Switch OpenSSL support to OpenSSL v1.1

Makefile

@@ -73,6 +73,10 @@ ifdef SSL_LIB
   CFLAGS += -DSSL_LIB=\"$(SSL_LIB)\"
 endif
 
+ifdef SSL_VERSION_MAJOR
+  CFLAGS += -DSSL_VERSION_MAJOR=$(SSL_VERSION_MAJOR)
+endif
+
 ifdef CRYPTO_LIB
   CFLAGS += -DCRYPTO_LIB=\"$(CRYPTO_LIB)\"
 endif
@@ -344,8 +348,6 @@ OBJLIST =									\
 	${OBJDIR}httplib_ssl_error${OBJEXT}					\
 	${OBJDIR}httplib_ssl_get_client_cert_info${OBJEXT}			\
 	${OBJDIR}httplib_ssl_get_protocol${OBJEXT}				\
-	${OBJDIR}httplib_ssl_id_callback${OBJEXT}				\
-	${OBJDIR}httplib_ssl_locking_callback${OBJEXT}				\
 	${OBJDIR}httplib_ssl_use_pem_file${OBJEXT}				\
 	${OBJDIR}httplib_sslize${OBJEXT}					\
 	${OBJDIR}httplib_start${OBJEXT}						\
@@ -1190,19 +1192,6 @@ ${OBJDIR}httplib_ssl_get_protocol${OBJEXT}				: ${SRCDIR}httplib_ssl_get_protoco
 									  ${SRCDIR}httplib_main.h					\
 									  ${INCDIR}libhttp.h
 
-${OBJDIR}httplib_ssl_id_callback${OBJEXT}				: ${SRCDIR}httplib_ssl_id_callback.c				\
-									  ${SRCDIR}httplib_pthread.h					\
-									  ${SRCDIR}httplib_ssl.h					\
-									  ${SRCDIR}httplib_utils.h					\
-									  ${SRCDIR}httplib_main.h					\
-									  ${INCDIR}libhttp.h
-
-${OBJDIR}httplib_ssl_locking_callback${OBJEXT}				: ${SRCDIR}httplib_ssl_locking_callback.c			\
-									  ${SRCDIR}httplib_pthread.h					\
-									  ${SRCDIR}httplib_ssl.h					\
-									  ${SRCDIR}httplib_main.h					\
-									  ${INCDIR}libhttp.h
-
 ${OBJDIR}httplib_ssl_use_pem_file${OBJEXT}				: ${SRCDIR}httplib_ssl_use_pem_file.c				\
 									  ${SRCDIR}httplib_ssl.h					\
 									  ${SRCDIR}httplib_main.h					\

RELEASE_NOTES.md

@@ -1,6 +1,6 @@
 Release Notes v2.0 (work in progress)
 ===
-### Objectives: *Clean up source code, Proper documentation, Restructure embedding API*
+### Objectives: *Clean up source code, Proper documentation, Restructure embedding API, Switch to OpenSSL v1.1*
 
 Changes
 -------
@@ -27,6 +27,7 @@ Changes
 - Removed deprecated function `mg_get_valid_option_names();`
 - Removed all build scripts except the script for `make`
 - Added website [`www.libhttp.org`](http://www.libhttp.org)
+- Switched OpenSSL support to OpenSSL v1.1
 
 Release Notes v1.9 (will never be released as LibHTTP)
 ===

doc/Building.md

@@ -73,6 +73,7 @@ make build WITH_IPV6=1
 | PORTS=8080                | listening ports override when installing |
 | SSL_LIB=libssl.so.0       | use versioned SSL library                |
 | CRYPTO_LIB=libcrypto.so.0 | system versioned CRYPTO library          |
+| SSL_VERSION_MAJOR=3       | spcify major version on SSL library      |
 | PREFIX=/usr/local         | sets the install directory               |
 | COPT='-DNO_SSL'           | method to insert compile flags           |
 
@@ -96,7 +97,6 @@ make build COPT="-DNDEBUG -DNO_CGI"
 | NO_SSL_DL                 | link against system libssl library   |
 | NO_FILES                  | do not serve files from a directory  |
 | SQLITE_DISABLE_LFS        | disables large files (Lua only)      |
-| SSL_ALREADY_INITIALIZED   | do not initialize libcrypto          |
 
 ## Cross Compiling
 

doc/Embedding.md

@@ -66,10 +66,6 @@ some threads: a master thread, that accepts new connections, and several
 worker threads, that process accepted connections. The number of worker threads
 is configurable via `num_threads` configuration option. That number puts a
 limit on number of simultaneous requests that can be handled by LibHTTP.
-If you embed LibHTTP into a program that uses SSL outside LibHTTP as well,
-you may need to initialize SSL before calling `httplib_start()`, and set the pre-
-processor define SSL_ALREADY_INITIALIZED. This is not required if SSL is used
-only within LibHTTP.
 
