openssl: dynamically load libssl and symbols (optionally)

Provide an interface around OpenSSL to dynamically load the libraries and symbols, so that users can distribute a libgit2 library that is not linked directly against OpenSSL. This enables users to target multiple distributions with a single binary. This mechanism is optional and disabled by default. Configure cmake with -DUSE_HTTPS=OpenSSL-Dynamic to use it.

openssl: dynamically load libssl and symbols (optionally)
Provide an interface around OpenSSL to dynamically load the libraries and symbols, so that users can distribute a libgit2 library that is not linked directly against OpenSSL. This enables users to target multiple distributions with a single binary. This mechanism is optional and disabled by default. Configure cmake with -DUSE_HTTPS=OpenSSL-Dynamic to use it.
0903cac1 · Edward Thomson · 150eddd9 · 0903cac1 · 0903cac1 · 0903cac1
Commit 0903cac1 authored Aug 11, 2021 by Edward Thomson
11 changed files
--- a/COPYING
+++ b/COPYING
@@ -420,7 +420,7 @@ The GNU C Library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
 License as published by the Free Software Foundation; either
 version 2.1 of the License, or (at your option) any later version.
- 
+
 The GNU C Library is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
@@ -1019,3 +1019,111 @@ following restrictions are are met:
 THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+----------------------------------------------------------------------
+
+Portions of the OpenSSL headers are included under the OpenSSL license:
+
+Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an SSL implementation written
+by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with Netscapes SSL.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution, be it the RC4, RSA,
+lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+included with this distribution is covered by the same copyright terms
+except that the holder is Tim Hudson (tjh@cryptsoft.com).
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of the parts of the library used.
+This can be in the form of a textual message at program startup or
+in documentation (online or textual) provided with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   "This product includes cryptographic software written by
+    Eric Young (eay@cryptsoft.com)"
+   The word 'cryptographic' can be left out if the rouines from the library
+   being used are not cryptographic related :-).
+4. If you include any Windows specific code (or a derivative thereof) from
+   the apps directory (application code) you must include an acknowledgement:
+   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The licence and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distribution licence
+[including the GNU Public Licence.]
+
+====================================================================
+Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in
+   the documentation and/or other materials provided with the
+   distribution.
+
+3. All advertising materials mentioning features or use of this
+   software must display the following acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+
+4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+   endorse or promote products derived from this software without
+   prior written permission. For written permission, please contact
+   openssl-core@openssl.org.
+
+5. Products derived from this software may not be called "OpenSSL"
+   nor may "OpenSSL" appear in their names without prior written
+   permission of the OpenSSL Project.
+
+6. Redistributions of any form whatsoever must retain the following
+   acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+
+THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+
--- a/cmake/SelectHTTPSBackend.cmake
+++ b/cmake/SelectHTTPSBackend.cmake
@@ -108,6 +108,10 @@ IF(USE_HTTPS)
 		LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
 	ELSEIF (USE_HTTPS STREQUAL "WinHTTP")
 		# WinHTTP setup was handled in the WinHTTP-specific block above
+	ELSEIF (USE_HTTPS STREQUAL "OpenSSL-Dynamic")
+		SET(GIT_OPENSSL 1)
+		SET(GIT_OPENSSL_DYNAMIC 1)
+		LIST(APPEND LIBGIT2_LIBS dl)
 	ELSE()
 		MESSAGE(FATAL_ERROR "Asked for backend ${USE_HTTPS} but it wasn't found")
 	ENDIF()

--- a/src/features.h.in
+++ b/src/features.h.in
@@ -34,6 +34,7 @@
 #cmakedefine GIT_WINHTTP 1
 #cmakedefine GIT_HTTPS 1
 #cmakedefine GIT_OPENSSL 1
+#cmakedefine GIT_OPENSSL_DYNAMIC 1
 #cmakedefine GIT_SECURE_TRANSPORT 1
 #cmakedefine GIT_MBEDTLS 1


--- a/src/libgit2.c
+++ b/src/libgit2.c
@@ -36,14 +36,6 @@
 # include "win32/w32_leakcheck.h"
 #endif

-#ifdef GIT_OPENSSL
-# include <openssl/err.h>
-#endif
-
-#ifdef GIT_MBEDTLS
-# include <mbedtls/error.h>
-#endif
-
 /* Declarations for tuneable settings */
 extern size_t git_mwindow__window_size;
 extern size_t git_mwindow__mapped_limit;

--- a/src/netops.h
+++ b/src/netops.h
@@ -14,7 +14,7 @@
 #include "net.h"

