Commit Graph

788 Commits

Author SHA1 Message Date
Marcel Raad
42b30ee8f2 configure: remove CURL_CHECK_FUNC_FDOPEN call
The macro itself has been removed in commit
11974ac859.

Closes https://github.com/curl/curl/pull/3604
2019-02-23 21:43:56 +01:00
Daniel Stenberg
300def7d40
wolfssl: stop custom-adding curves
since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in
wolfSSL 3.10.2 and later) it sends these curves by default already.

Pointed-out-by: David Garske

Closes #3599
2019-02-23 11:47:24 +01:00
Daniel Stenberg
ad373686c3
configure: show features as well in the final summary
Closes #3569
2019-02-14 12:59:44 +01:00
Daniel Stenberg
180501cb02
schannel: stop calling it "winssl"
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504
2019-02-01 08:20:38 +01:00
Daniel Stenberg
179311ec37
configure: rewrite --enable-code-coverage
The previously used ax_code_coverage.m4 is not license compatible and
must not be used.

Reported-by: William A. Rowe Jr
Fixes #3497
Closes #3499
2019-01-26 00:29:50 +01:00
Daniel Stenberg
cf8c70594f
openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
OpenSSL_version() replaces OpenSSL_version_num()

Closes #3462
2019-01-13 17:06:59 +01:00
Daniel Stenberg
bae0d473f5
packages: remove old leftover files and dirs
This subdir has mostly become an attic of never-used cruft from the
past.

Closes #3331
2018-12-05 15:29:24 +01:00
James Knight
0fac7a10fd
configure: include all libraries in ssl-libs fetch
When compiling a collection of SSL libraries to link against (SSL_LIBS),
ensure all libraries are included. The call `--libs-only-l` can produce
only a subset of found in a `--libs` call (e.x. pthread may be excluded).
Adding `--libs-only-other` ensures other libraries are also included in
the list. This corrects select build environments compiling against a
static version of OpenSSL. Before the change, the following could be
observed:

    checking for openssl options with pkg-config... found
    configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
    configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
    configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
    checking for HMAC_Update in -lcrypto... no
    checking for HMAC_Init_ex in -lcrypto... no
    checking OpenSSL linking with -ldl... no
    checking OpenSSL linking with -ldl and -lpthread... no
    configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
    configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
    ...
    SSL support:      no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
    ...

And include the other libraries when compiling SSL_LIBS succeeds with:

    checking for openssl options with pkg-config... found
    configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
    configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
    configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
    checking for HMAC_Update in -lcrypto... yes
    checking for SSL_connect in -lssl... yes
    ...
    SSL support:      enabled (OpenSSL)
    ...

Signed-off-by: James Knight <james.d.knight@live.com>
Closes #3193
2018-11-26 13:10:38 +01:00
Michael Kaufmann
30a65381f9 ssl: fix compilation with OpenSSL 0.9.7
- ENGINE_cleanup() was used without including "openssl/engine.h"
- enable engine support for OpenSSL 0.9.7

Closes #3266
2018-11-21 11:14:26 +01:00
Daniel Stenberg
2dac26063a
configure: show CFLAGS, LDFLAGS etc in summary
To make it easier to understand other people's and remote builds etc.

Closes #3207
2018-11-01 11:58:06 +01:00
Daniel Stenberg
302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
Daniel Stenberg
25d287d1e5
configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
Follow-up to #3166 which did the cmake part of this. This type/define is
not used.

Closes #3168
2018-10-25 13:18:23 +02:00
Viktor Szakats
efc696a2e0 docs/examples: URL updates
- also update two URLs outside of docs/examples
- fix spelling of filename persistant.c
- fix three long lines that started failing checksrc.pl

Closes https://github.com/curl/curl/pull/3036
2018-09-23 09:23:29 +00:00
Viktor Szakats
f078361c0e URL and mailmap updates, remove an obsolete directory [ci skip]
Closes https://github.com/curl/curl/pull/3031
2018-09-22 07:58:32 +00:00
Daniel Stenberg
6f0afb842c
configure: force-use -lpthreads on HPUX
When trying to detect pthreads use on HPUX the checks will succeed
without the correct -l option but then end up failing at run-time.

Reported-by: Eason-Yu on github
Fixes #2697
Closes #3025
2018-09-21 22:55:32 +02:00
Yiming Jing
31ba404a9c
configure.ac: add a MesaLink vtls backend 2018-09-13 08:26:23 +02:00
Philipp Waehnert
6684653b68
configure: add option to disable automatic OpenSSL config loading
Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.

Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.

Fixes #2724
Closes #2791
2018-09-07 09:38:33 +02:00
Marcel Raad
d5c0351055
configure: conditionally enable pedantic-errors
Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
pedantic-errors was synonymous to -Werror=pedantic [0], which is still
the case for clang [1]. With GCC 5, it became complementary [2].

Also fix a resulting error in acinclude.m4 as main's return type was
missing, which is illegal in C99.

[0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
[1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
[2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html

Closes https://github.com/curl/curl/pull/2747
2018-08-21 18:53:44 +02:00
Daniel Stenberg
3668d9d762
configure: fix for -lpthread detection with OpenSSL and pkg-config
... by making sure it uses the -I provided by pkg-config!

Reported-by: pszemus on github
Fixes #2848
Closes #2850
2018-08-09 12:06:28 +02:00
Daniel Stenberg
a10c974e1a
configure: remove CURL_CHECK_NI_WITHSCOPEID too
Since it isn't used either and requires the getnameinfo check

Follow-up to 0aeca41702
2018-06-27 13:53:26 +02:00
Daniel Stenberg
0aeca41702
getnameinfo: not used
Closes #2687
2018-06-27 13:49:18 +02:00
Max Dymond
b0a365f8a0
configure: Add dependent libraries after crypto
The linker is pretty dumb and processes things left to right, keeping a
tally of symbols it hasn't resolved yet. So, we need -ldl to appear
after -lcrypto otherwise the linker won't find the dl functions.

Closes #2684
2018-06-27 08:56:23 +01:00
Daniel Stenberg
351dabbf3d
configure: enhance ability to detect/build with static openssl
Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for
building with static libs without pkg-config.

Reported-by: Marcel Raad
Fixes #2199
Closes #2659
2018-06-14 23:08:04 +02:00
Daniel Stenberg
38203f1585
openssl: assume engine support in 1.0.1 or later
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.

While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.

Fixes #2641
Closes #2644
2018-06-11 10:20:18 +02:00
Daniel Stenberg
a115c6bbe7
fnmatch: use the system one if available
If configure detects fnmatch to be available, use that instead of our
custom one for FTP wildcard pattern matching. For standard compliance,
to reduce our footprint and to use already well tested and well
exercised code.

A POSIX fnmatch behaves slightly different than the internal function
for a few test patterns currently and the macOS one yet slightly
different. Test case 1307 is adjusted for these differences.

Closes #2626
2018-06-01 12:29:21 +02:00
Bernhard Walle
9c33813d83
configure: check for declaration of getpwuid_r
On our x86 Android toolchain, getpwuid_r is implemented but the header
is missing:

 netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration]

Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved
the prototype to curl_setup.h.

Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
Closes #2609
2018-05-31 12:51:15 +02:00
Daniel Stenberg
5005ade2ce
configure: override AR_FLAGS to silence warning
The automake default ar flags are 'cru', but the 'u' flag in there
causes warnings on many modern Linux distros. Removing 'u' may have a
minor performance impact on older distros but should not cause harm.

Explained on the automake mailing list already back in April 2015:

https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html

Reported-by: elephoenix on github
Fixes #2617
Closes #2619
2018-05-29 15:41:14 +02:00
Fabrice Fontaine
536e9f8289
configure: fix ssh2 linking when built with a static mbedtls
The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
   Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
   Libs.private: /xxx/libmbedcrypto.a

This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to found mbedtls functions included in libssh2.  So, replace
pkg-config --libs-only-l by pkg-config --libs.

Fixes:
 - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Closes #2613
2018-05-28 20:31:20 +02:00
Daniel Stenberg
d353af0014
configure: add basic test of --with-ssl prefix
When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
$PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
error. Helps users detect when giving configure the wrong path.

Reported-by: Oleg Pudeyev
Assisted-by: Per Malmberg
Fixes #2580
2018-05-23 23:51:52 +02:00
Daniel Stenberg
6876ccf90b
configure: compile-time SIZEOF checks
... instead of exeucting code to get the size. Removes the use of
LD_LIBRARY_PATH for this.

Fixes #2586
Closes #2589
Reported-by: Bernhard Walle
2018-05-21 19:57:27 +02:00
Daniel Stenberg
082bb41311
configure: only check for CA bundle for file-using SSL backends
When only building with SSL backends that don't use the CA bundle file
(by default), skip the check.

