Use self-built openssl for Windows

2025-02-22 10:05:40 +08:00 · 2021-07-01 19:55:20 +03:00 · 2021-07-01 19:55:20 +03:00 · 1fca6ada82
commit 1fca6ada82
parent d7eb9fb82f
5 changed files with 52 additions and 36 deletions
--- a/Makefile.msvc
+++ b/Makefile.msvc
@ -8,13 +8,13 @@

 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS =  /nologo /subsystem:console /incremental:no /machine:I386
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32.lib ssleay32.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto_static.lib libssl_static.lib
 LIBSOLD = libeay32MT.lib ssleay32MT.lib
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
--- a/Makefile.msvc64
+++ b/Makefile.msvc64
@ -8,13 +8,13 @@

 BUILDDIR = ../bin64/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32.lib ssleay32.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto_static.lib libssl_static.lib
 LIBSOLD = libeay32.lib ssleay32.lib
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
--- a/Makefile.msvcARM64
+++ b/Makefile.msvcARM64
@ -8,13 +8,13 @@

 BUILDDIR = ../bin64/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "WITH_SSL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto_static.lib libssl_static.lib
 LIBSOLD =
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
@ -28,7 +28,7 @@ REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvcARM64
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
 VERFILE = 3proxy.res $(VERFILE)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
 AFTERCLEAN = del src\*.res
--- a/src/3proxy.c
+++ b/src/3proxy.c
@ -12,6 +12,11 @@
 #ifndef NOPLUGINS
 #include <dlfcn.h>
 #endif
+#else
+#ifdef WITH_SSL
+#include <openssl/applink.c>
+#endif
+
 #endif

 #ifndef DEFAULTCONFIG
--- a/src/plugins/SSLPlugin/my_ssl.c
+++ b/src/plugins/SSLPlugin/my_ssl.c
@ -14,9 +14,6 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#ifdef WIN32
-#include <openssl/applink.c>
-#endif

 #include "../../proxy.h"
 #include "my_ssl.h"
@ -104,7 +101,7 @@ void del_ext(X509 *dst_cert, int nid, int where){
 SSL_CERT ssl_copy_cert(SSL_CERT cert)
 {
 	int err = -1;
-	FILE *fcache;
+	BIO *fcache;
 	X509 *src_cert = (X509 *) cert;
 	X509 *dst_cert = NULL;

@ -129,16 +126,16 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 	bin2hex(hash_sha1, 20, hash_name_sha1, sizeof(hash_name_sha1));
 	sprintf(cache_name, "%s%s.pem", cert_path, hash_name_sha1);
 	/* check if certificate is already cached */
-	fcache = fopen(cache_name, "rb");
+	fcache = BIO_new_file(cache_name, "rb");
 	if ( fcache != NULL ) {
 #ifndef _WIN32
-		flock(fileno(fcache), LOCK_SH);
+		flock(BIO_get_fd(fcache, NULL), LOCK_SH);
 #endif
-		dst_cert = PEM_read_X509(fcache, &dst_cert, NULL, NULL);
+		dst_cert = PEM_read_bio_X509(fcache, &dst_cert, NULL, NULL);
 #ifndef _WIN32
-		flock(fileno(fcache), LOCK_UN);
+		flock(BIO_get_fd(fcache, NULL), LOCK_UN);
 #endif
-		fclose(fcache);
+		BIO_free(fcache);
 		if ( dst_cert != NULL ){
 			return dst_cert;
 		}
@ -174,16 +171,16 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)

 	/* write to cache */

-	fcache = fopen(cache_name, "wb");
+	fcache = BIO_new_file(cache_name, "wb");
 	if ( fcache != NULL ) {
 #ifndef _WIN32
-		flock(fileno(fcache), LOCK_EX);
+		flock(BIO_get_fd(fcache, NULL), LOCK_EX);
 #endif
-		PEM_write_X509(fcache, dst_cert);
+		PEM_write_bio_X509(fcache, dst_cert);
 #ifndef _WIN32
-		flock(fileno(fcache), LOCK_UN);
+		flock(BIO_get_fd(fcache, NULL), LOCK_UN);
 #endif
-		fclose(fcache);
+		BIO_free(fcache);
 	}
 	return dst_cert;
 }
@ -414,50 +411,64 @@ int ssl_file_init = 0;

 void ssl_init(void)
 {
-	FILE *f;
+	BIO *f;
 	static char fname[200];

 	if(!ssl_file_init++)pthread_mutex_init(&ssl_file_mutex, NULL);

 	pthread_mutex_lock(&ssl_file_mutex);
 	thread_setup();
-
 	SSLeay_add_ssl_algorithms();
 	SSL_load_error_strings();

 	sprintf(fname, "%.128s3proxy.pem", cert_path);
-	f = fopen(fname, "r");
+	f = BIO_new_file(fname, "r");
 	if ( f != NULL ) {
-		PEM_read_X509(f, &CA_cert, NULL, NULL);
-		fclose(f);
+		if(!(CA_cert=PEM_read_bio_X509(f, NULL, NULL, NULL))){
+			unsigned long err;
+			err=ERR_get_error();
+			fprintf(stderr, "failed to read: %s: [%lu] %s\n", fname, err, ERR_error_string(err, NULL));
+			return;
+		}
+		BIO_free(f);
 	}
 	else {
 		fprintf(stderr, "failed to open: %s\n", fname);
+		return;
 	}
 	name = X509_get_subject_name(CA_cert);
-
 	sprintf(fname, "%.128s3proxy.key", cert_path);
-	f = fopen(fname, "rb");
+	f = BIO_new_file(fname, "rb");
 	if ( f != NULL ) {                                             
-		CA_key = PEM_read_PrivateKey(f, &CA_key, NULL, NULL);
-		fclose(f);
+		CA_key = PEM_read_bio_PrivateKey(f, NULL, NULL, NULL);
+		if(!CA_key){
+			unsigned long err;
+			err=ERR_get_error();
+			fprintf(stderr, "failed to read: %s: [%lu] %s\n", fname, err, ERR_error_string(err, NULL));
+			return;
+		}		
+		BIO_free(f);
 	}
 	else {
 		fprintf(stderr, "failed to open: %s\n", fname);
+		return;
 	}

 	sprintf(fname, "%.128sserver.key", cert_path);
-	f = fopen(fname, "rb");
+	f = BIO_new_file(fname, "rb");
 	if ( f != NULL ) {
-		server_key = PEM_read_PrivateKey(f, &server_key, NULL, NULL);
-		fclose(f);
+		server_key = PEM_read_bio_PrivateKey(f, &server_key, NULL, NULL);
+		if(!server_key){
+			unsigned long err;
+			err=ERR_get_error();
+			fprintf(stderr, "failed to read: %s: [%lu] %s\n", fname, err, ERR_error_string(err, NULL));
+			return;
+		}		
+		BIO_free(f);
 	}
 	else {
 		fprintf(stderr, "failed to open: %s\n", fname);
 	}
-	if(!CA_cert || !CA_key || !server_key){
-		fprintf(stderr, "failed to init SSL certificate / keys\n");
-	}

 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	pthread_mutex_unlock(&ssl_file_mutex);