From: Viktor Szakats Date: Mon, 31 Jul 2023 10:52:56 +0000 (+0000) Subject: cmake: detect `SSL_set0_wbio` in OpenSSL X-Git-Tag: curl-8_3_0~256 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dee310d54261f9a8416e87d50bccfe2cbe404949;p=thirdparty%2Fcurl.git cmake: detect `SSL_set0_wbio` in OpenSSL Present in OpenSSL 1.1.0 and BoringSSL. Missing from LibreSSL 3.8.0. Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59 While here, also fix `RAND_egd()` detection which was broken, likely all along. This feature is probably broken with CMake builds and also requires a sufficiently obsolete OpenSSL version, so this part of the update was not tested. Closes #11555 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 07e51849f5..f301a22553 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -49,6 +49,7 @@ # https://cmake.org/cmake/help/latest/module/FetchContent.html#integrating-with-find-package # # The following variables are available: +# HAVE_SSL_SET0_WBIO: `SSL_set0_wbio` present in OpenSSL # HAVE_RAND_EGD: `RAND_egd` present in OpenSSL # HAVE_AWSLC: OpenSSL is AWS-LC # HAVE_BORINGSSL: OpenSSL is BoringSSL @@ -477,9 +478,6 @@ if(CURL_USE_OPENSSL) endif() set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - if(NOT DEFINED HAVE_RAND_EGD) - check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD) - endif() if(NOT DEFINED HAVE_BORINGSSL) check_symbol_exists(OPENSSL_IS_BORINGSSL "openssl/base.h" HAVE_BORINGSSL) endif() @@ -513,7 +511,7 @@ if(CURL_USE_WOLFSSL) endif() # Keep ZLIB detection after TLS detection, -# and before calling CheckQuicSupportInOpenSSL. +# and before calling openssl_check_symbol_exists(). set(HAVE_LIBZ OFF) set(USE_ZLIB OFF) @@ -565,6 +563,46 @@ if(CURL_ZSTD) endif() endif() +# Check symbol in OpenSSL-like TLS backends. +macro(openssl_check_symbol_exists SYMBOL FILES VARIABLE) + cmake_push_check_state() + if(USE_OPENSSL) + set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}") + set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}") + if(HAVE_LIBZ) + list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}") + endif() + if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32") + if(NOT HAVE_MINGW_ORIGINAL) + list(APPEND CMAKE_REQUIRED_LIBRARIES "bcrypt") # for OpenSSL/LibreSSL + endif() + endif() + elseif(USE_WOLFSSL) + set(CMAKE_REQUIRED_INCLUDES "${WolfSSL_INCLUDE_DIRS}") + set(CMAKE_REQUIRED_LIBRARIES "${WolfSSL_LIBRARIES}") + if(HAVE_LIBZ) + list(APPEND CMAKE_REQUIRED_INCLUDES "${ZLIB_INCLUDE_DIRS}") # Public wolfSSL headers require zlib headers + list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}") + endif() + if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32" "crypt32") + endif() + list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_UINTPTR_T) # to pull in stdint.h (as of wolfSSL v5.5.4) + endif() + check_symbol_exists("${SYMBOL}" "${FILES}" "${VARIABLE}") + cmake_pop_check_state() +endmacro() + +if(USE_OPENSSL OR USE_WOLFSSL) + if(NOT DEFINED HAVE_SSL_SET0_WBIO) + openssl_check_symbol_exists(SSL_set0_wbio "openssl/ssl.h" HAVE_SSL_SET0_WBIO) + endif() + if(NOT DEFINED HAVE_RAND_EGD) + openssl_check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD) + endif() +endif() + option(USE_NGHTTP2 "Use Nghttp2 library" OFF) if(USE_NGHTTP2) find_package(NGHTTP2 REQUIRED) @@ -572,43 +610,6 @@ if(USE_NGHTTP2) list(APPEND CURL_LIBS ${NGHTTP2_LIBRARIES}) endif() -function(CheckQuicSupportInOpenSSL) - # Be sure that the OpenSSL/wolfSSL library actually supports QUIC. - if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD) - cmake_push_check_state() - if(USE_WOLFSSL) - set(CMAKE_REQUIRED_INCLUDES "${WolfSSL_INCLUDE_DIRS}") - set(CMAKE_REQUIRED_LIBRARIES "${WolfSSL_LIBRARIES}") - if(HAVE_LIBZ) - list(APPEND CMAKE_REQUIRED_INCLUDES "${ZLIB_INCLUDE_DIRS}") # Public wolfSSL headers require zlib headers - list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}") - endif() - if(WIN32) - list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32" "crypt32") - endif() - list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_UINTPTR_T) # to pull in stdint.h (as of wolfSSL v5.5.4) - check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) - else() - set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}") - set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}") - if(HAVE_LIBZ) - list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}") - endif() - if(WIN32) - list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32") - if(NOT HAVE_MINGW_ORIGINAL) - list(APPEND CMAKE_REQUIRED_LIBRARIES "bcrypt") # for OpenSSL/LibreSSL - endif() - endif() - check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) - endif() - cmake_pop_check_state() - endif() - if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) - message(FATAL_ERROR "QUIC support is missing in OpenSSL/LibreSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR") - endif() -endfunction() - option(USE_NGTCP2 "Use ngtcp2 and nghttp3 libraries for HTTP/3 support" OFF) if(USE_NGTCP2) if(USE_OPENSSL OR USE_WOLFSSL) @@ -619,7 +620,19 @@ if(USE_NGTCP2) else() find_package(NGTCP2 REQUIRED quictls) endif() - CheckQuicSupportInOpenSSL() + + # Be sure that the OpenSSL/wolfSSL library actually supports QUIC. + if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD) + if(USE_OPENSSL) + openssl_check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) + elseif(USE_WOLFSSL) + openssl_check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) + endif() + endif() + if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) + message(FATAL_ERROR "QUIC support is missing in OpenSSL/LibreSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR") + endif() + elseif(USE_GNUTLS) # TODO add GnuTLS support as vtls library. find_package(NGTCP2 REQUIRED GnuTLS) diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 26cc5bcd4a..30bb0e458f 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -397,6 +397,9 @@ /* Define to 1 if you have the header file. */ #cmakedefine HAVE_PWD_H 1 +/* Define to 1 if OpenSSL has the `SSL_set0_wbio` function. */ +#cmakedefine HAVE_SSL_SET0_WBIO 1 + /* Define to 1 if you have the `RAND_egd' function. */ #cmakedefine HAVE_RAND_EGD 1