 When master thread accepts new a connection, a new accepted socket (described
 by `struct socket`) it placed into the accepted sockets queue,

src/extern_ssl_lut.c

@@ -49,22 +49,24 @@ struct ssl_func XX_httplib_ssl_sw[] = {
 	{ "SSL_set_fd",                         NULL },
 	{ "SSL_new",                            NULL },
 	{ "SSL_CTX_new",                        NULL },
-	{ "SSLv23_server_method",               NULL },
-	{ "SSL_library_init",                   NULL },
+	{ "TLS_server_method",                  NULL },
 	{ "SSL_CTX_use_PrivateKey_file",        NULL },
 	{ "SSL_CTX_use_certificate_file",       NULL },
 	{ "SSL_CTX_set_default_passwd_cb",      NULL },
 	{ "SSL_CTX_free",                       NULL },
-	{ "SSL_load_error_strings",             NULL },
 	{ "SSL_CTX_use_certificate_chain_file", NULL },
-	{ "SSLv23_client_method",               NULL },
+	{ "TLS_client_method",                  NULL },
 	{ "SSL_pending",                        NULL },
 	{ "SSL_CTX_set_verify",                 NULL },
 	{ "SSL_shutdown",                       NULL },
 	{ "SSL_CTX_load_verify_locations",      NULL },
 	{ "SSL_CTX_set_default_verify_paths",   NULL },
 	{ "SSL_CTX_set_verify_depth",           NULL },
+#if SSL_VERSION_MAJOR >= 3
+	{ "SSL_get1_peer_certificate",			NULL },
+#else
 	{ "SSL_get_peer_certificate",           NULL },
+#endif
 	{ "SSL_get_version",                    NULL },
 	{ "SSL_get_current_cipher",             NULL },
 	{ "SSL_CIPHER_get_name",                NULL },
@@ -75,7 +77,6 @@ struct ssl_func XX_httplib_ssl_sw[] = {
 	{ NULL,                                 NULL }
 };
 
-
 /*
  * struct ssl_func XX_httplib_crypto_sw[];
  *
@@ -84,27 +85,22 @@ struct ssl_func XX_httplib_ssl_sw[] = {
  */
 
 struct ssl_func XX_httplib_crypto_sw[] = {
-	{ "CRYPTO_num_locks",            NULL },
-	{ "CRYPTO_set_locking_callback", NULL },
-	{ "CRYPTO_set_id_callback",      NULL },
-       	{ "ERR_get_error",               NULL },
-	{ "ERR_error_string",            NULL },
-	{ "ERR_remove_state",            NULL },
-	{ "ERR_free_strings",            NULL },
-	{ "ENGINE_cleanup",              NULL },
-	{ "CONF_modules_unload",         NULL },
-	{ "CRYPTO_cleanup_all_ex_data",  NULL },
-	{ "EVP_cleanup",                 NULL },
-	{ "X509_free",                   NULL },
-	{ "X509_get_subject_name",       NULL },
-	{ "X509_get_issuer_name",        NULL },
-	{ "X509_NAME_oneline",           NULL },
-	{ "X509_get_serialNumber",       NULL },
-	{ "i2c_ASN1_INTEGER",            NULL },
-	{ "EVP_get_digestbyname",        NULL },
-	{ "ASN1_digest",                 NULL },
-	{ "i2d_X509",                    NULL },
-	{ NULL,                          NULL }
+	{ "ERR_get_error",                NULL },
+	{ "ERR_error_string",             NULL },
+	{ "CONF_modules_unload",          NULL },
+	{ "X509_free",                    NULL },
+	{ "X509_get_subject_name",        NULL },
+	{ "X509_get_issuer_name",         NULL },
+	{ "X509_NAME_oneline",            NULL },
+	{ "X509_get_serialNumber",        NULL },
+	{ "ASN1_INTEGER_to_BN",           NULL },
+	{ "BN_bn2hex",                    NULL },
+	{ "BN_free",                      NULL },
+	{ "CRYPTO_free",                  NULL },
+	{ "EVP_get_digestbyname",         NULL },
+	{ "ASN1_digest",                  NULL },
+	{ "i2d_X509",                     NULL },
+	{ NULL,                           NULL }
 };
 
