From f06f8e99575d9db0b490c620f6e15562e80b0c75 Mon Sep 17 00:00:00 2001 From: Alexander Medvednikov Date: Tue, 14 Apr 2026 12:45:33 +0300 Subject: [PATCH] net: Compiling on windows with openssl (fixes #13980) --- vlib/net/openssl/openssl.c.v | 17 ++++------------- vlib/net/openssl/openssl_compat.h | 24 ++++++++++++++++++++++++ vlib/net/openssl/ssl_connection.c.v | 6 +----- 3 files changed, 29 insertions(+), 18 deletions(-) create mode 100644 vlib/net/openssl/openssl_compat.h diff --git a/vlib/net/openssl/openssl.c.v b/vlib/net/openssl/openssl.c.v index 1bcd67d22..0a8d54317 100644 --- a/vlib/net/openssl/openssl.c.v +++ b/vlib/net/openssl/openssl.c.v @@ -51,6 +51,7 @@ $if $pkgconfig('openssl') { #include # Please install OpenSSL development headers #include #include +#insert "@VEXEROOT/vlib/net/openssl/openssl_compat.h" @[typedef] pub struct C.SSL { @@ -127,7 +128,7 @@ fn C.SSL_do_handshake(&C.SSL) i32 fn C.SSL_set_cipher_list(ctx &C.SSL, str &char) i32 -fn C.SSL_get1_peer_certificate(ssl &C.SSL) &C.X509 +fn C.v_net_openssl_get1_peer_certificate(ssl &C.SSL) &C.X509 fn C.X509_free(const_cert &C.X509) @@ -147,26 +148,16 @@ fn C.SSL_write(ssl &C.SSL, buf voidptr, buflen i32) i32 fn C.SSL_read(ssl &C.SSL, buf voidptr, buflen i32) i32 -fn C.SSL_load_error_strings() - -fn C.SSL_library_init() i32 - fn C.SSLv23_client_method() &C.SSL_METHOD fn C.TLS_method() voidptr fn C.TLSv1_2_method() voidptr -fn C.OPENSSL_init_ssl(opts u64, settings &C.OPENSSL_INIT_SETTINGS) i32 +fn C.v_net_openssl_init_ssl() i32 fn init() { - $if ssl_pre_1_1_version ? { - // OPENSSL_VERSION_NUMBER < 0x10100000L - C.SSL_load_error_strings() - C.SSL_library_init() - } $else { - C.OPENSSL_init_ssl(C.OPENSSL_INIT_LOAD_SSL_STRINGS, 0) - } + C.v_net_openssl_init_ssl() } // ssl_error returns non error ssl code or error if unrecoverable and we should panic diff --git a/vlib/net/openssl/openssl_compat.h b/vlib/net/openssl/openssl_compat.h new file mode 100644 index 000000000..bc3d46672 --- /dev/null +++ b/vlib/net/openssl/openssl_compat.h @@ -0,0 +1,24 @@ +// Match the init API to the OpenSSL headers that are actually available. +#if defined(LIBRESSL_VERSION_NUMBER) || !defined(OPENSSL_VERSION_NUMBER) \ + || OPENSSL_VERSION_NUMBER < 0x10100000L +static int v_net_openssl_init_ssl(void) { + SSL_load_error_strings(); + return SSL_library_init(); +} +#else +static int v_net_openssl_init_ssl(void) { + return OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, 0); +} +#endif + +// SSL_get1_peer_certificate is only available in OpenSSL 3.x. +#if defined(LIBRESSL_VERSION_NUMBER) || !defined(OPENSSL_VERSION_NUMBER) \ + || OPENSSL_VERSION_NUMBER < 0x30000000L +static X509 *v_net_openssl_get1_peer_certificate(SSL *ssl) { + return SSL_get_peer_certificate(ssl); +} +#else +static X509 *v_net_openssl_get1_peer_certificate(SSL *ssl) { + return SSL_get1_peer_certificate(ssl); +} +#endif diff --git a/vlib/net/openssl/ssl_connection.c.v b/vlib/net/openssl/ssl_connection.c.v index 064916faa..d5864ed6b 100644 --- a/vlib/net/openssl/ssl_connection.c.v +++ b/vlib/net/openssl/ssl_connection.c.v @@ -237,11 +237,7 @@ fn (mut s SSLConn) complete_connect() ! { } return error('net.openssl SSLConn.complete_connect, could not validate SSL certificate. (${err_res}),err') } - $if openbsd { - pcert = C.SSL_get_peer_certificate(voidptr(s.ssl)) - } $else { - pcert = C.SSL_get1_peer_certificate(voidptr(s.ssl)) - } + pcert = C.v_net_openssl_get1_peer_certificate(s.ssl) defer { if pcert != 0 { C.X509_free(pcert) -- 2.39.5