 #ifdef GIT_OPENSSL
-# include <openssl/ssl.h>
+# include "streams/openssl.h"
 #endif

 typedef struct gitno_ssl {

--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -7,11 +7,13 @@

 #include "streams/openssl.h"
 #include "streams/openssl_legacy.h"
+#include "streams/openssl_dynamic.h"

 #ifdef GIT_OPENSSL

 #include <ctype.h>

+#include "common.h"
 #include "runtime.h"
 #include "settings.h"
 #include "posix.h"
@@ -27,10 +29,12 @@
 # include <netinet/in.h>
 #endif

-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include <openssl/bio.h>
+#ifndef GIT_OPENSSL_DYNAMIC
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# include <openssl/x509v3.h>
+# include <openssl/bio.h>
+#endif

 SSL_CTX *git__ssl_ctx;

@@ -58,27 +62,45 @@ static void shutdown_ssl(void)
 }

 #ifdef VALGRIND
+# if !defined(GIT_OPENSSL_LEGACY) && !defined(GIT_OPENSSL_DYNAMIC)
+
 static void *git_openssl_malloc(size_t bytes, const char *file, int line)
 {
 	GIT_UNUSED(file);
 	GIT_UNUSED(line);
 	return git__calloc(1, bytes);
 }
-
+ 
 static void *git_openssl_realloc(void *mem, size_t size, const char *file, int line)
 {
 	GIT_UNUSED(file);
 	GIT_UNUSED(line);
 	return git__realloc(mem, size);
 }
-
+ 
 static void git_openssl_free(void *mem, const char *file, int line)
 {
 	GIT_UNUSED(file);
 	GIT_UNUSED(line);
-	return git__free(mem);
+	git__free(mem);
+}
+# else /* !GIT_OPENSSL_LEGACY && !GIT_OPENSSL_DYNAMIC */
+static void *git_openssl_malloc(size_t bytes)
+{
+	return git__calloc(1, bytes);
+}
+
+static void *git_openssl_realloc(void *mem, size_t size)
+{
+	return git__realloc(mem, size);
 }
-#endif
+
+static void git_openssl_free(void *mem)
+{
+	git__free(mem);
+}
+# endif /* !GIT_OPENSSL_LEGACY && !GIT_OPENSSL_DYNAMIC */
+#endif /* VALGRIND */

 int git_openssl_stream_global_init(void)
 {
@@ -93,6 +115,11 @@ int git_openssl_stream_global_init(void)
 	ssl_opts |= SSL_OP_NO_COMPRESSION;
 #endif

+#ifdef GIT_OPENSSL_DYNAMIC
+	if (git_openssl_stream_dynamic_init() < 0)
+		return -1;
+#endif
+
 #ifdef VALGRIND
 	/*
 	 * Swap in our own allocator functions that initialize
@@ -144,7 +171,7 @@ error:
 	return -1;
 }

-#ifndef GIT_OPENSSL_LEGACY
+#if !defined(GIT_OPENSSL_LEGACY) && !defined(GIT_OPENSSL_DYNAMIC)
 int git_openssl_set_locking(void)
 {
 # ifdef GIT_THREADS

--- a/src/streams/openssl.h
+++ b/src/streams/openssl.h
@@ -8,14 +8,22 @@
 #define INCLUDE_streams_openssl_h__

 #include "common.h"
+#include "streams/openssl_legacy.h"
+#include "streams/openssl_dynamic.h"

 #include "git2/sys/stream.h"

 extern int git_openssl_stream_global_init(void);

+#if defined(GIT_OPENSSL) && !defined(GIT_OPENSSL_DYNAMIC)
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# include <openssl/x509v3.h>
+# include <openssl/bio.h>
+# endif
+
 #ifdef GIT_OPENSSL
 extern int git_openssl__set_cert_location(const char *file, const char *path);
-
 extern int git_openssl_stream_new(git_stream **out, const char *host, const char *port);
 extern int git_openssl_stream_wrap(git_stream **out, git_stream *in, const char *host);
 #endif

--- a/src/streams/openssl_dynamic.c
+++ b/src/streams/openssl_dynamic.c
--- a/src/streams/openssl_dynamic.h
+++ b/src/streams/openssl_dynamic.h
--- a/src/streams/openssl_legacy.c
+++ b/src/streams/openssl_legacy.c
@@ -8,16 +8,18 @@
 #include "streams/openssl.h"
 #include "streams/openssl_legacy.h"

-#if defined(GIT_OPENSSL) && defined(GIT_OPENSSL_LEGACY)
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include <openssl/bio.h>
-
 #include "runtime.h"
 #include "git2/sys/openssl.h"

