Skip to content

build: check required rustls-ffi version #16922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build: check required rustls-ffi version #16922

wants to merge 1 commit into from

Conversation

cpu
Copy link
Contributor

@cpu cpu commented Apr 2, 2025
edited
Loading

Try to enforce that the Rustls vTLS backend is only used with rustls-ffi 0.15 - the documentation already describes this as the required version.

CMake rejecting rustls-ffi 0.14 w/ pkg-config: 
$ PKG_CONFIG_PATH=/tmp/rustls-ffi-0.14/lib/pkgconfig  cmake -S . -B cmake-build-vcheck -DCURL_USE_RUSTLS=on
<snip>
-- Checking for module 'rustls'
--   Found rustls, version 0.14.1
-- Found Rustls (via pkg-config): /tmp/rustls-ffi-0.14/include (found version "0.14.1")
CMake Error at CMakeLists.txt:959 (message):
  rustls-ffi library does not provide rustls_supported_hpke function.
  Required version is 0.15 or newer.
CMake rejecting rustls-ffi 0.14 w/o pkg-config: 
$ cmake -S . -B cmake-build-vcheck -DCURL_USE_RUSTLS=on -DRUSTLS_INCLUDE_DIR=/tmp/rustls-ffi-0.14/include -DRUSTLS_LIBRARY=/tmp/rustls-ffi-0.14/lib/librustls.so
<snipped>
-- Found Rustls: /tmp/rustls-ffi-0.14/include
-- Looking for rustls_supported_hpke
-- Looking for rustls_supported_hpke - not found
CMake Error at CMakeLists.txt:959 (message):
  rustls-ffi library does not provide rustls_supported_hpke function.
  Required version is 0.15 or newer.
CMake accepting 0.15 w/ pkg-config 
$ PKG_CONFIG_PATH=/tmp/rustls-ffi-0.15/lib/pkgconfig  cmake -S . -B cmake-build-vcheck -DCURL_USE_RUSTLS=on
<snipped>
-- Checking for module 'rustls'
--   Found rustls, version 0.15.0
-- Found Rustls (via pkg-config): /tmp/rustls-ffi-0.15/include (found version "0.15.0")
-- Found ZLIB: /nix/store/6ghariqqf33l5xqn7alx58dys7kz2wm5-zlib-1.3.1/lib/libz.so (found version "1.3.1")
<snipped>
CMake accepting 0.15 w/o pkg-config) 
$ cmake -S . -B cmake-build-vcheck -DCURL_USE_RUSTLS=on -DRUSTLS_INCLUDE_DIR=/tmp/rustls-ffi-0.15/include -DRUSTLS_LIBRARY=/tmp/rustls-ffi-0.15/lib/librustls.so
<snipped>
-- Found Rustls: /tmp/rustls-ffi-0.15/include
-- Looking for rustls_supported_hpke
-- Looking for rustls_supported_hpke - found
-- Found ZLIB: /nix/store/6ghariqqf33l5xqn7alx58dys7kz2wm5-zlib-1.3.1/lib/libz.so (found version "1.3.1")
<snipped>
configure rejecting rustls-ffi 0.14 w/ pkg-config 
$ ./configure --with-rustls=/tmp/rustls-ffi-0.14/
<snipped>
configure: PKG_CONFIG_LIBDIR will be set to "/tmp/rustls-ffi-0.14//lib/pkgconfig"
checking for rustls options with pkg-config... found
configure: pkg-config: SSL_LIBS: "-lrustls"
configure: pkg-config: SSL_LDFLAGS: "-L/tmp/rustls-ffi-0.14/lib"
configure: pkg-config: SSL_CPPFLAGS: "-I/tmp/rustls-ffi-0.14/include"
checking for rustls_supported_hpke in -lrustls... no
configure: error: --with-rustls was specified but could not find Rustls.
configure rejecting rustls-ffi 0.14 w/o pkg-config 
$ ./configure --with-rustls=/tmp/rustls-ffi-0.14-nopkgconf
<snipped>
configure: detected Rustls
configure: Added /tmp/rustls-ffi-0.14-nopkgconf/lib to CURL_LIBRARY_PATH
checking for rustls_supported_hpke in -lrustls... no
configure: error: --with-rustls was specified but could not find Rustls.
configure accepting rustls-ffi 0.15 w/ pkg-config 
$ ./configure --with-rustls=/tmp/rustls-ffi-0.15/
<snipped>
checking for rustls options with pkg-config... found
configure: pkg-config: SSL_LIBS: "-lrustls"
configure: pkg-config: SSL_LDFLAGS: "-L/tmp/rustls-ffi-0.15/lib"
configure: pkg-config: SSL_CPPFLAGS: "-I/tmp/rustls-ffi-0.15/include"
configure: detected Rustls
configure: Added /tmp/rustls-ffi-0.15/lib to CURL_LIBRARY_PATH
checking for rustls_supported_hpke in -lrustls... yes
<snipped>
configure accepting rustls-ffi 0.15 w/o pkg-config 
$ ./configure --with-rustls=/tmp/rustls-ffi-0.15-nopkgconf
<snipped>
configure: detected Rustls
configure: Added /tmp/rustls-ffi-0.15-nopkgconf/lib to CURL_LIBRARY_PATH
checking for rustls_supported_hpke in -lrustls... yes
<snipped>

