Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--with-gnutls --with-openssl enables USE_TLS_SRP, even when OpenSSL/LibreSSL doesn't support it; build fails #5865

Closed
steils opened this issue Aug 26, 2020 · 4 comments
Assignees
Labels

Comments

@steils
Copy link

@steils steils commented Aug 26, 2020

./configure --with-ssl --with-nettle --with-gnutls --with-openssl

configure.log

checking for SRP_Calc_client_key in -lcrypto... no
checking for gnutls_srp_verifier in -lgnutls... yes
checking whether to enable TLS-SRP authentication... yes

Then make...

/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H   -I../include -I../lib -I../lib  -DBUILDING_LIBCURL  -DCURL_HIDDEN_SYMBOLS   -fvisibility=hidden -Werror-implicit-function-declaration -O2 -Wno-system-headers -pthread  -MT vtls/libcurl_la-openssl.lo -MD -MP -MF vtls/.deps/libcurl_la-openssl.Tpo -c -o vtls/libcurl_la-openssl.lo `test -f 'vtls/openssl.c' || echo './'`vtls/openssl.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I../include -I../lib -I../lib -DBUILDING_LIBCURL -DCURL_HIDDEN_SYMBOLS -fvisibility=hidden -Werror-implicit-function-declaration -O2 -Wno-system-headers -pthread -MT vtls/libcurl_la-openssl.lo -MD -MP -MF vtls/.deps/libcurl_la-openssl.Tpo -c vtls/openssl.c  -fPIC -DPIC -o vtls/.libs/libcurl_la-openssl.o
vtls/openssl.c: In function ‘ossl_connect_step1’:
vtls/openssl.c:2802:9: error: implicit declaration of function ‘SSL_CTX_set_srp_username’; did you mean ‘SSL_CTX_set_ssl_version’? [-Werror=implicit-function-declaration]
 2802 |     if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         SSL_CTX_set_ssl_version
vtls/openssl.c:2806:9: error: implicit declaration of function ‘SSL_CTX_set_srp_password’; did you mean ‘SSL_CTX_set_ssl_version’? [-Werror=implicit-function-declaration]
 2806 |     if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         SSL_CTX_set_ssl_version
cc1: some warnings being treated as errors
make[2]: *** [Makefile:2611: vtls/libcurl_la-openssl.lo] Error 1

It's LibreSSL 3.2.1, but the version is irrelevant, because SRP was removed from LibreSSL in 2014.

@emilengler
Copy link
Contributor

@emilengler emilengler commented Aug 26, 2020

I'm curious why two TLS back ends are even allowed, it would make no sense

@steils
Copy link
Author

@steils steils commented Aug 26, 2020

@emilengler it should make sense, see #2665

@bagder
Copy link
Member

@bagder bagder commented Aug 26, 2020

@emilengler to allow the application to select the specific TLS backend in run-time rather than just one at build time. Supported since libcurl 7.56.0. See curl_global_sslset().

bagder added a commit that referenced this issue Aug 27, 2020
USE_TLS_SRP will be true if any TLS backend can use SRP,
HAVE_OPENSSL_SRP is defined when OpenSSL can use it.

Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is
set if at least one of the supported backends offers SRP.

Reported-by: Stefan Strogin
Fixes #5865
@bagder
Copy link
Member

@bagder bagder commented Aug 27, 2020

@steils please try #5870 and see if that fixes this issue for you!

@bagder bagder self-assigned this Aug 27, 2020
@bagder bagder closed this in 68a5132 Aug 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants
You can’t perform that action at this time.