TLS Server IP address detection broken
(1) By Ashish SHUKLA (ashish) on 2019-03-29 18:06:24 [source]
Hi,
Since [f517cb7f], TLS server IP address detection is broken again (which was unbroken through my provided patch in [8a4ad5cb]) on OpenSSL 1.1.x platform, as BIO_get_conn_address is defined as a C pre-processor macro:
Also I think BIO_ADDR_hostname_string and BIO_get_conn_address are only introduced in OpenSSL v1.1, so probably it's safe to check only for presence of BIO_ADDR_hostname_string function, in short, revert [f517cb7f].
Also, we can rely on HAVE_BIO_ADDR_HOSTNAME_STRING, instead of defining redundant HAVE_BIO_ADDR_HS
I'm testing on FreeBSD 12 (amd64).
Thanks!
(2) By Andy Bradford (andybradford) on 2019-03-30 15:47:43 in reply to 1 [link] [source]
Done. That gave me a chance to finally try out "fossil merge --backout" so we can see the nifty dashed line rendering: https://www.fossil-scm.org/index.html/timeline?c=2019-03-30+15:40:18 Also, regarding HAVE_BIO_ADDR_HS vs HAVE_BIO_ADDR_HOSTNAME_STRING, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what way HAVE_BIO_ADDR_HS is redundant. Or did you mean that we could rely on BIO_get_conn_address instead of having Fossil detect BIO_ADDR_hostname_string? For example: #ifdef BIO_get_conn_address ... #else ... #endif Thanks, Andy
(3) By Ashish SHUKLA (ashish) on 2019-03-31 05:21:09 in reply to 2 [link] [source]
Thank you for reverting.
Also, regarding
HAVE_BIO_ADDR_HSvsHAVE_BIO_ADDR_HOSTNAME_STRING, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what wayHAVE_BIO_ADDR_HSis redundant.
It seems like it gets defined, courtesy: cc-check-function-in-lib, when the function in question is successfully found. Following is an excerpt from autoconfig.h on my host after configuring Fossil for building while at checkout f52d63e37:
#define FOSSIL_ENABLE_TH1_DOCS 1
#define FOSSIL_ENABLE_TH1_HOOKS 1
#define FOSSIL_HAVE_FUSEFS 1
#define HAVE_ARPA_NAMESER_H 1
/* #undef HAVE_BACKTRACE */
/* #undef HAVE_BIND_RESOLV_H */
#define HAVE_BIO_ADDR_HOSTNAME_STRING 1
#define HAVE_BIO_ADDR_HS 1
#define HAVE_DLOPEN 1
#define HAVE_DN_EXPAND 1
HTH
(4) By Andy Bradford (andybradford) on 2019-04-02 05:33:52 in reply to 3 [link] [source]
Indeed cc-check-function-in-lib does so automatically---though I was not aware of this behavior---so I've cleaned it up further and removed the redundancy. I tested it on a system that has OpenSSL 1.1.0 and verified that nm reports the symbol for BIO_ADDR_hostname_string(). Thanks, Andy