From dc513a9a15b8fea48bc53518e960699e87709eaa Mon Sep 17 00:00:00 2001
From: Sergey Lyubka <valenok@gmail.com>
Date: Sun, 27 Jan 2013 20:49:17 +0000
Subject: [PATCH] Wrapped SSL code into #ifndef NO_SSL

---
 mongoose.c | 40 ++++++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/mongoose.c b/mongoose.c
index c2f5d77c8..3974ac368 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -1455,9 +1455,12 @@ static int64_t push(FILE *fp, SOCKET sock, SSL *ssl, const char *buf,
     // How many bytes we send in this iteration
     k = len - sent > INT_MAX ? INT_MAX : (int) (len - sent);
 
+#ifndef NO_SSL
     if (ssl != NULL) {
       n = SSL_write(ssl, buf + sent, k);
-    } else if (fp != NULL) {
+    } else
+#endif
+      if (fp != NULL) {
       n = (int) fwrite(buf + sent, 1, (size_t) k, fp);
       if (ferror(fp))
         n = -1;
@@ -1487,9 +1490,11 @@ static int wait_until_socket_is_readable(struct mg_connection *conn) {
     pfd.fd = conn->client.sock;
     pfd.events = POLLIN;
     result = poll(&pfd, 1, 200);
+#ifndef NO_SSL
     if (result == 0 && conn->ssl != NULL) {
       result = SSL_pending(conn->ssl);
     }
+#endif
   } while ((result == 0 || (result < 0 && ERRNO == EINTR)) &&
            conn->ctx->stop_flag == 0);
 
@@ -1508,8 +1513,10 @@ static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len) {
     nread = read(fileno(fp), buf, (size_t) len);
   } else if (!conn->must_close && !wait_until_socket_is_readable(conn)) {
     nread = -1;
+#ifndef NO_SSL
   } else if (conn->ssl != NULL) {
     nread = SSL_read(conn->ssl, buf, len);
+#endif
   } else {
     nread = recv(conn->client.sock, buf, (size_t) len, 0);
   }
@@ -1809,12 +1816,6 @@ static void convert_uri_to_file_name(struct mg_connection *conn, char *buf,
   }
 }
 
-static int sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *)) {
-  return (conn->ssl = SSL_new(s)) != NULL &&
-    SSL_set_fd(conn->ssl, conn->client.sock) == 1 &&
-    func(conn->ssl) == 1;
-}
-
 // Check whether full request is buffered. Return:
 //   -1  if request is malformed
 //    0  if request is not yet fully buffered
@@ -1828,7 +1829,8 @@ static int get_request_len(const char *buf, int buflen) {
     if (!isprint(* (const unsigned char *) s) && *s != '\r' &&
         *s != '\n' && * (const unsigned char *) s < 128) {
       len = -1;
-      break; // [i_a] abort scan as soon as one malformed character is found; don't let subsequent \r\n\r\n win us over anyhow
+      break;  // [i_a] abort scan as soon as one malformed character is found;
+              // don't let subsequent \r\n\r\n win us over anyhow
     } else if (s[0] == '\n' && s[1] == '\n') {
       len = (int) (s - buf) + 2;
     } else if (s[0] == '\n' && &s[1] < e &&
@@ -4500,6 +4502,12 @@ static int set_uid_option(struct mg_context *ctx) {
 #if !defined(NO_SSL)
 static pthread_mutex_t *ssl_mutexes;
 
+static int sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *)) {
+  return (conn->ssl = SSL_new(s)) != NULL &&
+    SSL_set_fd(conn->ssl, conn->client.sock) == 1 &&
+    func(conn->ssl) == 1;
+}
+
 // Return OpenSSL error message
 static const char *ssl_error(void) {
   unsigned long err;
@@ -4686,16 +4694,20 @@ static void close_connection(struct mg_connection *conn) {
   if (conn->client.sock != INVALID_SOCKET) {
     close_socket_gracefully(conn);
   }
+#ifndef NO_SSL
   // Must be done AFTER socket is closed
   if (conn->ssl != NULL) {
     SSL_free(conn->ssl);
   }
+#endif
 }
 
 void mg_close_connection(struct mg_connection *conn) {
+#ifndef NO_SSL
   if (conn->client_ssl_ctx != NULL) {
     SSL_CTX_free((SSL_CTX *) conn->client_ssl_ctx);
   }
+#endif
   close_connection(conn);
   free(conn);
 }
@@ -4743,12 +4755,14 @@ struct mg_connection *mg_connect(const char *host, int port, int use_ssl,
       conn->client.sock = sock;
       conn->client.rsa.sin = sin;
       conn->client.is_ssl = use_ssl;
+#ifndef NO_SSL
       if (use_ssl) {
         // SSL_CTX_set_verify call is needed to switch off server certificate
         // checking, which is off by default in OpenSSL and on in yaSSL.
         SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0);
         sslize(conn, conn->client_ssl_ctx, SSL_connect);
       }
+#endif
     }
   }
 
@@ -4925,9 +4939,11 @@ static void *worker_thread(void *thread_func_param) {
       conn->request_info.remote_ip = ntohl(conn->request_info.remote_ip);
       conn->request_info.is_ssl = conn->client.is_ssl;
 
-      if (!conn->client.is_ssl ||
-          (conn->client.is_ssl &&
-           sslize(conn, conn->ctx->ssl_ctx, SSL_accept))) {
+      if (!conn->client.is_ssl
+#ifndef NO_SSL
+          || sslize(conn, conn->ctx->ssl_ctx, SSL_accept)
+#endif
+         ) {
         process_new_connection(conn);
       }
 
@@ -5068,11 +5084,11 @@ static void free_context(struct mg_context *ctx) {
       free(ctx->config[i]);
   }
 
+#ifndef NO_SSL
   // Deallocate SSL context
   if (ctx->ssl_ctx != NULL) {
     SSL_CTX_free(ctx->ssl_ctx);
   }
-#ifndef NO_SSL
   if (ssl_mutexes != NULL) {
     free(ssl_mutexes);
     ssl_mutexes = NULL;
-- 
GitLab