Follow-up from #16890

@github-actions github-actions bot added the build label Apr 2, 2025
cpu
cpu commented Apr 2, 2025
View reviewed changes
cpu
cpu commented Apr 2, 2025
View reviewed changes
@testclutch
Copy link

Analysis of PR #16922 at 57500c80:

Test ../../tests/http/test_02_download.py::TestDownload::test_02_31_parallel_upgrade failed, which has NOT been flaky recently, so there could be a real issue in this PR.

Generated by Testclutch

@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from 57500c8 to 6e2c565 Compare April 2, 2025 14:14
@github-actions github-actions bot added the TLS label Apr 2, 2025
@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from 6e2c565 to a6a9adc Compare April 2, 2025 14:17
vszakats
vszakats reviewed Apr 2, 2025
View reviewed changes
vszakats
vszakats reviewed Apr 2, 2025
View reviewed changes
@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from a6a9adc to bce2c8a Compare April 2, 2025 14:40
@cpu

This comment was marked as resolved.

Sign in to view
@cpu cpu marked this pull request as draft April 2, 2025 15:05
@cpu

This comment was marked as resolved.

Sign in to view
@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from bce2c8a to b469673 Compare April 2, 2025 15:28
@cpu cpu marked this pull request as ready for review April 2, 2025 15:50
vszakats
vszakats reviewed Apr 2, 2025
View reviewed changes
vszakats
vszakats reviewed Apr 2, 2025
View reviewed changes
@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from b469673 to 27d9d8b Compare April 3, 2025 13:45
@cpu cpu marked this pull request as draft April 3, 2025 13:47
@cpu

This comment was marked as outdated.

Sign in to view
@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from 27d9d8b to ce5e65d Compare April 3, 2025 14:42
@cpu cpu marked this pull request as ready for review April 3, 2025 14:58
@cpu
Copy link
Contributor Author

cpu commented Apr 3, 2025

I'm not 100% sure I got the autoconf working right for 0.15 with and without pkg-config. I'm going to do a bit more testing.
cpu marked this pull request as ready for review 1 minute ago

Phew! I think it's good now. I fixed the unnecessary duplication in the .m4 and tested the whole range of build options:

  • cmake with/without pkg-config, rejecting 0.14 and accepting 0.15
  • autotools with/without pkg-config, rejecting 0.14 and accepting 0.15

PR description updated accordingly.

@cpu cpu requested a review from vszakats April 3, 2025 14:59
@cpu cpu force-pushed the cpu-rustls-version-check/ci branch from ce5e65d to 348465c Compare April 4, 2025 16:09
@cpu
Copy link
Contributor Author

cpu commented Apr 7, 2025

@vszakats Are there any other changes you'd like to see here? Thanks! 🙇

vszakats
vszakats approved these changes Apr 7, 2025
View reviewed changes
Copy link
Member

@vszakats vszakats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is looking good!

(sorry for my slowness on this)

@vszakats vszakats closed this in 2ade14b Apr 9, 2025
@vszakats
Copy link
Member

vszakats commented Apr 9, 2025

Thank you @cpu, merged now!

@cpu
Copy link
Contributor Author

cpu commented Apr 9, 2025

@Kangie Thanks for suggesting this in #16890 👍

nbaws pushed a commit to nbaws/curl that referenced this pull request Apr 26, 2025
@cpu @nbaws
build: check required rustls-ffi version
cf2962e 
Try to enforce that the Rustls vTLS backend is only used with
rustls-ffi 0.15 - the documentation already describes this as
the required version.

Follow-up from curl#16890

Closes curl#16922
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vszakats vszakats vszakats approved these changes

Assignees
No one assigned
Labels
build TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cpu @testclutch @vszakats