TLS Server IP address detection broken
(1) By Ashish SHUKLA (ashish) on 2019-03-29 18:06:24
Hi, Since [f517cb7f], TLS server IP address detection is broken again (which was unbroken through my provided patch in [8a4ad5cb]) on OpenSSL 1.1.x platform, as `BIO_get_conn_address` is defined as a C pre-processor macro: * <a href="https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/include/openssl/bio.h#L368">OpenSSL 1.1.0</a> * <a href="https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/include/openssl/bio.h#L380">OpenSSL 1.1.1</a> Also I think `BIO_ADDR_hostname_string` and `BIO_get_conn_address` are only introduced in OpenSSL v1.1, so probably it's safe to check only for presence of `BIO_ADDR_hostname_string` function, in short, revert [f517cb7f]. Also, we can rely on `HAVE_BIO_ADDR_HOSTNAME_STRING`, instead of defining redundant `HAVE_BIO_ADDR_HS` I'm testing on FreeBSD 12 (amd64). Thanks!
(2) By Andy Bradford (andybradford) on 2019-03-30 15:47:43 in reply to 1 [link]
Done. That gave me a chance to finally try out "fossil merge --backout" so we can see the nifty dashed line rendering: https://www.fossil-scm.org/index.html/timeline?c=2019-03-30+15:40:18 Also, regarding HAVE_BIO_ADDR_HS vs HAVE_BIO_ADDR_HOSTNAME_STRING, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what way HAVE_BIO_ADDR_HS is redundant. Or did you mean that we could rely on BIO_get_conn_address instead of having Fossil detect BIO_ADDR_hostname_string? For example: #ifdef BIO_get_conn_address ... #else ... #endif Thanks, Andy
(3) By Ashish SHUKLA (ashish) on 2019-03-31 05:21:09 in reply to 2 [link]
Thank you for reverting. > Also, regarding `HAVE_BIO_ADDR_HS` vs `HAVE_BIO_ADDR_HOSTNAME_STRING`, I looked through the Fossil sources and couldn't find the latter defined anywhere, so I'm not sure in what way `HAVE_BIO_ADDR_HS` is redundant. It seems like it gets defined, courtesy: `cc-check-function-in-lib`, when the function in question is successfully found. Following is an excerpt from `autoconfig.h` on my host after configuring Fossil for building while at checkout `f52d63e37`: #define FOSSIL_ENABLE_TH1_DOCS 1 #define FOSSIL_ENABLE_TH1_HOOKS 1 #define FOSSIL_HAVE_FUSEFS 1 #define HAVE_ARPA_NAMESER_H 1 /* #undef HAVE_BACKTRACE */ /* #undef HAVE_BIND_RESOLV_H */ #define HAVE_BIO_ADDR_HOSTNAME_STRING 1 #define HAVE_BIO_ADDR_HS 1 #define HAVE_DLOPEN 1 #define HAVE_DN_EXPAND 1 HTH
(4) By Andy Bradford (andybradford) on 2019-04-02 05:33:52 in reply to 3 [link]
Indeed cc-check-function-in-lib does so automatically---though I was not aware of this behavior---so I've cleaned it up further and removed the redundancy. I tested it on a system that has OpenSSL 1.1.0 and verified that nm reports the symbol for BIO_ADDR_hostname_string(). Thanks, Andy