Skip to content

Commit

Permalink
cmake: detect SSL_set0_wbio in OpenSSL
Browse files Browse the repository at this point in the history 
Present in OpenSSL 1.1.0 and BoringSSL.
Missing from LibreSSL 3.8.0.

Follow-up to f39472e

While here, also fix `RAND_egd()` detection which was broken, likely all
along. This feature is probably broken with CMake builds and also
requires a sufficiently obsolete OpenSSL version, so this part of the
update was not tested.

Closes curl#11555
  • Loading branch information
@vszakats @ptitSeb
vszakats authored and ptitSeb committed Sep 25, 2023
1 parent f58163f commit dfe2e6d
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 42 deletions.
97 changes: 55 additions & 42 deletions CMakeLists.txt
View file
Expand Up @@ -49,6 +49,7 @@
# https://cmake.org/cmake/help/latest/module/FetchContent.html#integrating-with-find-package
#
# The following variables are available:
# HAVE_SSL_SET0_WBIO: `SSL_set0_wbio` present in OpenSSL
# HAVE_RAND_EGD: `RAND_egd` present in OpenSSL
# HAVE_AWSLC: OpenSSL is AWS-LC
# HAVE_BORINGSSL: OpenSSL is BoringSSL
Expand Down Expand Up @@ -477,9 +478,6 @@ if(CURL_USE_OPENSSL)
endif()

set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
if(NOT DEFINED HAVE_RAND_EGD)
check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD)
endif()
if(NOT DEFINED HAVE_BORINGSSL)
check_symbol_exists(OPENSSL_IS_BORINGSSL "openssl/base.h" HAVE_BORINGSSL)
endif()
Expand Down Expand Up @@ -513,7 +511,7 @@ if(CURL_USE_WOLFSSL)
endif()

# Keep ZLIB detection after TLS detection,
# and before calling CheckQuicSupportInOpenSSL.
# and before calling openssl_check_symbol_exists().

set(HAVE_LIBZ OFF)
set(USE_ZLIB OFF)
Expand Down Expand Up @@ -565,50 +563,53 @@ if(CURL_ZSTD)
endif()
endif()

# Check symbol in OpenSSL-like TLS backends.
macro(openssl_check_symbol_exists SYMBOL FILES VARIABLE)
cmake_push_check_state()
if(USE_OPENSSL)
set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}")
set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}")
if(HAVE_LIBZ)
list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}")
endif()
if(WIN32)
list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32")
if(NOT HAVE_MINGW_ORIGINAL)
list(APPEND CMAKE_REQUIRED_LIBRARIES "bcrypt") # for OpenSSL/LibreSSL
endif()
endif()
elseif(USE_WOLFSSL)
set(CMAKE_REQUIRED_INCLUDES "${WolfSSL_INCLUDE_DIRS}")
set(CMAKE_REQUIRED_LIBRARIES "${WolfSSL_LIBRARIES}")
if(HAVE_LIBZ)
list(APPEND CMAKE_REQUIRED_INCLUDES "${ZLIB_INCLUDE_DIRS}") # Public wolfSSL headers require zlib headers
list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}")
endif()
if(WIN32)
list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32" "crypt32")
endif()
list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_UINTPTR_T) # to pull in stdint.h (as of wolfSSL v5.5.4)
endif()
check_symbol_exists("${SYMBOL}" "${FILES}" "${VARIABLE}")
cmake_pop_check_state()
endmacro()

if(USE_OPENSSL OR USE_WOLFSSL)
if(NOT DEFINED HAVE_SSL_SET0_WBIO)
openssl_check_symbol_exists(SSL_set0_wbio "openssl/ssl.h" HAVE_SSL_SET0_WBIO)
endif()
if(NOT DEFINED HAVE_RAND_EGD)
openssl_check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD)
endif()
endif()

option(USE_NGHTTP2 "Use Nghttp2 library" OFF)
if(USE_NGHTTP2)
find_package(NGHTTP2 REQUIRED)
include_directories(${NGHTTP2_INCLUDE_DIRS})
list(APPEND CURL_LIBS ${NGHTTP2_LIBRARIES})
endif()

function(CheckQuicSupportInOpenSSL)
# Be sure that the OpenSSL/wolfSSL library actually supports QUIC.
if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD)
cmake_push_check_state()
if(USE_WOLFSSL)
set(CMAKE_REQUIRED_INCLUDES "${WolfSSL_INCLUDE_DIRS}")
set(CMAKE_REQUIRED_LIBRARIES "${WolfSSL_LIBRARIES}")
if(HAVE_LIBZ)
list(APPEND CMAKE_REQUIRED_INCLUDES "${ZLIB_INCLUDE_DIRS}") # Public wolfSSL headers require zlib headers
list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}")
endif()
if(WIN32)
list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32" "crypt32")
endif()
list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_UINTPTR_T) # to pull in stdint.h (as of wolfSSL v5.5.4)
check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
else()
set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}")
set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}")
if(HAVE_LIBZ)
list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}")
endif()
if(WIN32)
list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32")
if(NOT HAVE_MINGW_ORIGINAL)
list(APPEND CMAKE_REQUIRED_LIBRARIES "bcrypt") # for OpenSSL/LibreSSL
endif()
endif()
check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
endif()
cmake_pop_check_state()
endif()
if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD)
message(FATAL_ERROR "QUIC support is missing in OpenSSL/LibreSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR")
endif()
endfunction()

option(USE_NGTCP2 "Use ngtcp2 and nghttp3 libraries for HTTP/3 support" OFF)
if(USE_NGTCP2)
if(USE_OPENSSL OR USE_WOLFSSL)
Expand All @@ -619,7 +620,19 @@ if(USE_NGTCP2)
else()
find_package(NGTCP2 REQUIRED quictls)
endif()
CheckQuicSupportInOpenSSL()

# Be sure that the OpenSSL/wolfSSL library actually supports QUIC.
if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD)
if(USE_OPENSSL)
openssl_check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
elseif(USE_WOLFSSL)
openssl_check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
endif()
endif()
if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD)
message(FATAL_ERROR "QUIC support is missing in OpenSSL/LibreSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR")
endif()

elseif(USE_GNUTLS)
# TODO add GnuTLS support as vtls library.
find_package(NGTCP2 REQUIRED GnuTLS)
Expand Down
3 changes: 3 additions & 0 deletions lib/curl_config.h.cmake
View file
Expand Up @@ -397,6 +397,9 @@
/* Define to 1 if you have the <pwd.h> header file. */
#cmakedefine HAVE_PWD_H 1

/* Define to 1 if OpenSSL has the `SSL_set0_wbio` function. */
#cmakedefine HAVE_SSL_SET0_WBIO 1

/* Define to 1 if you have the `RAND_egd' function. */
#cmakedefine HAVE_RAND_EGD 1

Expand Down

0 comments on commit dfe2e6d

Please sign in to comment.