+#if defined(GIT_OPENSSL) && !defined(GIT_OPENSSL_DYNAMIC)
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# include <openssl/x509v3.h>
+# include <openssl/bio.h>
+#endif
+
+#if defined(GIT_OPENSSL_LEGACY) || defined(GIT_OPENSSL_DYNAMIC)
+
 /*
 * OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
 * which do not exist in previous versions. We define these inline functions so
@@ -25,16 +27,16 @@
 * with ifdefs. We do the same for OPENSSL_init_ssl.
 */

-int OPENSSL_init_ssl(int opts, void *settings)
+int OPENSSL_init_ssl__legacy(uint64_t opts, const void *settings)
 {
 	GIT_UNUSED(opts);
 	GIT_UNUSED(settings);
 	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
+	SSL_library_init();
 	return 0;
 }

-BIO_METHOD* BIO_meth_new(int type, const char *name)
+BIO_METHOD* BIO_meth_new__legacy(int type, const char *name)
 {
 	BIO_METHOD *meth = git__calloc(1, sizeof(BIO_METHOD));
 	if (!meth) {
@@ -47,85 +49,89 @@ BIO_METHOD* BIO_meth_new(int type, const char *name)
 	return meth;
 }

-void BIO_meth_free(BIO_METHOD *biom)
+void BIO_meth_free__legacy(BIO_METHOD *biom)
 {
 	git__free(biom);
 }

-int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int))
+int BIO_meth_set_write__legacy(BIO_METHOD *biom, int (*write) (BIO *, const char *, int))
 {
 	biom->bwrite = write;
 	return 1;
 }

-int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int))
+int BIO_meth_set_read__legacy(BIO_METHOD *biom, int (*read) (BIO *, char *, int))
 {
 	biom->bread = read;
 	return 1;
 }

-int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *))
+int BIO_meth_set_puts__legacy(BIO_METHOD *biom, int (*puts) (BIO *, const char *))
 {
 	biom->bputs = puts;
 	return 1;
 }

-int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int))
+int BIO_meth_set_gets__legacy(BIO_METHOD *biom, int (*gets) (BIO *, char *, int))

 {
 	biom->bgets = gets;
 	return 1;
 }

-int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *))
+int BIO_meth_set_ctrl__legacy(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *))
 {
 	biom->ctrl = ctrl;
 	return 1;
 }

-int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+int BIO_meth_set_create__legacy(BIO_METHOD *biom, int (*create) (BIO *))
 {
 	biom->create = create;
 	return 1;
 }

-int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+int BIO_meth_set_destroy__legacy(BIO_METHOD *biom, int (*destroy) (BIO *))
 {
 	biom->destroy = destroy;
 	return 1;
 }

-int BIO_get_new_index(void)
+int BIO_get_new_index__legacy(void)
 {
 	/* This exists as of 1.1 so before we'd just have 0 */
 	return 0;
 }

-void BIO_set_init(BIO *b, int init)
+void BIO_set_init__legacy(BIO *b, int init)
 {
 	b->init = init;
 }

-void BIO_set_data(BIO *a, void *ptr)
+void BIO_set_data__legacy(BIO *a, void *ptr)
 {
 	a->ptr = ptr;
 }

-void *BIO_get_data(BIO *a)
+void *BIO_get_data__legacy(BIO *a)
 {
 	return a->ptr;
 }

-const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+const unsigned char *ASN1_STRING_get0_data__legacy(const ASN1_STRING *x)
 {
 	return ASN1_STRING_data((ASN1_STRING *)x);
 }

+long SSL_CTX_set_options__legacy(SSL_CTX *ctx, long op)
+{
+	return SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, op, NULL);
+}
+
 # if defined(GIT_THREADS)
 static git_mutex *openssl_locks;

-static void openssl_locking_function(
-	int mode, int n, const char *file, int line)
+static void openssl_locking_function(int mode, int n, const char *file, int line)
 {
 	int lock;

@@ -134,11 +140,10 @@ static void openssl_locking_function(

 	lock = mode & CRYPTO_LOCK;

-	if (lock) {
+	if (lock)
 		(void)git_mutex_lock(&openssl_locks[n]);
-	} else {
+	else
 		git_mutex_unlock(&openssl_locks[n]);
-	}
 }

 static void shutdown_ssl_locking(void)
@@ -163,6 +168,20 @@ int git_openssl_set_locking(void)
 {
 	int num_locks, i;

+#ifndef GIT_THREADS
+	git_error_set(GIT_ERROR_THREAD, "libgit2 was not built with threads");
+	return -1;
+#endif
+
+#ifdef GIT_OPENSSL_DYNAMIC
+	/*
+	 * This function is required on legacy versions of OpenSSL; when building
+	 * with dynamically-loaded OpenSSL, we detect whether we loaded it or not.
+	 */
+	if (!CRYPTO_set_locking_callback)
+		return 0;
+#endif
+
 	CRYPTO_THREADID_set_callback(threadid_cb);

 	num_locks = CRYPTO_num_locks();
@@ -181,21 +200,4 @@ int git_openssl_set_locking(void)
 }
 #endif /* GIT_THREADS */