 #endif /* !defined(NO_SSL)  &&  !defined(NO_SSL_DL) */

src/httplib_close_connection.c

@@ -60,12 +60,6 @@ void XX_httplib_close_connection( struct lh_ctx_t *ctx, struct lh_con_t *conn )
 		SSL_shutdown( conn->ssl );
 		SSL_free(     conn->ssl );
 
-		/*
-		 * Avoid CRYPTO_cleanup_all_ex_data(); See discussion:
-		 * https://wiki.openssl.org/index.php/Talk:Library_Initialization
-		 */
-
-		ERR_remove_state( 0 );
 		conn->ssl = NULL;
 	}
 #endif

src/httplib_connect_client.c

@@ -93,7 +93,7 @@ static struct lh_con_t *httplib_connect_client_impl( struct lh_ctx_t *ctx, const
 	}
 #ifndef NO_SSL
 
-	else if ( use_ssl  &&  (conn->client_ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL ) {
+	else if ( use_ssl  &&  (conn->client_ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL ) {
 
 		httplib_cry( LH_DEBUG_ERROR, ctx, conn, "%s: SSL_CTX_new error", __func__ );
 		closesocket( sock );

src/httplib_connect_socket.c

@@ -63,9 +63,9 @@ bool XX_httplib_connect_socket( struct lh_ctx_t *ctx, const char *host, int port
 		return false;
 	}
 
-#if !defined(NO_SSL)
+#if !defined(NO_SSL) && !defined(NO_SSL_DL)
 
-	if ( use_ssl  &&  SSLv23_client_method == NULL ) {
+	if ( use_ssl  &&  TLS_client_method == NULL ) {
 
 		httplib_cry( LH_DEBUG_ERROR, ctx, NULL, "%s: SSL is not initialized", __func__ );
 		return false;

src/httplib_initialize_ssl.c

@@ -32,12 +32,6 @@
 #include "httplib_ssl.h"
 #include "httplib_utils.h"
 
-#if defined(SSL_ALREADY_INITIALIZED)
-int XX_httplib_cryptolib_users = 1; /* Reference counter for crypto library. */
-#else
-int XX_httplib_cryptolib_users = 0; /* Reference counter for crypto library. */
-#endif
-
 #if !defined(NO_SSL_DL)
 static void *cryptolib_dll_handle; /* Store the crypto library handle. */
 #endif  /* NO_SSL_DL */
@@ -53,9 +47,6 @@ static void *cryptolib_dll_handle; /* Store the crypto library handle. */
 
 int XX_httplib_initialize_ssl( struct lh_ctx_t *ctx ) {
 
-	int i;
-	size_t size;
-
 #if !defined(NO_SSL_DL)
 	if ( ! cryptolib_dll_handle ) {
 
@@ -64,29 +55,6 @@ int XX_httplib_initialize_ssl( struct lh_ctx_t *ctx ) {
 	}
 #endif /* NO_SSL_DL */
 
-	if ( httplib_atomic_inc( & XX_httplib_cryptolib_users ) > 1 ) return 1;
-
-	/*
-	 * Initialize locking callbacks, needed for thread safety.
-	 * http://www.openssl.org/support/faq.html#PROG1
-	 */
-
-	i = CRYPTO_num_locks();
-	if ( i < 0 ) i = 0;
-
-	size = sizeof(pthread_mutex_t) * ((size_t)(i));
-
-	if ( (XX_httplib_ssl_mutexes = httplib_malloc( size )) == NULL ) {
-
-		httplib_cry( LH_DEBUG_CRASH, ctx, NULL, "%s: cannot allocate mutexes: %s", __func__, XX_httplib_ssl_error() );
-		return 0;
-	}
-
-	for (i=0; i<CRYPTO_num_locks(); i++) httplib_pthread_mutex_init( & XX_httplib_ssl_mutexes[i], &XX_httplib_pthread_mutex_attr);
-
-	CRYPTO_set_locking_callback( & XX_httplib_ssl_locking_callback );
-	CRYPTO_set_id_callback(      & XX_httplib_ssl_id_callback      );
-
 	return 1;
 
 }  /* XX_httplib_initialize_ssl */

src/httplib_load_dll.c

@@ -77,6 +77,7 @@ void *XX_httplib_load_dll( struct lh_ctx_t *ctx, const char *dll_name, struct ss
 	} u;
 	void *dll_handle;
 	struct ssl_func *fp;
+	bool missing_symbols = false;
 
 	dll_handle = dlopen( dll_name, RTLD_LAZY );
 
