Undo some unintended changes and remove unnecessary preprocessor-flags

Signed-off-by: DL6ER <[email protected]>
pi-hole · Nov 10, 2024 · cf05f3e · cf05f3e
1 parent 5f2e524
commit cf05f3e
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 32 deletions.
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -365,18 +365,8 @@ find_library(LIBMBEDX509 NAMES lmbedx509${LIBRARY_SUFFIX} mbedx509)
 find_library(LIBMBEDTLS NAMES lmbedtls${LIBRARY_SUFFIX} mbedtls)
 find_library(LIBSSL NAMES libssl${LIBRARY_SUFFIX} ssl)
 find_library(LIBCRYPTO NAMES libcrypto${LIBRARY_SUFFIX} crypto)
-if(LIBMBEDCRYPTO AND LIBMBEDX509 AND LIBMBEDTLS)
-    # Enable TLS support in civetweb if mbedTLS is available
-    message(STATUS "Building FTL with TLS support: YES")
-    target_compile_definitions(core PRIVATE HAVE_MBEDTLS)
-    target_compile_definitions(webserver PRIVATE HAVE_MBEDTLS)
-    # Link against the mbedTLS libraries, the order is important (!)
-    target_link_libraries(pihole-FTL ${LIBMBEDTLS} ${LIBMBEDX509} ${LIBMBEDCRYPTO} ${LIBSSL} ${LIBCRYPTO})
-else()
-    # Disable TLS support in civetweb if mbedTLS is not available
-    message(STATUS "Building FTL with TLS support: NO")
-    target_compile_definitions(civetweb PRIVATE NO_SSL)
-endif()
+# Link against the mbedTLS libraries, the order is important (!)
+target_link_libraries(pihole-FTL ${LIBMBEDTLS} ${LIBMBEDX509} ${LIBMBEDCRYPTO} ${LIBSSL} ${LIBCRYPTO})
 
 # After finishing building the FTL binary, we append the sha256sum of the binary
 # in raw form to itself and print the checksum to the console

diff --git a/src/args.c b/src/args.c
@@ -66,6 +66,8 @@
 #include "ntp/ntp.h"
 // check_capability()
 #include "capabilities.h"
+// OpenSSL_version()
+#include <openssl/crypto.h>
 
 // defined in dnsmasq.c
 extern void print_dnsmasq_version(const char *yellow, const char *green, const char *bold, const char *normal);
@@ -842,13 +844,10 @@ void parse_args(int argc, char *argv[])
 			printf("\n");
 			printf("****************************** %s%sCivetWeb%s *****************************\n",
 			       yellow, bold, normal);
-#ifdef HAVE_MBEDTLS
-			printf("Version:         %s%s%s%s (modified by Pi-hole) with %smbed TLS %s%s"MBEDTLS_VERSION_STRING"%s\n",
-			       green, bold, mg_version(), normal, yellow, green, bold, normal);
-#else
-			printf("Version:         %s%s%s%s%s (modified by Pi-hole) without %smbed TLS%s\n",
-			       green, bold, mg_version(), normal, red, yellow, normal);
-#endif
+			printf("Version:         %s%s%s%s%s (modified by Pi-hole)%s using\n",
+			       green, bold, mg_version(), normal, yellow, normal);
+			printf("                 %s%s%s%s\n",
+			       green, bold, OpenSSL_version(OPENSSL_VERSION), normal);
 			printf("Features:        ");
 			if(mg_check_feature(MG_FEATURES_FILES))
 				printf("Files: %sYes%s, ", green, normal);

diff --git a/src/webserver/civetweb/CMakeLists.txt b/src/webserver/civetweb/CMakeLists.txt
@@ -21,7 +21,8 @@ add_library(civetweb OBJECT ${sources})
 target_compile_options(civetweb PRIVATE -Wno-unused-but-set-variable -Wno-unused-variable)
 # We can remove the NO_SSL later on. It adds additional constraints to the build system (availablity of libSSL-dev)
 # NO_CGI = no CGI support (we don't need it)
-# NO_SSL_DL NO_SSL = no SSL support (for now)
+# NO_DLOPEN = no dynamic loading of any libraries
+# NO_SSL_DL = no dynamic loading of SSL libraries
 # USE_IPV6: add IPv6 support
 # USE_LUA: add Lua support
 # USE_HTTP2: enable HTTP2 support

diff --git a/src/webserver/civetweb/civetweb.c b/src/webserver/civetweb/civetweb.c
@@ -17806,6 +17806,9 @@ init_ssl_ctx_impl(struct mg_context *phys_ctx,
 
 #if defined(USE_ALPN)
 	/* Initialize ALPN only of TLS library (OpenSSL version) supports ALPN */
+#if !defined(NO_SSL_DL)
+	if (!tls_feature_missing[TLS_ALPN])
+#endif
 	{
 		init_alpn(phys_ctx, dom_ctx);
 	}

diff --git a/src/webserver/webserver.c b/src/webserver/webserver.c
@@ -352,12 +352,9 @@ void http_init(void)
 	}
 
 	/* Initialize the library */
-	log_web("Initializing HTTP server on port %s", config.webserver.port.v.s);
-	unsigned int features = MG_FEATURES_FILES |
-	                        MG_FEATURES_IPV6 |
-	                        MG_FEATURES_CACHE;
-
-
+	const unsigned int features = mg_check_feature(UINT_MAX);
+	log_web("Initializing HTTP server on port %s (feature set 0x%04x)", config.webserver.port.v.s, features);
+	// Get all features enabled at compile-time
 	if(mg_init_library(features) == 0)
 	{
 		log_web("Initializing HTTP library failed!");

diff --git a/src/webserver/x509.c b/src/webserver/x509.c
@@ -12,7 +12,6 @@
 #include "log.h"
 #include "x509.h"
 
-#ifdef HAVE_MBEDTLS
 # include <mbedtls/rsa.h>
 # include <mbedtls/x509.h>
 # include <mbedtls/x509_crt.h>
@@ -635,7 +634,7 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const
 	return CERT_OKAY;
 }
 
-#else
+#if 0
 
 bool generate_certificate(const char* certfile, bool rsa, const char *domain)
 {

diff --git a/src/webserver/x509.h b/src/webserver/x509.h
@@ -10,10 +10,8 @@
 #ifndef X509_H
 #define X509_H
 
-#ifdef HAVE_MBEDTLS
-# include <mbedtls/entropy.h>
-# include <mbedtls/ctr_drbg.h>
-#endif
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
 
 #include "enums.h"