Curl fails to compile without DSA in OpenSSL. #1361
Closed
Comments
What error do you see? I think this is because we include OpenSSL's dsa.h unconditionally but that include will diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c64e19e..98324be 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -59,7 +59,9 @@
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/md5.h> |
@jay: we also use |
Ok. 2nd draft: diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c64e19e..f87838f 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -59,7 +59,9 @@
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/md5.h>
@@ -2799,6 +2801,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
}
case EVP_PKEY_DSA:
{
+#ifndef OPENSSL_NO_DSA
DSA *dsa;
#ifdef HAVE_OPAQUE_EVP_PKEY
dsa = EVP_PKEY_get0_DSA(pubkey);
@@ -2829,6 +2832,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
print_pubkey_BN(dsa, priv_key, i);
print_pubkey_BN(dsa, pub_key, i);
#endif
+#endif /* !OPENSSL_NO_DSA */
break;
}
case EVP_PKEY_DH: |
Looks like it compiled just fine. Only left to runtime test it. |
jay
added a commit
that referenced
this issue
Mar 28, 2017
- Fix compile errors that occur in openssl.c when OpenSSL lib was built without DSA support. Bug: #1361 Reported-by: neheb@users.noreply.github.com
Thanks, landed in b04e4eb. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I did this
Compiled
I expected the following
Successfull compile
curl/libcurl version
Latest
[curl -V output]
root@LEDE:~# curl -V
curl 7.53.1 (mips-openwrt-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.2k
Protocols: file http https
Features: IPv6 Largefile SSL HTTPS-proxy
operating system
LEDE master
Basically I am trying to reduce the size of OpenSSL on an embedded platform by removing several features from OpenSSL. One of those attempts was to remove DSA. Curl fails to compile though. Is there any way to make DSA support optional? Maybe some ifdef magic?
The text was updated successfully, but these errors were encountered: