Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add backwards compatibility for old names of OpenSSL functions #1650

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions libraries/networking/src/WebRTCOpenSSLCompatibility.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
//
// WebRTCOpenSSLCompatibility.cpp
// libraries/networking/src
//
// Created by Dale Glass on 25/05/2022
// Copyright 2022 Vircadia contributors.
//
// Distributed under the Apache License, Version 2.0.
// See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
//



#include <openssl/opensslv.h>

/*
* Starting at OpenSSL 3.0, the names for some of the functions changed.
*
* This breaks WebRTC. We have a problem:
*
* WebRTC is a pain to build and has its own build environment. Rather than building it
* locally we provide a prebuilt binary. Said binary is generated against some Google-provided
* chroot of Debian, so for the most part the result is independent of what you build it
* on anyway.
*
* WebRTC prefers to build and use its own BoringSSL. But we use OpenSSL, and symbol
* names collide between what comes from the BoringSSL linked into webrtc, and our
* system library.
*
* Therefore, we use the option to link WebRTC against the system OpenSSL. However,
* starting on OpenSSL 3.0, some symbols were renamed. Backwards compatibility is kept
* through #defines in the OpenSSL headers, but of course this has no effect on compiled
* code. We have a WebRTC that calls SSL_get_peer_certificate, but the new OpenSSL now calls
* this SSL_get1_peer_certificate.
*
* New distros using OpenSSL 3.0 now have problems.
*
*
* We have these possible solutions:
*
* 1. Have an OpenSSL 3.0 build of WebRTC, and choose which we need. Possible, but a bit painful
* while OpenSSL 1.x is still in use.
*
* 2. Follow the recommendation here:
* https://stackoverflow.com/questions/71107066/how-to-integrate-part-of-webrtc-as-a-static-dynamic-library-with-the-existing
* and create a wrapper for WebRTC to make sure the library only exposes a minimal interface and stops
* conflicting with other things. Then it can be built with BoringSSL and not bother anything else.
*
* 3. Try to hack around the issue, which is what we do here, by just providing compatibility wrappers
* for the missing functions. This is a very simple solution that should work perfectly fine for
* the time being, so long binary compatibility hasn't been broken somewhere.
*/
#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3

#include <openssl/ssl.h>

// These are defined in the OpenSSL headers as aliases for the new names.
// We have to get rid of them so that we can make actual functions with such names.
#undef SSL_get_peer_certificate
#undef EVP_MD_size
#undef EVP_MD_type

extern "C" {
X509 *SSL_get_peer_certificate(const SSL *ssl) {
return SSL_get1_peer_certificate(ssl);
}

int EVP_MD_size(const EVP_MD *md) {
return EVP_MD_get_size(md);
}

int EVP_MD_type(const EVP_MD *md) {
return EVP_MD_get_type(md);
}
}

#endif