diff options
-rw-r--r-- | changelog | 2 | ||||
-rw-r--r-- | patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch | 359 |
2 files changed, 361 insertions, 0 deletions
@@ -5,6 +5,8 @@ curl (7.74.0-1) trunk * libcurl.4-dev: Remove static library. * Link against wolfSSL for HTTPS support and depend on NSS CA root certificates. + - Add patch to fix undeclared symbol errors when compiling against + wolfSSL built without OPENSSL_EXTRA. * Organize packages into sections. * Reword package descriptions. * curl-doc: Rename to curl.4-doc. diff --git a/patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch b/patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch new file mode 100644 index 0000000..c62a730 --- /dev/null +++ b/patches/01_fix-undeclared-symbols-without-OPENSSL_EXTRA.patch @@ -0,0 +1,359 @@ +From: Patrick McDermott <patrick.mcdermott@libiquity.com> +Subject: Fix undeclared symbols without OPENSSL_EXTRA + +diff -Naur src.orig/lib/vtls/wolfssl.c src/lib/vtls/wolfssl.c +--- src.orig/lib/vtls/wolfssl.c 2020-12-07 03:24:14.000000000 -0500 ++++ src/lib/vtls/wolfssl.c 2021-01-03 03:05:41.990032879 -0500 +@@ -93,8 +93,8 @@ + #endif + + struct ssl_backend_data { +- SSL_CTX* ctx; +- SSL* handle; ++ WOLFSSL_CTX* ctx; ++ WOLFSSL* handle; + }; + + static Curl_recv wolfssl_recv; +@@ -204,11 +204,11 @@ + static int do_file_type(const char *type) + { + if(!type || !type[0]) +- return SSL_FILETYPE_PEM; ++ return WOLFSSL_FILETYPE_PEM; + if(strcasecompare(type, "PEM")) +- return SSL_FILETYPE_PEM; ++ return WOLFSSL_FILETYPE_PEM; + if(strcasecompare(type, "DER")) +- return SSL_FILETYPE_ASN1; ++ return WOLFSSL_FILETYPE_ASN1; + return -1; + } + +@@ -224,7 +224,7 @@ + struct Curl_easy *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + struct ssl_backend_data *backend = connssl->backend; +- SSL_METHOD* req_method = NULL; ++ WOLFSSL_METHOD* req_method = NULL; + curl_socket_t sockfd = conn->sock[sockindex]; + #ifdef HAVE_SNI + bool sni = FALSE; +@@ -247,17 +247,17 @@ + case CURL_SSLVERSION_TLSv1: + #if LIBWOLFSSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */ + /* minimum protocol version is set later after the CTX object is created */ +- req_method = SSLv23_client_method(); ++ req_method = wolfSSLv23_client_method(); + #else + infof(data, "wolfSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, " + "TLS 1.0 is used exclusively\n"); +- req_method = TLSv1_client_method(); ++ req_method = wolfTLSv1_client_method(); + #endif + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_0: + #ifdef WOLFSSL_ALLOW_TLSV10 +- req_method = TLSv1_client_method(); ++ req_method = wolfTLSv1_client_method(); + use_sni(TRUE); + #else + failf(data, "wolfSSL does not support TLS 1.0"); +@@ -265,11 +265,11 @@ + #endif + break; + case CURL_SSLVERSION_TLSv1_1: +- req_method = TLSv1_1_client_method(); ++ req_method = wolfTLSv1_1_client_method(); + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_2: +- req_method = TLSv1_2_client_method(); ++ req_method = wolfTLSv1_2_client_method(); + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_3: +@@ -283,7 +283,7 @@ + #endif + case CURL_SSLVERSION_SSLv3: + #ifdef WOLFSSL_ALLOW_SSLV3 +- req_method = SSLv3_client_method(); ++ req_method = wolfSSLv3_client_method(); + use_sni(FALSE); + #else + failf(data, "wolfSSL does not support SSLv3"); +@@ -304,8 +304,8 @@ + } + + if(backend->ctx) +- SSL_CTX_free(backend->ctx); +- backend->ctx = SSL_CTX_new(req_method); ++ wolfSSL_CTX_free(backend->ctx); ++ backend->ctx = wolfSSL_CTX_new(req_method); + + if(!backend->ctx) { + failf(data, "SSL: couldn't create a context!"); +@@ -338,7 +338,7 @@ + + ciphers = SSL_CONN_CONFIG(cipher_list); + if(ciphers) { +- if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { ++ if(!wolfSSL_CTX_set_cipher_list(backend->ctx, ciphers)) { + failf(data, "failed setting cipher list: %s", ciphers); + return CURLE_SSL_CIPHER; + } +@@ -348,7 +348,7 @@ + #ifndef NO_FILESYSTEM + /* load trusted cacert */ + if(SSL_CONN_CONFIG(CAfile)) { +- if(1 != SSL_CTX_load_verify_locations(backend->ctx, ++ if(1 != wolfSSL_CTX_load_verify_locations(backend->ctx, + SSL_CONN_CONFIG(CAfile), + SSL_CONN_CONFIG(CApath))) { + if(SSL_CONN_CONFIG(verifypeer)) { +@@ -382,7 +382,7 @@ + if(SSL_SET_OPTION(primary.clientcert) && SSL_SET_OPTION(key)) { + int file_type = do_file_type(SSL_SET_OPTION(cert_type)); + +- if(SSL_CTX_use_certificate_file(backend->ctx, ++ if(wolfSSL_CTX_use_certificate_file(backend->ctx, + SSL_SET_OPTION(primary.clientcert), + file_type) != 1) { + failf(data, "unable to use client certificate (no key or wrong pass" +@@ -391,7 +391,7 @@ + } + + file_type = do_file_type(SSL_SET_OPTION(key_type)); +- if(SSL_CTX_use_PrivateKey_file(backend->ctx, SSL_SET_OPTION(key), ++ if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, SSL_SET_OPTION(key), + file_type) != 1) { + failf(data, "unable to set private key"); + return CURLE_SSL_CONNECT_ERROR; +@@ -403,9 +403,9 @@ + * fail to connect if the verification fails, or if it should continue + * anyway. In the latter case the result of the verification is checked with + * SSL_get_verify_result() below. */ +- SSL_CTX_set_verify(backend->ctx, +- SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER: +- SSL_VERIFY_NONE, ++ wolfSSL_CTX_set_verify(backend->ctx, ++ SSL_CONN_CONFIG(verifypeer)?WOLFSSL_VERIFY_PEER: ++ WOLFSSL_VERIFY_NONE, + NULL); + + #ifdef HAVE_SNI +@@ -455,8 +455,8 @@ + + /* Let's make an SSL structure */ + if(backend->handle) +- SSL_free(backend->handle); +- backend->handle = SSL_new(backend->ctx); ++ wolfSSL_free(backend->handle); ++ backend->handle = wolfSSL_new(backend->ctx); + if(!backend->handle) { + failf(data, "SSL: couldn't create a context (handle)!"); + return CURLE_OUT_OF_MEMORY; +@@ -482,7 +482,7 @@ + + if(wolfSSL_UseALPN(backend->handle, protocols, + (unsigned)strlen(protocols), +- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { ++ WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != WOLFSSL_SUCCESS) { + failf(data, "SSL: failed setting ALPN protocols"); + return CURLE_SSL_CONNECT_ERROR; + } +@@ -507,11 +507,11 @@ + Curl_ssl_sessionid_lock(conn); + if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ +- if(!SSL_set_session(backend->handle, ssl_sessionid)) { ++ if(!wolfSSL_set_session(backend->handle, ssl_sessionid)) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + Curl_ssl_sessionid_unlock(conn); +- failf(data, "SSL: SSL_set_session failed: %s", +- ERR_error_string(SSL_get_error(backend->handle, 0), ++ failf(data, "SSL: wolfSSL_set_session failed: %s", ++ ERR_error_string(wolfSSL_get_error(backend->handle, 0), + error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } +@@ -522,8 +522,8 @@ + } + + /* pass the raw socket into the SSL layer */ +- if(!SSL_set_fd(backend->handle, (int)sockfd)) { +- failf(data, "SSL: SSL_set_fd failed"); ++ if(!wolfSSL_set_fd(backend->handle, (int)sockfd)) { ++ failf(data, "SSL: wolfSSL_set_fd failed"); + return CURLE_SSL_CONNECT_ERROR; + } + +@@ -561,11 +561,11 @@ + /* Enable RFC2818 checks */ + if(SSL_CONN_CONFIG(verifyhost)) { + ret = wolfSSL_check_domain_name(backend->handle, hostname); +- if(ret == SSL_FAILURE) ++ if(ret == WOLFSSL_FAILURE) + return CURLE_OUT_OF_MEMORY; + } + +- ret = SSL_connect(backend->handle); ++ ret = wolfSSL_connect(backend->handle); + + #ifdef OPENSSL_EXTRA + if(Curl_tls_keylog_enabled()) { +@@ -580,7 +580,7 @@ + * Note that OpenSSL SSL_want_read() is always true here. If wolfSSL ever + * changes, the worst case is that no key is logged on error. + */ +- if(ret == SSL_SUCCESS || ++ if(ret == WOLFSSL_SUCCESS || + (!wolfSSL_want_read(backend->handle) && + !wolfSSL_want_write(backend->handle))) { + wolfssl_log_tls12_secret(backend->handle); +@@ -593,13 +593,13 @@ + + if(ret != 1) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; +- int detail = SSL_get_error(backend->handle, ret); ++ int detail = wolfSSL_get_error(backend->handle, ret); + +- if(SSL_ERROR_WANT_READ == detail) { ++ if(WOLFSSL_ERROR_WANT_READ == detail) { + connssl->connecting_state = ssl_connect_2_reading; + return CURLE_OK; + } +- else if(SSL_ERROR_WANT_WRITE == detail) { ++ else if(WOLFSSL_ERROR_WANT_WRITE == detail) { + connssl->connecting_state = ssl_connect_2_writing; + return CURLE_OK; + } +@@ -647,7 +647,7 @@ + } + #endif + else { +- failf(data, "SSL_connect failed with error %d: %s", detail, ++ failf(data, "wolfSSL_connect failed with error %d: %s", detail, + ERR_error_string(detail, error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } +@@ -662,7 +662,7 @@ + struct Curl_asn1Element *pubkey; + CURLcode result; + +- x509 = SSL_get_peer_certificate(backend->handle); ++ x509 = wolfSSL_get_peer_certificate(backend->handle); + if(!x509) { + failf(data, "SSL: failed retrieving server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; +@@ -706,7 +706,7 @@ + + rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len); + +- if(rc == SSL_SUCCESS) { ++ if(rc == WOLFSSL_SUCCESS) { + infof(data, "ALPN, server accepted to use %.*s\n", protocol_len, + protocol); + +@@ -726,7 +726,7 @@ + Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? + BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); + } +- else if(rc == SSL_ALPN_NOT_FOUND) ++ else if(rc == WOLFSSL_ALPN_NOT_FOUND) + infof(data, "ALPN, server did not agree to a protocol\n"); + else { + failf(data, "ALPN, failure getting protocol, error %d", rc); +@@ -761,10 +761,10 @@ + + if(SSL_SET_OPTION(primary.sessionid)) { + bool incache; +- SSL_SESSION *our_ssl_sessionid; ++ WOLFSSL_SESSION *our_ssl_sessionid; + void *old_ssl_sessionid = NULL; + +- our_ssl_sessionid = SSL_get_session(backend->handle); ++ our_ssl_sessionid = wolfSSL_get_session(backend->handle); + + Curl_ssl_sessionid_lock(conn); + incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, +@@ -805,15 +805,15 @@ + struct ssl_backend_data *backend = connssl->backend; + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; +- int rc = SSL_write(backend->handle, mem, memlen); ++ int rc = wolfSSL_write(backend->handle, mem, memlen); + + if(rc < 0) { +- int err = SSL_get_error(backend->handle, rc); ++ int err = wolfSSL_get_error(backend->handle, rc); + + switch(err) { +- case SSL_ERROR_WANT_READ: +- case SSL_ERROR_WANT_WRITE: +- /* there's data pending, re-invoke SSL_write() */ ++ case WOLFSSL_ERROR_WANT_READ: ++ case WOLFSSL_ERROR_WANT_WRITE: ++ /* there's data pending, re-invoke wolfSSL_write() */ + *curlcode = CURLE_AGAIN; + return -1; + default: +@@ -833,12 +833,12 @@ + struct ssl_backend_data *backend = connssl->backend; + + if(backend->handle) { +- (void)SSL_shutdown(backend->handle); +- SSL_free(backend->handle); ++ (void)wolfSSL_shutdown(backend->handle); ++ wolfSSL_free(backend->handle); + backend->handle = NULL; + } + if(backend->ctx) { +- SSL_CTX_free(backend->ctx); ++ wolfSSL_CTX_free(backend->ctx); + backend->ctx = NULL; + } + } +@@ -853,17 +853,17 @@ + struct ssl_backend_data *backend = connssl->backend; + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; +- int nread = SSL_read(backend->handle, buf, buffsize); ++ int nread = wolfSSL_read(backend->handle, buf, buffsize); + + if(nread < 0) { +- int err = SSL_get_error(backend->handle, nread); ++ int err = wolfSSL_get_error(backend->handle, nread); + + switch(err) { +- case SSL_ERROR_ZERO_RETURN: /* no more data */ ++ case WOLFSSL_ERROR_ZERO_RETURN: /* no more data */ + break; +- case SSL_ERROR_WANT_READ: +- case SSL_ERROR_WANT_WRITE: +- /* there's data pending, re-invoke SSL_read() */ ++ case WOLFSSL_ERROR_WANT_READ: ++ case WOLFSSL_ERROR_WANT_WRITE: ++ /* there's data pending, re-invoke wolfSSL_read() */ + *curlcode = CURLE_AGAIN; + return -1; + default: +@@ -900,7 +900,7 @@ + #ifdef OPENSSL_EXTRA + Curl_tls_keylog_open(); + #endif +- return (wolfSSL_Init() == SSL_SUCCESS); ++ return (wolfSSL_Init() == WOLFSSL_SUCCESS); + } + + +@@ -919,7 +919,7 @@ + const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + struct ssl_backend_data *backend = connssl->backend; + if(backend->handle) /* SSL is in use */ +- return (0 != SSL_pending(backend->handle)) ? TRUE : FALSE; ++ return (0 != wolfSSL_pending(backend->handle)) ? TRUE : FALSE; + else + return FALSE; + } |