Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--with-gnutls --with-openssl enables USE_TLS_SRP, even when OpenSSL/LibreSSL doesn't support it; build fails #5865

Closed
steils opened this issue Aug 26, 2020 · 7 comments
Assignees

Comments

@steils
Copy link

steils commented Aug 26, 2020

./configure --with-ssl --with-nettle --with-gnutls --with-openssl

configure.log

checking for SRP_Calc_client_key in -lcrypto... no
checking for gnutls_srp_verifier in -lgnutls... yes
checking whether to enable TLS-SRP authentication... yes

Then make...

/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H   -I../include -I../lib -I../lib  -DBUILDING_LIBCURL  -DCURL_HIDDEN_SYMBOLS   -fvisibility=hidden -Werror-implicit-function-declaration -O2 -Wno-system-headers -pthread  -MT vtls/libcurl_la-openssl.lo -MD -MP -MF vtls/.deps/libcurl_la-openssl.Tpo -c -o vtls/libcurl_la-openssl.lo `test -f 'vtls/openssl.c' || echo './'`vtls/openssl.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I../include -I../lib -I../lib -DBUILDING_LIBCURL -DCURL_HIDDEN_SYMBOLS -fvisibility=hidden -Werror-implicit-function-declaration -O2 -Wno-system-headers -pthread -MT vtls/libcurl_la-openssl.lo -MD -MP -MF vtls/.deps/libcurl_la-openssl.Tpo -c vtls/openssl.c  -fPIC -DPIC -o vtls/.libs/libcurl_la-openssl.o
vtls/openssl.c: In function ‘ossl_connect_step1’:
vtls/openssl.c:2802:9: error: implicit declaration of function ‘SSL_CTX_set_srp_username’; did you mean ‘SSL_CTX_set_ssl_version’? [-Werror=implicit-function-declaration]
 2802 |     if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         SSL_CTX_set_ssl_version
vtls/openssl.c:2806:9: error: implicit declaration of function ‘SSL_CTX_set_srp_password’; did you mean ‘SSL_CTX_set_ssl_version’? [-Werror=implicit-function-declaration]
 2806 |     if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         SSL_CTX_set_ssl_version
cc1: some warnings being treated as errors
make[2]: *** [Makefile:2611: vtls/libcurl_la-openssl.lo] Error 1

It's LibreSSL 3.2.1, but the version is irrelevant, because SRP was removed from LibreSSL in 2014.

@cvengler
Copy link
Contributor

cvengler commented Aug 26, 2020

I'm curious why two TLS back ends are even allowed, it would make no sense

@steils
Copy link
Author

steils commented Aug 26, 2020

@emilengler it should make sense, see #2665

@bagder
Copy link
Member

bagder commented Aug 26, 2020

@emilengler to allow the application to select the specific TLS backend in run-time rather than just one at build time. Supported since libcurl 7.56.0. See curl_global_sslset().

bagder added a commit that referenced this issue Aug 27, 2020
USE_TLS_SRP will be true if any TLS backend can use SRP,
HAVE_OPENSSL_SRP is defined when OpenSSL can use it.

Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is
set if at least one of the supported backends offers SRP.

Reported-by: Stefan Strogin
Fixes #5865
@bagder
Copy link
Member

bagder commented Aug 27, 2020

@steils please try #5870 and see if that fixes this issue for you!

@bagder bagder self-assigned this Aug 27, 2020
@bagder bagder closed this as completed in 68a5132 Aug 28, 2020
@ghost
Copy link

ghost commented Oct 19, 2020

Hello @bagder, I really appreciate you taking your time to fix this, but I'm trying to compile curl on Gentoo (from the official repository) with libressl as the ssl provider and I'm experiencing the same issue (extract from the build log after compilation failed):

 * SSL provided by gnutls
 * SSL provided by openssl
 * Default SSL provided by LibreSSL
[...]
checking whether to enable TLS-SRP authentication... yes
[...]
/var/tmp/portage/net-misc/curl-7.72.0/work/curl-7.72.0/lib/vtls/openssl.c:2802:9: error: implicit declaration of function ‘SSL_CTX_set_srp_username’; did you mean ‘SSL_CTX_set_ssl_version’? [-Werror=implicit-function-declaration]
 2802 |     if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         SSL_CTX_set_ssl_version
/var/tmp/portage/net-misc/curl-7.72.0/work/curl-7.72.0/lib/vtls/openssl.c:2806:9: error: implicit declaration of function ‘SSL_CTX_set_srp_password’; did you mean ‘SSL_CTX_set_ssl_version’? [-Werror=implicit-function-declaration]
 2806 |     if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
      |         SSL_CTX_set_ssl_version
cc1: some warnings being treated as errors
make[2]: *** [Makefile:2615: vtls/libcurl_la-openssl.lo] Error 1

I saw that the PR you opened hasn't been merged. Was this intentional? Are these changes going to make it into production anytime?

@bagder
Copy link
Member

bagder commented Oct 19, 2020

See above. This was fixed in commit 68a5132 which is not part of 7.72.0 but is part of 7.73.0...

@jzakrzewski
Copy link
Contributor

I saw that the PR you opened hasn't been merged.

You saw wrong.

bagder closed this in 68a5132 on Aug 28

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

4 participants