length;
char readbuf[LIBOPM_TLS_RECORD_SIZE];
@@ -1256,7 +1260,7 @@ libopm_do_writeready(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
{
OPM_PROTOCOL_T *protocol;
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
if (conn->protocol->use_tls)
{
if (!SSL_is_init_finished(conn->tls_handle))
diff --git a/src/libopm/src/proxy.c b/src/libopm/src/proxy.c
index 84baadf..d198d89 100644
--- a/src/libopm/src/proxy.c
+++ b/src/libopm/src/proxy.c
@@ -27,6 +27,10 @@
#include <string.h>
#ifdef HAVE_LIBCRYPTO
#include <openssl/ssl.h>
+#elif HAVE_LIBWOLFSSL
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
#endif
#include "config.h"
@@ -276,7 +280,7 @@ libopm_proxy_dreambox_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *
int
libopm_proxy_https_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
{
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
size_t len = snprintf(SENDBUF, SENDBUFLEN, "CONNECT %s:%d HTTP/1.0\r\n\r\n",
(char *)libopm_config(scanner->config, OPM_CONFIG_SCAN_IP),
*(int *)libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT));
@@ -296,7 +300,7 @@ libopm_proxy_https_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *con
int
libopm_proxy_httpspost_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
{
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
size_t len;
int scan_port;
char *scan_ip;