Fixes #2543
Fixes #2180
Closes #2545
2018-05-03 22:51:38 +02:00
Daniel Stenberg
521dbfc6e6
configure: provide --with-wolfssl as an alias for --with-cyassl 2018-04-26 07:57:19 +02:00
Daniel Stenberg
2d4c2152c9
configure: keep LD_LIBRARY_PATH changes local
... only set it when we actually have to run tests to reduce its impact
on for example build commands etc.

Fixes #2490
Closes #2492

Reported-by: Dmitry Mikhirev
2018-04-16 20:32:17 +02:00
Daniel Stenberg
4e884615d1
configure: detect sa_family_t 2018-04-07 11:18:57 +02:00
Kamil Dudka
1605d93a7b nss: use PK11_CreateManagedGenericObject() if available
... so that the memory allocated by applications using libcurl does not
grow per each TLS connection.

Bug: https://bugzilla.redhat.com/1510247

Closes #2297
2018-02-15 10:18:34 +01:00
Daniel Stenberg
9a230ba419
configure: fix the check for unsigned time_t
Assign the time_t variable negative value and then check if it is
greater than zero, which will evaluate true for unsigned time_t but
false for signed time_t.
2018-01-25 22:32:57 +01:00
Daniel Stenberg
1c39128d97
parsedate: fix date parsing for systems with 32 bit long
Make curl_getdate() handle dates before 1970 as well (returning negative
values).

Make test 517 test dates for 64 bit time_t.

This fixes bug (3) mentioned in #2238

Closes #2250
2018-01-25 22:20:52 +01:00
Dan Johnson
0616dfa1e0
configure.ac: append extra linker flags instead of prepending them.
Link order should list libraries after the libraries that use them,
so when we're guessing that we might also need to add -ldl in order
to use -lssl, we should add -ldl after -lssl.

Closes https://github.com/curl/curl/pull/2234
2018-01-13 10:46:57 +01:00
Jay Satiro
908a9a6742 build: remove HAVE_LIMITS_H check
.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215
2018-01-05 23:34:30 -05:00
Michael Kaufmann
188a43a8fd libssh: fix a syntax error in configure.ac
Follow-up to c92d2e1

Closes #2172
2017-12-12 17:46:24 +01:00
Michael Felt
ebaab4d17d
configure: add AX_CODE_COVERAGE only if using gcc
Fixes #2076
Closes #2125
2017-12-08 15:26:44 +01:00
Randall S. Becker
76ebd54175
configure: check for netinet/in6.h
Needed by HPE NonStop NSE and NSX systems

Fixes #2146
Closes #2155
2017-12-06 00:19:09 +01:00
Daniel Stenberg
0c65678e71
curl-config: add --ssl-backends
Lists all SSL backends that were enabled at build-time.

Suggested-by: Oleg Pudeyev
Fixes #2128
2017-12-06 00:12:48 +01:00
Nikos Mavrogiannopoulos
a2f3966800
libssh: added SFTP support
The SFTP back-end supports asynchronous reading only, limited
to 32-bit file length. Writing is synchronous with no other
limitations.

This also brings keyboard-interactive authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01 17:38:37 +01:00
Nikos Mavrogiannopoulos
c92d2e14cf
Added support for libssh SSH SCP back-end
libssh is an alternative library to libssh2.
https://www.libssh.org/

That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01 17:35:14 +01:00
Alessandro Ghedini
979b012eeb
connect: add support for new TCP Fast Open API on Linux
The new API added in Linux 4.11 only requires setting a socket option
before connecting, without the whole sento() machinery.

Notably, this makes it possible to use TFO with SSL connections on Linux
as well, without the need to mess around with OpenSSL (or whatever other
SSL library) internals.

Closes #2056
2017-11-24 10:49:59 +01:00
Patrick Monnerat
11bf1796cd HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
2017-11-05 15:28:16 +01:00
Dmitri Tikhonov
d531f33ba2 timeval: use mach time on MacOS
If clock_gettime() is not supported, use mach_absolute_time() on MacOS.

closes #2033
2017-10-30 15:27:46 +01:00
Daniel Stenberg
4af3c777a9
configure: remove the C++ compiler check
... we used it only for the fuzzer, which we now have in a separate git
repo.

Closes #1990
2017-10-14 17:30:42 +02:00
Daniel Stenberg
62a721ea47
openssl: enable PKCS12 support for !BoringSSL
Enable PKCS12 for all non-boringssl builds without relying on configure
or cmake checks.

Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
Reported-by: Christian Schmitz
Closes #1948
2017-10-09 11:29:53 +02:00