Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Latest dependencies 2.4.54 Cmake Curl 7.86 |
|
Author |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Thu 03 Nov '22 16:49 Post subject: |
|
|
Apachelounge builds are only with Schannel. |
|
Back to top |
|
nono303
Joined: 20 Dec 2016 Posts: 207 Location: Lille, FR, EU
|
Posted: Fri 04 Nov '22 9:17 Post subject: |
|
|
Hi @tangent
What’s your issue building curl with both openssl & schannel backend (MultiSSL)?
I'm currently (7.86.0) doing it without problem (cf. https://github.com/nono303/win-build-scripts/blob/master/modules/curl.bat)
Code: | curl 7.86.0-DEV (Windows) libcurl/7.86.0-DEV OpenSSL/3.0.7 (Schannel) zlib/1.2.13 brotli/1.0.9 c-ares/1.18.1 libssh2/1.10.0 nghttp2/1.50.0 ngtcp2/0.10.0 nghttp3
Release-Date: Wed Nov 2 17:57:01 UTC 2022
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets
**********************************
**** CURL_SSL_BACKEND=Schannel ***
**********************************
set CURL_SSL_BACKEND=Schannel
curl -I --verbose --ipv4 https://nghttp2.org/
* Trying 139.162.123.134:443...
* Connected to nghttp2.org (139.162.123.134) port 443 (#0)
* schannel: disabled automatic use of client certificate
> HEAD / HTTP/1.1
> Host: nghttp2.org
> User-Agent: curl/7.86.0-DEV
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
...
* Connection #0 to host nghttp2.org left intact
**********************************
**** CURL_SSL_BACKEND=openssl ****
**********************************
set CURL_SSL_BACKEND=openssl
curl -I --verbose --ipv4 https://nghttp2.org/
* Trying 139.162.123.134:443...
* Connected to nghttp2.org (139.162.123.134) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* successfully imported Windows CA store
...
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
...
* Using HTTP2, server supports multiplexing
...
< HTTP/2 200
...
* Connection #0 to host nghttp2.org left intact |
|
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
Posted: Fri 04 Nov '22 23:00 Post subject: |
|
|
Starting with the build script, as per CMake build HOWTO https://www.apachelounge.com/viewtopic.php?t=8609, I've not been able to build Curl 7.86.0 with both OpenSSL and Schannel enabled.
It builds with either one enabled, but not both. The build fails at this point:
Code: | [ 66%] Building C object lib/CMakeFiles/libcurl.dir/vtls/openssl.c.obj
openssl.c
C:\Apache24\include\openssl/x509v3.h(181): error C2059: syntax error: '('
C:\Apache24\include\openssl/x509v3.h(188): error C2059: syntax error: '<parameter-list>'
C:\Apache24\include\openssl/x509v3.h(193): error C2059: syntax error: '}'
C:\Apache24\include\openssl/x509v3.h(194): error C2059: syntax error: '}'
C:\Apache24\include\openssl/x509v3.h(198): error C2061: syntax error: identifier 'GENERAL_NAME'
C:\Apache24\include\openssl/x509v3.h(199): error C2059: syntax error: '}'
etc
|
Line 181 of x509v3.h doesn't contain a '(' - it's part way through a struct definition.
Not sure if this is a Visual C compiler issue (believe you're using Cygwin), but they have significantly changed files openssl.h / openssl.c since release 7.85.0.
Any advice greatly received. |
|
Back to top |
|
nono303
Joined: 20 Dec 2016 Posts: 207 Location: Lille, FR, EU
|
Posted: Mon 07 Nov '22 11:43 Post subject: |
|
|
Hi @tangent,
I don’t think it’s a MSVC issue as I’m using it (vc15, vs16 & vs17) for building curl MultiSSL with openssl 3.0.7.
On which openssl version are you encountering the openssl/x509v3.h issue?
