curl/m4/curl-wolfssl.m4

#***************************************************************************
#                                  _   _ ____  _
#  Project                     ___| | | |  _ \| |
#                             / __| | | | |_) | |
#                            | (__| |_| |  _ <| |___
#                             \___|\___/|_| \_\_____|
#
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
# SPDX-License-Identifier: curl
#
#***************************************************************************

AC_DEFUN([CURL_WITH_WOLFSSL], [
dnl ----------------------------------------------------
dnl check for wolfSSL
dnl ----------------------------------------------------

case "$OPT_WOLFSSL" in
  yes|no)
    wolfpkg=""
    ;;
  *)
    wolfpkg="$withval/lib/pkgconfig"
    ;;
esac

if test "x$OPT_WOLFSSL" != xno; then
  _cppflags=$CPPFLAGS
  _ldflags=$LDFLAGS

  ssl_msg=

  if test X"$OPT_WOLFSSL" != Xno; then

    if test "$OPT_WOLFSSL" = "yes"; then
      OPT_WOLFSSL=""
    fi

    dnl try pkg-config magic
    CURL_CHECK_PKGCONFIG(wolfssl, [$wolfpkg])
    AC_MSG_NOTICE([Check dir $wolfpkg])

    addld=""
    addlib=""
    addcflags=""
    if test "$PKGCONFIG" != "no" ; then
      addlib=`CURL_EXPORT_PCDIR([$wolfpkg])
        $PKGCONFIG --libs-only-l wolfssl`
      addld=`CURL_EXPORT_PCDIR([$wolfpkg])
        $PKGCONFIG --libs-only-L wolfssl`
      addcflags=`CURL_EXPORT_PCDIR([$wolfpkg])
        $PKGCONFIG --cflags-only-I wolfssl`
      version=`CURL_EXPORT_PCDIR([$wolfpkg])
        $PKGCONFIG --modversion wolfssl`
      wolfssllibpath=`echo $addld | $SED -e 's/^-L//'`
    else
      addlib=-lwolfssl
      dnl use system defaults if user does not supply a path
      if test -n "$OPT_WOLFSSL"; then
        addld=-L$OPT_WOLFSSL/lib$libsuff
        addcflags=-I$OPT_WOLFSSL/include
        wolfssllibpath=$OPT_WOLFSSL/lib$libsuff
      fi
    fi

    if test "x$USE_WOLFSSL" != "xyes"; then

      LDFLAGS="$LDFLAGS $addld"
      AC_MSG_NOTICE([Add $addld to LDFLAGS])
      if test "$addcflags" != "-I/usr/include"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
         AC_MSG_NOTICE([Add $addcflags to CPPFLAGS])
      fi

      my_ac_save_LIBS="$LIBS"
      LIBS="$addlib $LIBS"
      AC_MSG_NOTICE([Add $addlib to LIBS])

      AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl])
      AC_LINK_IFELSE([
        AC_LANG_PROGRAM([[
/* These aren't needed for detection and confuse WolfSSL.
   They are set up properly later if it is detected.  */
#undef SIZEOF_LONG
#undef SIZEOF_LONG_LONG
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
        ]],[[
          return wolfSSL_Init();
        ]])
      ],[
         AC_MSG_RESULT(yes)
         AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled])
         AC_SUBST(USE_WOLFSSL, [1])
         WOLFSSL_ENABLED=1
         USE_WOLFSSL="yes"
         ssl_msg="WolfSSL"
         QUIC_ENABLED=yes
         test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
       ],
       [
         AC_MSG_RESULT(no)
         CPPFLAGS=$_cppflags
         LDFLAGS=$_ldflags
         wolfssllibpath=""
       ])
      LIBS="$my_ac_save_LIBS"
    fi

    if test "x$USE_WOLFSSL" = "xyes"; then
      AC_MSG_NOTICE([detected wolfSSL])
      check_for_ca_bundle=1

      dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
      CURL_SIZEOF(long long)

