Skip to content

cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS#11967

Closed
vszakats wants to merge 5 commits intocurl:masterfrom
vszakats:cmake-tls-srp
Closed

cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS#11967
vszakats wants to merge 5 commits intocurl:masterfrom
vszakats:cmake-tls-srp

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Sep 27, 2023
edited
Loading

With new option CURL_DISABLE_SRP=ON to force-disable it.
To match existing option and detection logic in autotools.

Also:

  • fix detecting GnuTLS.
    We assume nettle as a GnuTLS dependency.
  • add CMake GnuTLS CI job.
  • bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2)
    TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug.
  • fix compiler warning when building with GnuTLS and disabled TLS-SRP.
  • fix comment typos, whitespace.

Ref: #11964

Closes #11967

@vszakats vszakats changed the title cmake: detect TLS-SRP support in OpenSSL/wolfSSL/GnuTLS cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS Sep 27, 2023
@vszakats vszakats mentioned this pull request Sep 27, 2023
Closed
16 tasks
@vszakats
Copy link
Member Author

vszakats commented Sep 27, 2023
edited
Loading

This should probably be a 'found', if this OpenSSL 1.0.2 has SRP enabled: https://ci.appveyor.com/project/curlorg/curl/builds/48139282/job/7xbgl6gw8u7a17fy#L33. Error: C:\\OpenSSL-Win64\\include\\openssl/dtls1.h(227,20): error C2079: 'next_timeout' uses undefined struct 'timeval' https://ci.appveyor.com/project/curlorg/curl/builds/48141976/job/d4vfl9e7pm2qk02d?fullLog=true#L739

I won't be dealing with this, it's an obsolete OpenSSL version combined with MSVC.

UPDATE: Upgrading to OpenSSL 1.1.1 fixes it.

@github-actions github-actions bot added the CI Continuous Integration label Sep 27, 2023
@vszakats
cmake: detect TLS-SRP support in OpenSSL/wolfSSL/GnuTLS
7d892a1 
With new option `CURL_DISABLE_SRP=ON` to force-disable it.
To match existing similar option and detection logic in autotools.

Also:
- fix detecting GnuTLS.
- comment typos, whitespace.

Ref: curl#11964

Closes #xxxxx
@vszakats
add gnutls cmake builds
03429ac
@vszakats
bump openssl to 1.1.1 (from 1.0.2) in appveyor
29cdcc6
@vszakats
gtls: fix compiler warning when USE_GNUTLS_SRP is disabled
bf9ab2a
@vszakats
add nettle lib for gnutls
f4d54a8 
This could use a more delicate approach.
vszakats added a commit to curl/curl-for-win that referenced this pull request Sep 28, 2023
@vszakats
curl-cmake.sh: prepare for TLS-SRP upstream update [ci skip]
93e2499 
CMake did not detect TLS-SRP support and did not enable it
automatically in curl 8.3.0 and earlier. This might change
and we want to keep it disabled in curl-for-win.

Ref: curl/curl#11967
@vszakats vszakats closed this in 781242f Sep 28, 2023
@vszakats vszakats deleted the cmake-tls-srp branch September 28, 2023 10:53
vszakats added a commit to curl/curl-for-win that referenced this pull request Sep 28, 2023
@vszakats
curl-cmake.sh: upstream update merged [ci skip]
e511dc6 
curl/curl#11967
curl/curl@781242f
@vszakats vszakats mentioned this pull request Jul 27, 2024
Closed
vszakats added a commit to vszakats/curl that referenced this pull request Jul 27, 2024
@vszakats
cmake: detect nettle when building with GnuTLS
acdfd9d 
`nettle` is a direct dependency of curl, when building with GnuTLS.
Detect it as such.

Follow-up to 781242f curl#11967
Closes #xxxxx
vszakats added a commit that referenced this pull request Jul 29, 2024
@vszakats
cmake: detect nettle when building with GnuTLS
669ce42 
`nettle` is a direct dependency of curl, when building with GnuTLS.
Add a new `Find` module to detect it.

Also:
- GHA/macos: drop `nettle` hack no longer necessary.
- add `nettle` to `libcurl.pc`.
- also add `nettle` to `libcurl.pc` in autotools builds.

Follow-up to 781242f #11967
Closes #14285
@vszakats vszakats mentioned this pull request Feb 14, 2025
Closed
vszakats added a commit that referenced this pull request Feb 15, 2025
@vszakats
cmake: drop two stray TLS feature checks for wolfSSL
2533df6 
Drop check for `SSL_set0_wbio`, `SSL_CTX_set_srp_username`.

The wolfSSL backend doesn't implement these features. The checks were
wrong, and also missing from `./configure`.

If they get implemented, the feature checks should use distinct macros
from OpenSSL; they should check for the `wolfSSL_`-prefixed APIs via
wolfSSL headers; and matching checks should be added to `./configure`.

Follow-up to 781242f #11967 #11964

Closes #16339
pps83 pushed a commit to pps83/curl that referenced this pull request Apr 26, 2025
@vszakats @pps83
cmake: drop two stray TLS feature checks for wolfSSL
7c6d38d 
Drop check for `SSL_set0_wbio`, `SSL_CTX_set_srp_username`.

The wolfSSL backend doesn't implement these features. The checks were
wrong, and also missing from `./configure`.

If they get implemented, the feature checks should use distinct macros
from OpenSSL; they should check for the `wolfSSL_`-prefixed APIs via
wolfSSL headers; and matching checks should be added to `./configure`.

Follow-up to 781242f curl#11967 curl#11964

Closes curl#16339
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CI Continuous Integration cmake TLS

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vszakats