Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmake: improve wolfSSL detection #14064

Closed
wants to merge 6 commits into from
Closed

cmake: improve wolfSSL detection #14064

wants to merge 6 commits into from

Conversation

vszakats
Copy link
Member

@vszakats vszakats commented Jun 30, 2024
edited
Loading

  • support detecting wolfSSL via pkg-config (like autotools.)

  • detect wolfSSL version.

  • detect HAVE_WOLFSSL_DES_ECB_ENCRYPT.
    (needs e.g. --enable-curl when building wolfSSL)

  • detect HAVE_WOLFSSL_FULL_BIO and enable HTTPS-proxy feature.
    (needs e.g. --enable-opensslall when building wolfSSL)

  • fix to show HTTPS-proxy in cmake feature list.
    Ref: 55807e6 tls backends using connection filter IO #9962

  • fix to show NTLM in cmake feature list.

  • fix to show smb and smbs in cmake protocol list.

  • add wolfSSL CMake job to GHA (for macOS).

  • fix mqtt and wolfSSL symbol clash.

    ./curl/lib/mqtt.c: In function 'mqtt_doing':
./curl/lib/mqtt.c:746:17: error: declaration of 'byte' shadows a global declaration [-Werror=shadow]
  746 |   unsigned char byte;
      |                 ^~~~
/opt/homebrew/Cellar/wolfssl/5.7.0_1/include/wolfssl/wolfcrypt/types.h:85:36: note: shadowed declaration is here
   85 |             typedef unsigned char  byte;
      |                                    ^~~~

  • format FindWolfSSL.cmake closer to neighbours.

Closes #14064

@github-actions github-actions bot added the build label Jun 30, 2024
@vszakats

This comment was marked as resolved.

Sign in to view
@github-actions github-actions bot added the CI Continuous Integration label Jun 30, 2024
vszakats added 6 commits July 1, 2024 10:34
@vszakats
cmake: improve wolfSSL detection
70032d9 
- support detecting wolfSSL via pkg-config (like autotools.)

- detect wolfSSL version.

- add `HTTPS-proxy` to feature list for fitting wolfSSL versions.
  (completing this TODO)

Ref: 55807e6 curl#9962
Closes #xxxxx
@vszakats
cmake: detect wolfSSL features
ca921b3 
could not test the ECB one.
@vszakats
cmake: adjust HTTPS-proxy detection in feature-list
943aed2
@vszakats
GHA: add wolfSSL macOS cmake job
b82b52a
@vszakats
mqtt: fix shadowed declaration when building with wolfSSL
9f6e08b 
```
./curl/lib/mqtt.c: In function 'mqtt_doing':
./curl/lib/mqtt.c:746:17: error: declaration of 'byte' shadows a global declaration [-Werror=shadow]
  746 |   unsigned char byte;
      |                 ^~~~
In file included from /opt/homebrew/Cellar/wolfssl/5.7.0_1/include/wolfssl/openssl/sha.h:29,
                 from ./curl/lib/curl_sha256.h:40,
                 from ./curl/lib/http_aws_sigv4.c:33,
                 from ./curl/build/lib/CMakeFiles/libcurl_shared.dir/Unity/unity_0_c.c:202:
/opt/homebrew/Cellar/wolfssl/5.7.0_1/include/wolfssl/wolfcrypt/types.h:85:36: note: shadowed declaration is here
   85 |             typedef unsigned char  byte;
      |                                    ^~~~
```
Ref: https://github.com/curl/curl/actions/runs/9731571038/job/26856167259?pr=14064#step:7:19
@vszakats
fix NTLM, SMB/SMBS in features/protocols lists
013a29a
@vszakats
Copy link
Member Author

vszakats commented Jul 1, 2024

I'm thinking this qualifies better as a bugfix than a new feature to merge before the release.

Any thoughts?

@vszakats vszakats closed this in d68a121 Jul 1, 2024
@vszakats vszakats deleted the cmake-wolfssl branch July 1, 2024 15:50
@vszakats vszakats mentioned this pull request Nov 21, 2024
Closed
vszakats added a commit that referenced this pull request Nov 21, 2024
@vszakats
cmake: include wolfssl/options.h first
f153b4b 
It was missing while detecting `wolfSSL_DES_ecb_encrypt`,
`wolfSSL_BIO_new` and `wolfSSL_BIO_set_shutdown`.

We have not seen it causing issues in stable wolfSSL releases as of
v5.7.4, until a recent commit in wolfSSL master, which broke detections:
```
curl/CMakeFiles/CMakeScratch//CheckSymbolExists.c:8:19: error: ‘wolfSSL_BIO_new’ undeclared (first use in this function); did you mean ‘wolfSSL_CTX_new’?
curl/CMakeFiles/CMakeScratch//CheckSymbolExists.c:8:19: error: ‘wolfSSL_BIO_set_shutdown’ undeclared (first use in this function); did you mean ‘wolfSSL_set_shutdown’?
```
This in turn disabled `HTTPS-proxy` and failed related pytests:
https://github.com/curl/curl/actions/runs/11953800545/job/33324250039?pr=15620

wolfSSL source diff causing the regression:
https://github.com/wolfSSL/wolfSSL/compare/be70bea687526a51e3d751d425bbaaa412b451ee..c06f65a8ace311667d9b9d7fd320b6b25f8b1bf8

The wolfSSL build says:
```
Note: Make sure your application includes "wolfssl/options.h" before any other wolfSSL headers.
      You can define "WOLFSSL_USE_OPTIONS_H" in your application to include this automatically.
```

This patch makes sure to follow this rule across the curl codebase.

Also:
- include `wolfssl/options.h` first in `lib/vtls/wolfssl.c`.
  It was preceded by `wolfssl/version.h`, which did not cause issues.
  Background for the pre-existing include order:
  Ref: deb9462 #3903
  Ref: https://curl.se/mail/lib-2015-04/0069.html

Bug: #15620 (comment)
Follow-up to d68a121 #14064

Closes #15623
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
build CI Continuous Integration cmake connecting & proxies TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vszakats