      LIBS="$addlib -lm $LIBS"

      dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
      dnl DES* is needed for NTLM support and lives in the OpenSSL compatibility
      dnl layer
      AC_CHECK_FUNCS(wolfSSL_get_peer_certificate \
                     wolfSSL_UseALPN )

      dnl if this symbol is present, we want the include path to include the
      dnl OpenSSL API root as well
      AC_CHECK_FUNC(wolfSSL_DES_ecb_encrypt,
        [
            AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1,
                      [if you have wolfSSL_DES_ecb_encrypt])
            WOLFSSL_NTLM=1
        ]
        )

      dnl if this symbol is present, we can make use of BIO filter chains
      AC_CHECK_FUNC(wolfSSL_BIO_set_shutdown,
        [
            AC_DEFINE(HAVE_WOLFSSL_FULL_BIO, 1,
                      [if you have wolfSSL_BIO_set_shutdown])
            WOLFSSL_FULL_BIO=1
        ]
        )

      if test -n "$wolfssllibpath"; then
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
        dnl due to this
        if test "x$cross_compiling" != "xyes"; then
          CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath"
          export CURL_LIBRARY_PATH
          AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH])
        fi
      fi
    else
        AC_MSG_ERROR([--with-wolfssl but wolfSSL was not found or doesn't work])
    fi

  fi dnl wolfSSL not disabled

  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi

])
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`#***************************************************************************`
			`# _ _ ____ _`
			`# Project ___\| \| \| \| _ \\| \|`
			`# / __\| \| \| \| \|_) \| \|`
			`# \| (__\| \|_\| \| _ <\| \|___`
			`# \___\|\___/\|_\| \_\_____\|`
			`#`
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205 2023-01-02 20:51:48 +08:00			`# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`#`
			`# This software is licensed as described in the file COPYING, which`
			`# you should have received as part of this distribution. The terms`
			`# are also available at https://curl.se/docs/copyright.html.`
			`#`
			`# You may opt to use, copy, modify, merge, publish, distribute and/or sell`
			`# copies of the Software, and permit persons to whom the Software is`
			`# furnished to do so, under the terms of the COPYING file.`
			`#`
			`# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY`
			`# KIND, either express or implied.`
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869 2022-05-17 17:16:50 +08:00			`#`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`# SPDX-License-Identifier: curl`
			`#`
			`#***************************************************************************`

			`AC_DEFUN([CURL_WITH_WOLFSSL], [`
			`dnl ----------------------------------------------------`
			`dnl check for wolfSSL`
			`dnl ----------------------------------------------------`

			`case "$OPT_WOLFSSL" in`
			`yes\|no)`
			`wolfpkg=""`
			`;;`
			`*)`
			`wolfpkg="$withval/lib/pkgconfig"`
			`;;`
			`esac`

			`if test "x$OPT_WOLFSSL" != xno; then`
			`_cppflags=$CPPFLAGS`
			`_ldflags=$LDFLAGS`

			`ssl_msg=`

			`if test X"$OPT_WOLFSSL" != Xno; then`

			`if test "$OPT_WOLFSSL" = "yes"; then`
			`OPT_WOLFSSL=""`
			`fi`

			`dnl try pkg-config magic`
			`CURL_CHECK_PKGCONFIG(wolfssl, [$wolfpkg])`
			`AC_MSG_NOTICE([Check dir $wolfpkg])`

			`addld=""`
			`addlib=""`
			`addcflags=""`
			`if test "$PKGCONFIG" != "no" ; then`
			addlib=`CURL_EXPORT_PCDIR([$wolfpkg])
			$PKGCONFIG --libs-only-l wolfssl`
			addld=`CURL_EXPORT_PCDIR([$wolfpkg])
			$PKGCONFIG --libs-only-L wolfssl`
			addcflags=`CURL_EXPORT_PCDIR([$wolfpkg])
			$PKGCONFIG --cflags-only-I wolfssl`
			version=`CURL_EXPORT_PCDIR([$wolfpkg])
			$PKGCONFIG --modversion wolfssl`
			wolfssllibpath=`echo $addld \| $SED -e 's/^-L//'`
			`else`
			`addlib=-lwolfssl`
			`dnl use system defaults if user does not supply a path`
			`if test -n "$OPT_WOLFSSL"; then`
			`addld=-L$OPT_WOLFSSL/lib$libsuff`
			`addcflags=-I$OPT_WOLFSSL/include`
			`wolfssllibpath=$OPT_WOLFSSL/lib$libsuff`
			`fi`
			`fi`