FYI, my cmake log summary:
Code: | C:\sdk\build\vs17_x64-avx\curl>cmake -G "Ninja" -DCMAKE_INSTALL_PREFIX=C:\sdk\release\vs17_x64-avx -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCURL_WERROR=OFF -DBUILD_CURL_EXE=ON -DBUILD_SHARED_LIBS=ON -DCURL_LTO=ON -DENABLE_THREADED_RESOLVER=ON -DENABLE_MANUAL=OFF -DBUILD_TESTING=OFF -DUSE_WIN32_LDAP=ON -DCURL_ZLIB=ON -DZLIB_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\zlib.lib -DZLIB_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DCURL_BROTLI=ON -DBROTLIDEC_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\brotlidec.lib -DBROTLICOMMON_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\brotlicommon.lib -DBROTLI_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DENABLE_ARES=ON -DCARES_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\cares.lib -DCARES_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DUSE_NGHTTP2=ON -DNGHTTP2_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\nghttp2.lib -DNGHTTP2_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DCURL_USE_OPENSSL=ON -DCURL_USE_LIBSSH2=ON -DCURL_USE_SCHANNEL=ON -DCURL_WINDOWS_SSPI=ON -DOPENSSL_ROOT_DIR=C:\sdk\release\vs17_x64-avx\_openssl\openssl-quic -DOPENSSL_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\_openssl\openssl-quic\include -DLIBSSH2_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\libssh2.lib -DLIBSSH2_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DHAVE_LDAP_SSL=ON -DCURL_STATIC_CRT=OFF -DUSE_NGTCP2=ON -DNGTCP2_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DNGTCP2_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\ngtcp2_crypto_openssl.lib;C:\sdk\release\vs17_x64-avx\lib\ngtcp2.lib -DNGHTTP3_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DNGHTTP3_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\nghttp3.lib C:\sdk\src\curl
-- The C compiler identification is MSVC 19.34.31933.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: C:/sdk/softs/vs22/Community/VC/Tools/MSVC/14.34.31933/bin/Hostx64/x64/cl.exe - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- curl version=[7.86.0-DEV]
-- Found CARES: C:/sdk/release/vs17_x64-avx/lib/cares.lib
-- Found Perl: C:/sdk/softs/perl/perl/bin/perl.exe (found version "5.32.1")
...
-- Found OpenSSL: C:/sdk/release/vs17_x64-avx/_openssl/openssl-quic/lib/libcrypto.lib (found version "3.0.7")
...
-- Found NGHTTP2: C:/sdk/release/vs17_x64-avx/lib/nghttp2.lib
-- Found NGTCP2: C:/sdk/release/vs17_x64-avx/lib/ngtcp2_crypto_openssl.lib;C:/sdk/release/vs17_x64-avx/lib/ngtcp2.lib found components: OpenSSL
...
-- Found NGHTTP3: C:/sdk/release/vs17_x64-avx/lib/nghttp3.lib
...
-- Found ZLIB: C:\sdk\release\vs17_x64-avx\lib\zlib.lib (found version "1.2.13")
-- Found BROTLI: C:/sdk/release/vs17_x64-avx/lib/brotlidec.lib
...
-- Found LibSSH2: C:/sdk/release/vs17_x64-avx/lib/libssh2.lib (found version "1.10.0")
...
-- Enabled features: SSL IPv6 unixsockets libz brotli AsynchDNS Largefile SSPI alt-svc HSTS SPNEGO Kerberos NTLM HTTP2 HTTP3 MultiSSL HTTPS-proxy threadsafe
-- Enabled protocols: DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS LDAP LDAPS MQTT POP3 POP3S RTSP SCP SFTP SMB SMBS SMTP SMTPS TELNET TFTP
-- Enabled SSL backends: OpenSSL Schannel
... |
And the incriminated build line (ninja)
Code: | C:\sdk\build\vs17_x64-avx\curl>C:\sdk\softs\ninja.exe -v install
...
[147/210] C:\sdk\softs\vs22\Community\VC\Tools\MSVC\14.34.31933\bin\Hostx64\x64\cl.exe /nologo -DBUILDING_LIBCURL -DCURL_HIDDEN_SYMBOLS -DHAVE_CONFIG_H -DOPENSSL_SUPPRESS_DEPRECATED -D_CRT_NONSTDC_NO_DEPRECATE -D_CRT_SECURE_NO_DEPRECATE -Dlibcurl_EXPORTS -IC:\sdk\src\curl\include -IC:\sdk\build\vs17_x64-avx\curl\lib\..\include -IC:\sdk\src\curl\lib\.. -IC:\sdk\src\curl\lib\..\include -IC:\sdk\build\vs17_x64-avx\curl\lib\.. -IC:\sdk\src\curl\lib -IC:\sdk\build\vs17_x64-avx\curl\lib -external:IC:\sdk\release\vs17_x64-avx\include -external:IC:\sdk\release\vs17_x64-avx\_openssl\openssl-quic\include -external:W0 /DWIN32 /D_WINDOWS /w /MP /Zi /Zf /Zi /FS /O2 /GL /MP16 /arch:AVX /w /DNDEBUG -MD /GL /showIncludes /Folib\CMakeFiles\libcurl.dir\vtls\openssl.c.obj /Fdlib\CMakeFiles\libcurl.dir\ /FS -c C:\sdk\src\curl\lib\vtls\openssl.c
... |
|
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
Posted: Mon 07 Nov '22 22:50 Post subject: |
|
|
Hi @nono303,
Thanks for your follow-up post and pointers. Much appreciated.