@@ -110,14 +111,17 @@ void *XX_httplib_load_dll( struct lh_ctx_t *ctx, const char *dll_name, struct ss
 		if ( u.fp == NULL ) {
 
 			httplib_cry( LH_DEBUG_CRASH, ctx, NULL, "%s: %s: cannot find %s", __func__, dll_name, fp->name );
-			dlclose( dll_handle );
-
-			return NULL;
+			missing_symbols = true;
 		}
 
 		else fp->ptr = u.fp;
 	}
 
+	if( missing_symbols ) {
+		dlclose( dll_handle );
+
+		return NULL;
+	}
 	return dll_handle;
 
 }  /* XX_httplib_load_dll */

src/httplib_main.h

@@ -216,11 +216,19 @@ typedef long off_t;
 #define NO_SOCKLEN_T
 
 #if defined(_WIN64) || defined(__MINGW64__)
-#define SSL_LIB "ssleay64.dll"
-#define CRYPTO_LIB "libeay64.dll"
+#if !defined(SSL_LIB)
+#define SSL_LIB "libssl-1_1-x64.dll"
+#endif
+#if !defined(CRYPTO_LIB)
+#define CRYPTO_LIB "libcrypto-1_1-x64.dll"
+#endif
 #else  /* _WIN64  ||  __MINGW64__ */
-#define SSL_LIB "ssleay32.dll"
-#define CRYPTO_LIB "libeay32.dll"
+#if !defined(SSL_LIB)
+#define SSL_LIB "libssl-1_1.dll"
+#endif
+#if !defined(CRYPTO_LIB)
+#define CRYPTO_LIB "libcrypto-1_1.dll"
+#endif
 #endif  /* _WIN64  ||  __MINGW64__ */
 
 #define O_NONBLOCK (0)
@@ -318,8 +326,12 @@ typedef unsigned short int in_port_t;
 #endif
 #include <pthread.h>
 #if defined(__MACH__)
+#if !defined(SSL_LIB)
 #define SSL_LIB "libssl.dylib"
+#endif
+#if !defined(CRYPTO_LIB)
 #define CRYPTO_LIB "libcrypto.dylib"
+#endif
 #else
 #if !defined(SSL_LIB)
 #define SSL_LIB "libssl.so"
@@ -859,9 +871,7 @@ bool			XX_httplib_is_put_or_delete_method( const struct lh_con_t *conn );
 bool			XX_httplib_is_valid_http_method( const char *method );
 int			XX_httplib_is_valid_port( unsigned long port );
 bool			XX_httplib_is_websocket_protocol( const struct lh_con_t *conn );
-#if defined(NO_SSL)
-void *			XX_httplib_load_dll( struct lh_ctx_t *ctx, const char *dll_name );
-#else  /* NO_SSL */
+#if !defined(NO_SSL) && !defined(NO_SSL_DL)
 void *			XX_httplib_load_dll( struct lh_ctx_t *ctx, const char *dll_name, struct ssl_func *sw );
 #endif
 void			XX_httplib_log_access( struct lh_ctx_t *ctx, const struct lh_con_t *conn );

src/httplib_pthread.h

@@ -22,5 +22,4 @@
 
 
 
-extern pthread_mutex_t *	XX_httplib_ssl_mutexes;
 extern int			XX_httplib_thread_idx_max;

src/httplib_set_ssl_option.c

@@ -30,7 +30,9 @@
 #include "httplib_main.h"
 #include "httplib_ssl.h"
 
+#if !defined(NO_SSL_DL)
 static void *ssllib_dll_handle;    /* Store the ssl library handle. */
+#endif /* NO_SSL_DL */
 
 /*
  * bool XX_httplib_set_ssl_option( struct lh_ctx_t *ctx );
@@ -72,10 +74,7 @@ bool XX_httplib_set_ssl_option( struct lh_ctx_t *ctx ) {
 
 #endif /* NO_SSL_DL */
 
-	SSL_library_init();
-	SSL_load_error_strings();
-
-	ctx->ssl_ctx = SSL_CTX_new( SSLv23_server_method() );
+	ctx->ssl_ctx = SSL_CTX_new( TLS_server_method() );
 	if ( ctx->ssl_ctx == NULL ) {
 
 		httplib_cry( LH_DEBUG_CRASH, ctx, NULL, "%s: SSL_CTX_new (server) error: %s", __func__, XX_httplib_ssl_error() );