-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl: fix building with v3 no-deprecated
+ add CI test
#12384
Conversation
/cc @ajbozarth |
Thanks for the catch, I missed that those were deprecated when we added the version checks |
@ajbozarth: These calls seem redundant, but can you confirm their removal didn't break this feature? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've checkout and run the code and it's still fully functional
LGTM (can't make this an approve cause of perms)
Thank you @ajbozarth! |
Don't call `OpenSSL_add_all_algorithms(), `OpenSSL_add_all_digests()`. The caller code is meant for OpenSSL 3, while these two functions were only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3 if built with option `no-deprecated`, causing a build error. Regression from b6e6d4f curl#12030 Bug: curl#12380 (comment) Closes #xxxxx
With OpenSSL 3 `no-deprecated`. ``` curl_ntlm_core.c: In function ‘Curl_ntlm_core_lm_resp’: curl_ntlm_core.c:309:50: error: unused parameter ‘keys’ [-Werror=unused-parameter] 309 | void Curl_ntlm_core_lm_resp(const unsigned char *keys, | ~~~~~~~~~~~~~~~~~~~~~^~~~ curl_ntlm_core.c:310:50: error: unused parameter ‘plaintext’ [-Werror=unused-parameter] 310 | const unsigned char *plaintext, | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~ curl_ntlm_core.c:311:44: error: unused parameter ‘results’ [-Werror=unused-parameter] 311 | unsigned char *results) | ~~~~~~~~~~~~~~~^~~~~~~ ``` Ref: https://github.com/curl/curl/actions/runs/6960319321/job/18939543529?pr=12384#step:24:134
With OpenSSL 3 `no-deprecated`. These happen after our intentional `#error` directive when building without necessary TLS-backend with DES support but let's fix them anyway for good measure. ``` curl_ntlm_core.c: In function ‘Curl_ntlm_core_mk_lm_hash’: curl_ntlm_core.c:350:30: error: unused variable ‘magic’ [-Werror=unused-variable] 350 | static const unsigned char magic[] = { | ^~~~~ At top level: curl_ntlm_core.c:350:30: error: ‘magic’ defined but not used [-Werror=unused-const-variable=] curl_ntlm_core.c:136:13: error: ‘extend_key_56_to_64’ defined but not used [-Werror=unused-function] 136 | static void extend_key_56_to_64(const unsigned char *key_56, char *key) | ^~~~~~~~~~~~~~~~~~~ ``` Ref: https://github.com/curl/curl/actions/runs/6960319321/job/18939543529?pr=12384#step:24:144
We build quictls with `no-deprecated` which implies `no-des` and NTLM support needs DES.
This function is not present in OpenSSL 3 `no-deprecated` builds. Fix it by moving an existing solution for this from `vtls/openssl.c` to `vtls/openssl.h` and adjusting the caller code. ``` vquic/curl_ngtcp2.c: In function ‘qng_verify_peer’: vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function ‘SSL_get_peer_certificate’; did you mean ‘SSL_get1_peer_certificate’? [-Wimplicit-function-declaration] 1950 | server_cert = SSL_get_peer_certificate(ctx->ssl); | ^~~~~~~~~~~~~~~~~~~~~~~~ | SSL_get1_peer_certificate ``` Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#step:24:1178
75626e8
to
ded5315
Compare
no-deprecated
no-deprecated
OpenSSL 3
no-deprecated
OpenSSL 3no-deprecated
+ add CI test
build quictls with
no-deprecated
in CI to have test coverage forthis OpenSSL 3 configuration.
don't call
OpenSSL_add_all_algorithms()
,OpenSSL_add_all_digests()
.The caller code is meant for OpenSSL 3, while these two functions were
only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3
if built with option
no-deprecated
, causing build errors:Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?fullLog=true#L7667
Regression from b6e6d4f OpenSSL: Include SIG and KEM algorithms in verbose #12030
Bug: curl 8.3 build failing with OPENSSL 3 due to absence of DES functions #12380 (comment)
vquic/curl_ngtcp2: fix using
SSL_get_peer_certificate
withno-deprecated
quictls 3 builds.Do it by moving an existing solution for this from
vtls/openssl.c
to
vtls/openssl.h
and adjusting caller code.Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#step:24:1178
curl_ntlm_core: fix
-Wunused-parameter
,-Wunused-variable
and-Wunused-function
when trying to build curl with NTLM enabled butwithout the necessary TLS backend (with DES) support.
Closes #12384
no-deprecated
OpenSSL 3 builds.Though OpenSSL 3 deprecated the DES functions needed for the NTLM
feature, its
no-deprecated
build option doesn't actually disablethese DES functions. It means we can use them for NTLM even if
OPENSSL_NO_DEPRECATED_3_0
is set. Adjust our logic to allow it.This failed tests due to some types missing. Dropping this.
https://github.com/curl/curl/actions/runs/6961417865/job/18942957524?pr=12384#step:24:132