cut legacy checks for openssl sni support

Summary: Since v1.1.0, openssl always has sni support. In particular, openssl no longer can be built without tlxext and no longer can export `OPENSSL_NO_TLSEXT`. Reviewed By: AjanthanAsogamoorthy Differential Revision: D55331824 fbshipit-source-id: 551b9007654c0a29eb3399b9069ffcc2ae151683
facebook · Mar 28, 2024 · b0bccaf · b0bccaf
1 parent d71117e
commit b0bccaf
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 19 deletions.
diff --git a/wangle/ssl/SSLContextManager.cpp b/wangle/ssl/SSLContextManager.cpp
@@ -317,12 +317,10 @@ class SSLContextManager::SslContexts
    * Callback function from openssl to find the right X509 to
    * use during SSL handshake
    */
-#if FOLLY_OPENSSL_HAS_SNI
   static folly::SSLContext::ServerNameCallbackResult serverNameCallback(
       SSL* ssl,
       ClientHelloExtStats* stats,
       const std::shared_ptr<SslContexts>& contexts);
-#endif
 
  private:
   SslContexts(bool strict);
@@ -860,7 +858,6 @@ void SSLContextManager::verifyCertNames(
   }
 }
 
-#if FOLLY_OPENSSL_HAS_SNI
 /*static*/ SSLContext::ServerNameCallbackResult
 SSLContextManager::SslContexts::serverNameCallback(
     SSL* ssl,
@@ -914,7 +911,6 @@ SSLContextManager::SslContexts::serverNameCallback(
   }
   return SSLContext::SERVER_NAME_NOT_FOUND;
 }
-#endif
 
 // Consolidate all SSL_CTX setup which depends on openssl version/feature
 void SSLContextManager::SslContexts::ctxSetupByOpensslFeature(
@@ -959,7 +955,6 @@ void SSLContextManager::SslContexts::ctxSetupByOpensslFeature(
   }
 
   // SNI
-#if FOLLY_OPENSSL_HAS_SNI
   if (ctxConfig.isDefault) {
     if (newDefault) {
       throw std::runtime_error("More than 1 X509 is set as default");
@@ -973,18 +968,7 @@ void SSLContextManager::SslContexts::ctxSetupByOpensslFeature(
           });
     }
   }
-#else
-  // without SNI support, we expect only a single cert. set it as default and
-  // error if we go to another.
-  if (newDefault) {
-    OPENSSL_MISSING_FEATURE(SNI);
-  }
-
-  newDefault = sslCtx;
 
-  // Silence unused parameter warning
-  (mgr);
-#endif
 #ifdef SSL_OP_NO_RENEGOTIATION
   // Disable renegotiation at the OpenSSL layer
   sslCtx->setOptions(SSL_OP_NO_RENEGOTIATION);

diff --git a/wangle/ssl/test/SSLContextManagerTest.cpp b/wangle/ssl/test/SSLContextManagerTest.cpp
@@ -297,8 +297,6 @@ TEST(SSLContextManagerTest, Test1) {
       sslCtxMgr.getSSLCtxBySuffix(SSLContextKey("abc.xyz.example.com")));
 }
 
-// This test uses multiple contexts, which requires SNI support to work at all.
-#if FOLLY_OPENSSL_HAS_SNI
 TEST(SSLContextManagerTest, TestResetSSLContextConfigs) {
   SSLContextManagerForTest sslCtxMgr(
       "vip_ssl_context_manager_test_", getSettings(), nullptr);
@@ -440,7 +438,6 @@ TEST(SSLContextManagerTest, TestResetSSLContextConfigs) {
   checkSeeds(
       sslCtxMgr.getSSLCtxByExactDomain(SSLContextKey("test.com")), seeds2);
 }
-#endif
 
 TEST(SSLContextManagerTest, TestSessionContextCertRemoval) {
   SSLContextManagerForTest sslCtxMgr(