			`if test "x$USE_WOLFSSL" != "xyes"; then`

			`LDFLAGS="$LDFLAGS $addld"`
			`AC_MSG_NOTICE([Add $addld to LDFLAGS])`
			`if test "$addcflags" != "-I/usr/include"; then`
			`CPPFLAGS="$CPPFLAGS $addcflags"`
			`AC_MSG_NOTICE([Add $addcflags to CPPFLAGS])`
			`fi`

			`my_ac_save_LIBS="$LIBS"`
			`LIBS="$addlib $LIBS"`
			`AC_MSG_NOTICE([Add $addlib to LIBS])`

			`AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl])`
			`AC_LINK_IFELSE([`
tidy-up: mostly whitespace nits - delete completed TODO from `./CMakeLists.txt`. - convert a C++ comment to C89 in `./CMake/CurlTests.c`. - delete duplicate EOLs from EOF. - add missing EOL at EOF. - delete whitespace at EOL (except from expected test results). - convert tabs to spaces. - convert CRLF EOLs to LF in GHA yaml. - text casing fixes in `./CMakeLists.txt`. - fix a codespell typo in `packages/OS400/initscript.sh`. Closes #11772 2023-08-31 21:28:49 +08:00			`AC_LANG_PROGRAM([[`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`/* These aren't needed for detection and confuse WolfSSL.`
			`They are set up properly later if it is detected. */`
			`#undef SIZEOF_LONG`
			`#undef SIZEOF_LONG_LONG`
curl-wolfssl.m4: add options header when building test code Needed for certain configurations of wolfSSL. Otherwise, missing header error may occur. Tested with OpenWrt. Closes #9187 2022-07-20 10:22:20 +08:00			`#include <wolfssl/options.h>`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`#include <wolfssl/ssl.h>`
tidy-up: mostly whitespace nits - delete completed TODO from `./CMakeLists.txt`. - convert a C++ comment to C89 in `./CMake/CurlTests.c`. - delete duplicate EOLs from EOF. - add missing EOL at EOF. - delete whitespace at EOL (except from expected test results). - convert tabs to spaces. - convert CRLF EOLs to LF in GHA yaml. - text casing fixes in `./CMakeLists.txt`. - fix a codespell typo in `packages/OS400/initscript.sh`. Closes #11772 2023-08-31 21:28:49 +08:00			`]],[[`
			`return wolfSSL_Init();`
			`]])`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`],[`
			`AC_MSG_RESULT(yes)`
			`AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled])`
			`AC_SUBST(USE_WOLFSSL, [1])`
			`WOLFSSL_ENABLED=1`
			`USE_WOLFSSL="yes"`
			`ssl_msg="WolfSSL"`
configure: when enabling QUIC, check that TLS supports QUIC Most importantly perhaps is when using OpenSSL that the used build/flavor has the QUIC API: the vanilla OpenSSL does not, only BoringSSL, libressl, AWS-LC and quictls do. Ref: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7fe57e#r136780413 Closes #12683 2024-01-11 21:11:19 +08:00			`QUIC_ENABLED=yes`
tidy-up: mostly whitespace nits - delete completed TODO from `./CMakeLists.txt`. - convert a C++ comment to C89 in `./CMake/CurlTests.c`. - delete duplicate EOLs from EOF. - add missing EOL at EOF. - delete whitespace at EOL (except from expected test results). - convert tabs to spaces. - convert CRLF EOLs to LF in GHA yaml. - text casing fixes in `./CMakeLists.txt`. - fix a codespell typo in `packages/OS400/initscript.sh`. Closes #11772 2023-08-31 21:28:49 +08:00			`test wolfssl != "$DEFAULT_SSL_BACKEND" \|\| VALID_DEFAULT_SSL_BACKEND=yes`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`],`
			`[`
			`AC_MSG_RESULT(no)`
			`CPPFLAGS=$_cppflags`
			`LDFLAGS=$_ldflags`
			`wolfssllibpath=""`
			`])`
			`LIBS="$my_ac_save_LIBS"`
			`fi`