-#ifdef VALGRIND
-void *git_openssl_malloc(size_t bytes)
-{
-	return git__calloc(1, bytes);
-}
-
-void *git_openssl_realloc(void *mem, size_t size)
-{
-	return git__realloc(mem, size);
-}
-
-void git_openssl_free(void *mem)
-{
-	return git__free(mem);
-}
-#endif
-
-#endif /* GIT_OPENSSL && GIT_OPENSSL_LEGACY */
+#endif /* GIT_OPENSSL_LEGACY || GIT_OPENSSL_DYNAMIC */
--- a/src/streams/openssl_legacy.h
+++ b/src/streams/openssl_legacy.h
@@ -7,7 +7,9 @@
 #ifndef INCLUDE_streams_openssl_legacy_h__
 #define INCLUDE_streams_openssl_legacy_h__

-#ifdef GIT_OPENSSL
+#include "streams/openssl_dynamic.h"
+
+#if defined(GIT_OPENSSL) && !defined(GIT_OPENSSL_DYNAMIC)
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
@@ -19,23 +21,42 @@
 # endif
 #endif

-#ifdef GIT_OPENSSL_LEGACY
-
-extern int OPENSSL_init_ssl(int opts, void *settings);
-extern BIO_METHOD* BIO_meth_new(int type, const char *name);
-extern void BIO_meth_free(BIO_METHOD *biom);
-extern int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int));
-extern int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int));
-extern int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *));
-extern int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int));
-extern int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *));
-extern int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
-extern int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
-extern int BIO_get_new_index(void);
-extern void BIO_set_data(BIO *a, void *ptr);
-extern void BIO_set_init(BIO *b, int init);
-extern void *BIO_get_data(BIO *a);
-extern const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
+#if defined(GIT_OPENSSL_LEGACY) && !defined(GIT_OPENSSL_DYNAMIC)
+# define OPENSSL_init_ssl OPENSSL_init_ssl__legacy
+# define BIO_meth_new BIO_meth_new__legacy
+# define BIO_meth_free BIO_meth_free__legacy
+# define BIO_meth_set_write BIO_meth_set_write__legacy
+# define BIO_meth_set_read BIO_meth_set_read__legacy
+# define BIO_meth_set_puts BIO_meth_set_puts__legacy
+# define BIO_meth_set_gets BIO_meth_set_gets__legacy
+# define BIO_meth_set_ctrl BIO_meth_set_ctrl__legacy
+# define BIO_meth_set_create BIO_meth_set_create__legacy
+# define BIO_meth_set_destroy BIO_meth_set_destroy__legacy
+# define BIO_get_new_index BIO_get_new_index__legacy
+# define BIO_set_data BIO_set_data__legacy
+# define BIO_set_init BIO_set_init__legacy
+# define BIO_get_data BIO_get_data__legacy
+# define ASN1_STRING_get0_data ASN1_STRING_get0_data__legacy
+#endif
+
+#if defined(GIT_OPENSSL_LEGACY) || defined(GIT_OPENSSL_DYNAMIC)
+
+extern int OPENSSL_init_ssl__legacy(uint64_t opts, const void *settings);
+extern BIO_METHOD* BIO_meth_new__legacy(int type, const char *name);
+extern void BIO_meth_free__legacy(BIO_METHOD *biom);
+extern int BIO_meth_set_write__legacy(BIO_METHOD *biom, int (*write) (BIO *, const char *, int));
+extern int BIO_meth_set_read__legacy(BIO_METHOD *biom, int (*read) (BIO *, char *, int));
+extern int BIO_meth_set_puts__legacy(BIO_METHOD *biom, int (*puts) (BIO *, const char *));
+extern int BIO_meth_set_gets__legacy(BIO_METHOD *biom, int (*gets) (BIO *, char *, int));
+extern int BIO_meth_set_ctrl__legacy(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *));
+extern int BIO_meth_set_create__legacy(BIO_METHOD *biom, int (*create) (BIO *));
+extern int BIO_meth_set_destroy__legacy(BIO_METHOD *biom, int (*destroy) (BIO *));
+extern int BIO_get_new_index__legacy(void);
+extern void BIO_set_data__legacy(BIO *a, void *ptr);
+extern void BIO_set_init__legacy(BIO *b, int init);
+extern void *BIO_get_data__legacy(BIO *a);
+extern const unsigned char *ASN1_STRING_get0_data__legacy(const ASN1_STRING *x);
+extern long SSL_CTX_set_options__legacy(SSL_CTX *ctx, long op);

 #endif