Unfortunately, I'm still not able to get Curl 7.86.0 to build with both OpenSSL and Schannel enabled. I've tried OpenSSL 3.0.5 as well as 3.0.7 and get the same error when the Curl compile of openssl.c reads through x509v3.h. Curl 7.85.0 builds just fine.
My MSVC is 19.33, within VS17 (Visual Studio Build Tools 2022 (17.3.6)), along with their bundled CMake (3.23). The main difference I can see between your (mature) build process and the basic one I've used in the HowTo, is you're using Ninja and I've stuck with MS Nmake, but I don't see why that should be a factor.
I've spent quite some time digging for an explanation, and the best clue I've found is in comparing vtls\openssl.h for versions 7.85.0 and 7.86.0
There's actually a comment relating to Schannel and OpenSSL support in both, which says:
Code: | /*
* In an effort to avoid using 'X509 *' here, we instead use the struct
* x509_st version of the type so that we can forward-declare it here without
* having to include <openssl/x509v3.h>. Including that header causes name
* conflicts when libcurl is built with both Schannel and OpenSSL support.
*/ |
Here's a diff output:
Code: | C:\Development\Apache24\src>diff -u curl-7.85.0\lib\vtls\openssl.h curl-7.86.0\lib\vtls\openssl.h
--- curl-7.85.0\lib\vtls\openssl.h Sat Aug 13 16:50:57 2022
+++ curl-7.86.0\lib\vtls\openssl.h Mon Nov 07 20:20:48 2022
@@ -31,6 +31,7 @@
* This header should only be needed to get included by vtls.c, openssl.c
* and ngtcp2.c
*/
+#include <openssl/ssl.h>
#include "urldata.h"
@@ -52,6 +53,8 @@
const char *cert_type, char *key_file,
const struct curl_blob *key_blob,
const char *key_type, char *key_passwd);
+
+CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl);
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */ |
The key issue is the 7.86.0 version of vtls/openssl.h DOES now include openssl/ssl.h which in turn includes openssl/x509v3.h. Hence a name conflict?
At the moment I don't know what name conflict is occuring, or with what, and the fact it builds ok for you just confuses me further. I'm tempted to post to the Curl mailing list for their advice. |
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
Posted: Tue 08 Nov '22 23:29 Post subject: |
|
|
It's been slow going, but I've made some progress.
It seems the problem compiling both OpenSSL and Schannel backends with Curl, was down to the CMake logic failing to set USE_WIN32_CRYPTO on my build platform.
In the Curl CMakeLists.txt file, the following section of code normally does this:
Code: |
# Check if crypto functions in wincrypt.h are actually available
if(HAVE_WINCRYPT_H)
check_symbol_exists(CryptAcquireContext "${CURL_INCLUDES}" USE_WINCRYPT)
endif()
if(USE_WINCRYPT)
set(USE_WIN32_CRYPTO ON)
endif()
|
CryptAcquireContext does exist in wincrypt.h, but on my platform its definition appears to be constrained by the following pragma.
Code: | #pragma region Desktop Family or OneCore or Games Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP|WINAPI_PARTITION_PHONE_RESTRICTED | WINAPI_PARTITION_SYSTEM | WINAPI_PARTITION_GAMES)
|
I'm using Visual Studio 2022 Community Edition in a Windows 11 development environment VM, so am guessing this doesn't fit this WINAPI_FAMILY_PARTITION definition.
Either way, for me the solution is to simply pass -DUSE_WIN32_CRYTO=ON to the Cmake build process. You still need the url.c patch if you want to use the OpenSSL backend with the native CA store.
I'll update the CMake build HowTo for the various dependency updates in due course. |
|
Back to top |
|
|
|
|
|
|