From 90270f0959d490d56db891809d83c91b3d4b9bf0 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 18 Dec 2024 19:37:40 +0100 Subject: hashes, methods: Add OpenSSL backends Introduce an OpenSSL::Crypto backend for the hashes library and an OpenSSL::SSL backend for the TLS support in our https method. Many thanks to curl for showing the way with how to handle a CRL file. There are some memory leaks here with the TlsFd itself as well as the proxy support; and we should reorganize the code to generate the ssl object as late as possible. A peculiar aspect of OpenSSL is that SSL_has_pending() returns 1 even if SSL_read() will fail to read anything and return the equivalent of EAGAIN. We work around this here by also peeking ahead 1 byte. I was running a very high RTT connection from Germany to Australia for testing, and with the peeking it's using negligible amounts of CPU; before that, it was busy looping at 100%. Bad OpenSSL! --- CMake/config.h.in | 3 +++ 1 file changed, 3 insertions(+) (limited to 'CMake') diff --git a/CMake/config.h.in b/CMake/config.h.in index 8346a5e9e..db22ac0a2 100644 --- a/CMake/config.h.in +++ b/CMake/config.h.in @@ -32,6 +32,9 @@ /* Define if we have the seccomp library */ #cmakedefine HAVE_SECCOMP +/* Define if we want to use the openssl libraries */ +#cmakedefine WITH_OPENSSL + /* These two are used by the statvfs shim for glibc2.0 and bsd */ /* Define if we have sys/vfs.h */ #cmakedefine HAVE_VFS_H -- cgit v1.2.3-70-g09d2