-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Curl fails to compile without DSA in OpenSSL. #1361
Comments
What error do you see? I think this is because we include OpenSSL's dsa.h unconditionally but that include will diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c64e19e..98324be 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -59,7 +59,9 @@
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/md5.h> |
@jay: we also use |
Ok. 2nd draft: diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c64e19e..f87838f 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -59,7 +59,9 @@
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
+#endif
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/md5.h>
@@ -2799,6 +2801,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
}
case EVP_PKEY_DSA:
{
+#ifndef OPENSSL_NO_DSA
DSA *dsa;
#ifdef HAVE_OPAQUE_EVP_PKEY
dsa = EVP_PKEY_get0_DSA(pubkey);
@@ -2829,6 +2832,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
print_pubkey_BN(dsa, priv_key, i);
print_pubkey_BN(dsa, pub_key, i);
#endif
+#endif /* !OPENSSL_NO_DSA */
break;
}
case EVP_PKEY_DH: |
Looks like it compiled just fine. Only left to runtime test it. |
- Fix compile errors that occur in openssl.c when OpenSSL lib was built without DSA support. Bug: #1361 Reported-by: neheb@users.noreply.github.com
Thanks, landed in b04e4eb. |
I did this
Compiled
I expected the following
Successfull compile
curl/libcurl version
Latest
[curl -V output]
root@LEDE:~# curl -V
curl 7.53.1 (mips-openwrt-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.2k
Protocols: file http https
Features: IPv6 Largefile SSL HTTPS-proxy
operating system
LEDE master
Basically I am trying to reduce the size of OpenSSL on an embedded platform by removing several features from OpenSSL. One of those attempts was to remove DSA. Curl fails to compile though. Is there any way to make DSA support optional? Maybe some ifdef magic?
The text was updated successfully, but these errors were encountered: