From f191a830d83d0d984e84487c42b15fd07c58c705 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Wed, 30 Apr 2025 15:26:30 +0200 Subject: [PATCH] BUILD: ssl: Fix wolfssl build The newly added SSL traces require an extra 'conn' parameter to ssl_sock_chose_sni_ctx which was added in the "regular" code but not in the wolfssl specific one. Wolfssl also has a different prototype for some getter functions (SSL_get_servername for instance), which do not expect a const SSL while openssl version does. --- src/ssl_clienthello.c | 1 + src/ssl_trace.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c index be94849c7..4f939440c 100644 --- a/src/ssl_clienthello.c +++ b/src/ssl_clienthello.c @@ -624,6 +624,7 @@ sni_lookup: */ int ssl_sock_switchctx_wolfSSL_cbk(WOLFSSL* ssl, void* arg) { + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); struct bind_conf *s = arg; int has_rsa_sig = 0, has_ecdsa_sig = 0; const char *servername; diff --git a/src/ssl_trace.c b/src/ssl_trace.c index 4cf044380..8f77fb23c 100644 --- a/src/ssl_trace.c +++ b/src/ssl_trace.c @@ -120,7 +120,7 @@ static void ssl_trace(enum trace_level level, uint64_t mask, const struct trace_ } if (mask & SSL_EV_CONN_HNDSHK) { - const SSL *ssl = a2; + SSL *ssl = (SSL*)a2; if (ssl && src->verbosity > SSL_VERB_SIMPLE) { const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);