			`if test "x$USE_WOLFSSL" = "xyes"; then`
			`AC_MSG_NOTICE([detected wolfSSL])`
			`check_for_ca_bundle=1`

			`dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!`
configure: introduce CURL_SIZEOF This is a rewrite of the previously used GPLv3+exception licensed file. With this change, there is no more reference to GPL so we can remove that from LICENSES/. Ref: #9220 Closes #9291 2022-08-11 15:07:02 +08:00			`CURL_SIZEOF(long long)`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00
			`LIBS="$addlib -lm $LIBS"`

			`dnl WolfSSL needs configure --enable-opensslextra to have get_peer`
			`dnl DES* is needed for NTLM support and lives in the OpenSSL compatibility`
			`dnl layer`
wolfssl: remove SSLv3 support leftovers Closes #7088 2021-05-18 16:05:36 +08:00			`AC_CHECK_FUNCS(wolfSSL_get_peer_certificate \`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`wolfSSL_UseALPN )`

			`dnl if this symbol is present, we want the include path to include the`
			`dnl OpenSSL API root as well`
			`AC_CHECK_FUNC(wolfSSL_DES_ecb_encrypt,`
			`[`
			`AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1,`
			`[if you have wolfSSL_DES_ecb_encrypt])`
			`WOLFSSL_NTLM=1`
			`]`
			`)`

tls: backends use connection filters for IO, enabling HTTPS-proxy - OpenSSL (and compatible) - BearSSL - gnutls - mbedtls - rustls - schannel - secure-transport - wolfSSL (v5.0.0 and newer) This leaves only the following without HTTPS-proxy support: - gskit - nss - wolfSSL (versions earlier than v5.0.0) Closes #9962 2022-11-25 21:06:43 +08:00			`dnl if this symbol is present, we can make use of BIO filter chains`
			`AC_CHECK_FUNC(wolfSSL_BIO_set_shutdown,`
			`[`
			`AC_DEFINE(HAVE_WOLFSSL_FULL_BIO, 1,`
			`[if you have wolfSSL_BIO_set_shutdown])`
			`WOLFSSL_FULL_BIO=1`
			`]`
			`)`

configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`if test -n "$wolfssllibpath"; then`
			`dnl when shared libs were found in a path that the run-time`
			`dnl linker doesn't search through, we need to add it to`
			`dnl CURL_LIBRARY_PATH to prevent further configure tests to fail`
			`dnl due to this`
			`if test "x$cross_compiling" != "xyes"; then`
			`CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath"`
			`export CURL_LIBRARY_PATH`
			`AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH])`
			`fi`
			`fi`
curl-wolfssl.m4: error out if wolfSSL is not usable When I explicitly declare, that I would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then I would expect, that either I endup with curl having that support, for example in form of https support or it wouldn't be available at all. Downstream projects like for example OpenWrt build curl wolfSSL variant with `--with-wolfssl` already, but in certain corner cases it does fail: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produces curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: https://github.com/openwrt/packages/issues/19005 References: https://github.com/openwrt/packages/issues/19547 Signed-off-by: Petr Štetiar <ynezz@true.cz> Closes #9682 2022-10-10 13:36:56 +08:00			`else`
			`AC_MSG_ERROR([--with-wolfssl but wolfSSL was not found or doesn't work])`
configure: split out each TLS library detector into its own function ... and put those functions in separate m4 files per TLS library. 2021-04-15 17:17:29 +08:00			`fi`

			`fi dnl wolfSSL not disabled`

			`test -z "$ssl_msg" \|\| ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"`
			`fi`

			`])`