Enable DANE only for OpenSSL 1.1.0 or higher

2024-11-08 06:28:26 +01:00 · 2019-07-11 10:09:39 -03:00 · 2019-07-11 10:09:39 -03:00 · a2dcfffcfa
commit a2dcfffcfa
parent 18fa0118be
4 changed files with 19 additions and 9 deletions
--- a/src/config.c
+++ b/src/config.c
@ -74,6 +74,13 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);

+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+  // DANE
+  lua_pushstring(L, "dane");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#endif
+
 #ifndef OPENSSL_NO_EC
  lua_pushstring(L, "curves_list");
  lua_pushboolean(L, 1);
--- a/src/context.c
+++ b/src/context.c
@ -703,7 +703,7 @@ static int set_alpn_cb(lua_State *L)
  return 1;
 }

-
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 /*
 * DANE
 */
@ -714,6 +714,7 @@ static int set_dane(lua_State *L)
  lua_pushboolean(L, ret);
  return 1;
 }
+#endif

 /**
 * Package functions
@ -733,14 +734,13 @@ static luaL_Reg funcs[] = {
  {"setverify",       set_verify},
  {"setoptions",      set_options},
  {"setmode",         set_mode},
-
 #if !defined(OPENSSL_NO_EC)
-  {"setcurve",      set_curve},
-  {"setcurveslist", set_curves_list},
+  {"setcurve",        set_curve},
+  {"setcurveslist",   set_curves_list},
+#endif
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+  {"setdane",         set_dane},
 #endif
-
-  {"setdane",      set_dane},
-
  {NULL, NULL}
 };

--- a/src/ssl.c
+++ b/src/ssl.c
@ -826,6 +826,7 @@ static int meth_copyright(lua_State *L)
  return 1;
 }

+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 static int meth_dane(lua_State *L)
 {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
@ -849,7 +850,7 @@ static int meth_tlsa(lua_State *L)

  return 1;
 }
-
+#endif

 /*---------------------------------------------------------------------------*/

@ -875,8 +876,10 @@ static luaL_Reg methods[] = {
  {"settimeout",          meth_settimeout},
  {"sni",                 meth_sni},
  {"want",                meth_want},
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
  {"setdane",             meth_dane},
  {"settlsa",             meth_tlsa},
+#endif
  {NULL,                  NULL}
 };

--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -201,7 +201,7 @@ local function newcontext(cfg)
      if not succ then return nil, msg end
   end

-   if cfg.dane then
+   if config.capabilities.dane and cfg.dane then
      context.setdane(ctx)
   end