Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src/bio.c: add missing functions for libcurl #8320

Closed
wants to merge 1 commit into from

Conversation

mscdex
Copy link

@mscdex mscdex commented Dec 28, 2024

Description

Without this, linking libcurl 8.11.1 (and possibly other versions) fails due to missing symbols which are only included with OPENSSL_ALL, whereas libcurl is supposedly buildable with just OPENSSL_EXTRA.

Testing

Linked an application with libcurl 8.11.1 and wolfssl 5.7.4 with this patch.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@wolfSSL-Bot
Copy link

Can one of the admins verify this patch?

@embhorn
Copy link
Member

embhorn commented Dec 30, 2024

Hi @mscdex

Thanks for using wolfSSL. Are you using configuring wolfSSL with --enable-curl ?

Could you please share the full wolfSSL configuration that lead to this issue?

Kind regards,
@embhorn

@embhorn embhorn self-assigned this Dec 30, 2024
@mscdex
Copy link
Author

mscdex commented Dec 30, 2024

Are you using configuring wolfSSL with --enable-curl ?

Previously I was not, but I also checked configure to see what it was enabling with --enable-curl, and it was only enabling OPENSSL_EXTRA as far as OpenSSL compatibility goes. Additionally for whatever reason while configure should have been implicitly enabling ALPN support with --enable-curl, the linker was still complaining about missing ALPN functionality.

The other reason I probably wouldn't want to use --enable-curl is that it seems to enable some features that I would rather not have (both for security and additional code size reasons) and are apparently not used by the components I'm using in libcurl.

Could you please share the full wolfSSL configuration that lead to this issue?

These are the configure arguments I'm using:

  --disable-crypttests
  --disable-examples
  --disable-shared
  --enable-static
  --prefix=/tmp/build

  --disable-sslv3
  --enable-aesni
  --enable-alpn
  --enable-altcertchains
  --enable-asm
  --enable-curve25519
  --enable-ed25519
  --enable-ed25519-stream
  --enable-opensslextra

FWIW before the patch, with the above configuration I get these linker errors:

/usr/bin/ld: deps/curl/curl/lib/.libs/libcurl.a(libcurl_la-wolfssl.o): in function `wolfssl_bio_cf_create':
wolfssl.c:(.text.wolfssl_bio_cf_create+0xe): undefined reference to `wolfSSL_BIO_set_shutdown'
/usr/bin/ld: deps/curl/curl/lib/.libs/libcurl.a(libcurl_la-wolfssl.o): in function `wolfssl_bio_cf_ctrl':
wolfssl.c:(.text.wolfssl_bio_cf_ctrl+0x27): undefined reference to `wolfSSL_BIO_get_shutdown'
/usr/bin/ld: wolfssl.c:(.text.wolfssl_bio_cf_ctrl+0x57): undefined reference to `wolfSSL_BIO_set_shutdown'
/usr/bin/ld: deps/curl/curl/lib/.libs/libcurl.a(libcurl_la-wolfssl.o): in function `wolfssl_bio_cf_in_read':
wolfssl.c:(.text.wolfssl_bio_cf_in_read+0xcc): undefined reference to `wolfSSL_BIO_clear_retry_flags'
/usr/bin/ld: deps/curl/curl/lib/.libs/libcurl.a(libcurl_la-wolfssl.o): in function `wolfssl_bio_cf_out_write':
wolfssl.c:(.text.wolfssl_bio_cf_out_write+0xa9): undefined reference to `wolfSSL_BIO_clear_retry_flags'

and also for reference, replacing at least --enable-alpn and --enable-opensslextra with --enable-curl results in these additional linker errors:

/usr/bin/ld: deps/curl/curl/lib/.libs/libcurl.a(libcurl_la-wolfssl.o): in function `wolfssl_connect_step2':
wolfssl.c:(.text.wolfssl_connect_step2+0x26f): undefined reference to `wolfSSL_ALPN_GetProtocol'
/usr/bin/ld: deps/curl/curl/lib/.libs/libcurl.a(libcurl_la-wolfssl.o): in function `wolfssl_connect_common':
wolfssl.c:(.text.wolfssl_connect_common+0x525): undefined reference to `wolfSSL_UseALPN'

@embhorn
Copy link
Member

embhorn commented Dec 30, 2024

Thanks for sharing the wolfSSL config. What options are you using with Curl? There are checks in the curl autoconfig to check for these wolfSSL features.

@embhorn
Copy link
Member

embhorn commented Dec 30, 2024

Also, are you running autoreconf -fi for Curl after building wolfSSL?

@mscdex
Copy link
Author

mscdex commented Dec 30, 2024

What options are you using with Curl?

--disable-debug
--disable-docs
--disable-manual
--disable-shared
--enable-optimize
--enable-static
--enable-symbol-hiding
--with-wolfssl=/path/to/wolfssl
--without-bearssl
--without-brotli
--without-fish-functions-dir
--without-gnutls
--without-hyper
--without-libidn2
--without-libpsl
--without-librtmp
--without-libssh
--without-libssh2
--without-mbedtls
--without-msh3
--without-nghttp2
--without-nghttp3
--without-ngtcp2
--without-openssl
--without-quiche
--without-rustls
--without-winidn
--without-wolfssh
--without-zlib
--without-zsh-functions-dir
--without-zstd

--disable-aws
--disable-bindlocal
--disable-cookies
--disable-curldebug
--disable-dateparse
--disable-dict
--disable-doh
--disable-form-api
--disable-gopher
--disable-file
--disable-ftp
--disable-headers-api
--disable-hsts
--disable-http
--disable-http-auth
--disable-imap
--disable-kerberos-auth
--disable-libcurl-option
--disable-ldap
--disable-ldaps
--disable-mime
--disable-mqtt
--disable-netrc
--disable-ntlm
--disable-ntlm-wb
--disable-pop3
--disable-progress-meter
--disable-proxy
--disable-rtsp
--disable-smb
--disable-socketpair
--disable-sspi
--disable-telnet
--disable-tftp
--disable-tls-srp
--disable-websockets
--enable-smtp

Also, are you running autoreconf -fi for Curl after building wolfSSL?

No.

@embhorn
Copy link
Member

embhorn commented Dec 30, 2024

Edit -- Never mind. I get a clean build.

...

With your curl config I get this error:

configure: error: select TLS backend(s) or disable TLS with --without-ssl.

Select from these:

  --with-amissl
  --with-bearssl
  --with-gnutls
  --with-mbedtls
  --with-openssl (also works for BoringSSL and LibreSSL)
  --with-rustls
  --with-schannel
  --with-secure-transport
  --with-wolfssl

@embhorn
Copy link
Member

embhorn commented Dec 30, 2024

@mscdex

Please try running the autoconf tool prior to configuring curl
autoreconf -fi

@mscdex
Copy link
Author

mscdex commented Dec 30, 2024

@embhorn That made no difference.

However, it seems the problem now was that the --with-wolfssl=... during curl's configure process was pointing to the wrong directory and configure happily and silently ignored that fact. My guess is that it was then silently falling back to a global copy of wolfssl which had the full OpenSSL compatibility, which led to the linker errors because of the mismatched configurations between the global and local copies of wolfssl.

This worked previously (by chance) with an older version of libcurl because it had a much less granular compile-time guard around the code that used these few specific BIO functions.

@mscdex mscdex closed this Dec 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants