logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Building & Member Downloads View previous topic :: View next topic
Reply to topic   Topic: Latest dependencies 2.4.54 Cmake Curl 7.86
Author
tangent
Moderator


Joined: 16 Aug 2020
Posts: 348
Location: UK

PostPosted: Thu 03 Nov '22 16:42    Post subject: Latest dependencies 2.4.54 Cmake Curl 7.86 Reply with quote

Split from https://www.apachelounge.com/viewtopic.php?t=8910

Re these latest dependencies.

Just to advise I am looking to update the CMake build HOWTO https://www.apachelounge.com/viewtopic.php?t=8609, but am currently unable to build Curl 7.86 with both OpenSSL and Schannel backends. They've evidently changed code in lib\vtls\openssl.h and lib\vtls\openssl.c, which will need investigation. All other dependency updates are fine.

As previously recommended by Steffen, time permitting, I'll consider posting something to the CURL developers at https://curl.se/mail/list.cgi?list=curl-library
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3094
Location: Hilversum, NL, EU

PostPosted: Thu 03 Nov '22 16:49    Post subject: Reply with quote

Apachelounge builds are only with Schannel.
Back to top
nono303



Joined: 20 Dec 2016
Posts: 207
Location: Lille, FR, EU

PostPosted: Fri 04 Nov '22 9:17    Post subject: Reply with quote

Hi @tangent
What’s your issue building curl with both openssl & schannel backend (MultiSSL)?
I'm currently (7.86.0) doing it without problem (cf. https://github.com/nono303/win-build-scripts/blob/master/modules/curl.bat)

Code:
curl 7.86.0-DEV (Windows) libcurl/7.86.0-DEV OpenSSL/3.0.7 (Schannel) zlib/1.2.13 brotli/1.0.9 c-ares/1.18.1 libssh2/1.10.0 nghttp2/1.50.0 ngtcp2/0.10.0 nghttp3
Release-Date: Wed Nov  2 17:57:01 UTC 2022
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets

**********************************
**** CURL_SSL_BACKEND=Schannel ***
**********************************
set CURL_SSL_BACKEND=Schannel
curl -I --verbose --ipv4 https://nghttp2.org/

*   Trying 139.162.123.134:443...
* Connected to nghttp2.org (139.162.123.134) port 443 (#0)
* schannel: disabled automatic use of client certificate
> HEAD / HTTP/1.1
> Host: nghttp2.org
> User-Agent: curl/7.86.0-DEV
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
...
* Connection #0 to host nghttp2.org left intact

**********************************
**** CURL_SSL_BACKEND=openssl ****
**********************************
set CURL_SSL_BACKEND=openssl
curl -I --verbose --ipv4 https://nghttp2.org/

*   Trying 139.162.123.134:443...
* Connected to nghttp2.org (139.162.123.134) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* successfully imported Windows CA store
...
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
...
* Using HTTP2, server supports multiplexing
...
< HTTP/2 200
...
* Connection #0 to host nghttp2.org left intact
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 348
Location: UK

PostPosted: Fri 04 Nov '22 23:00    Post subject: Reply with quote

Starting with the build script, as per CMake build HOWTO https://www.apachelounge.com/viewtopic.php?t=8609, I've not been able to build Curl 7.86.0 with both OpenSSL and Schannel enabled.

It builds with either one enabled, but not both. The build fails at this point:

Code:
[ 66%] Building C object lib/CMakeFiles/libcurl.dir/vtls/openssl.c.obj
openssl.c
C:\Apache24\include\openssl/x509v3.h(181): error C2059: syntax error: '('
C:\Apache24\include\openssl/x509v3.h(188): error C2059: syntax error: '<parameter-list>'
C:\Apache24\include\openssl/x509v3.h(193): error C2059: syntax error: '}'
C:\Apache24\include\openssl/x509v3.h(194): error C2059: syntax error: '}'
C:\Apache24\include\openssl/x509v3.h(198): error C2061: syntax error: identifier 'GENERAL_NAME'
C:\Apache24\include\openssl/x509v3.h(199): error C2059: syntax error: '}'
etc

Line 181 of x509v3.h doesn't contain a '(' - it's part way through a struct definition.

Not sure if this is a Visual C compiler issue (believe you're using Cygwin), but they have significantly changed files openssl.h / openssl.c since release 7.85.0.

Any advice greatly received.
Back to top
nono303



Joined: 20 Dec 2016
Posts: 207
Location: Lille, FR, EU

PostPosted: Mon 07 Nov '22 11:43    Post subject: Reply with quote

Hi @tangent,
I don’t think it’s a MSVC issue as I’m using it (vc15, vs16 & vs17) for building curl MultiSSL with openssl 3.0.7.
On which openssl version are you encountering the openssl/x509v3.h issue?
FYI, my cmake log summary:
Code:
C:\sdk\build\vs17_x64-avx\curl>cmake  -G "Ninja" -DCMAKE_INSTALL_PREFIX=C:\sdk\release\vs17_x64-avx -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCURL_WERROR=OFF -DBUILD_CURL_EXE=ON -DBUILD_SHARED_LIBS=ON -DCURL_LTO=ON -DENABLE_THREADED_RESOLVER=ON -DENABLE_MANUAL=OFF -DBUILD_TESTING=OFF -DUSE_WIN32_LDAP=ON -DCURL_ZLIB=ON -DZLIB_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\zlib.lib -DZLIB_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DCURL_BROTLI=ON -DBROTLIDEC_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\brotlidec.lib -DBROTLICOMMON_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\brotlicommon.lib -DBROTLI_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DENABLE_ARES=ON -DCARES_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\cares.lib -DCARES_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DUSE_NGHTTP2=ON -DNGHTTP2_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\nghttp2.lib -DNGHTTP2_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DCURL_USE_OPENSSL=ON -DCURL_USE_LIBSSH2=ON -DCURL_USE_SCHANNEL=ON -DCURL_WINDOWS_SSPI=ON -DOPENSSL_ROOT_DIR=C:\sdk\release\vs17_x64-avx\_openssl\openssl-quic -DOPENSSL_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\_openssl\openssl-quic\include -DLIBSSH2_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\libssh2.lib -DLIBSSH2_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DHAVE_LDAP_SSL=ON -DCURL_STATIC_CRT=OFF -DUSE_NGTCP2=ON -DNGTCP2_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DNGTCP2_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\ngtcp2_crypto_openssl.lib;C:\sdk\release\vs17_x64-avx\lib\ngtcp2.lib -DNGHTTP3_INCLUDE_DIR=C:\sdk\release\vs17_x64-avx\include -DNGHTTP3_LIBRARY=C:\sdk\release\vs17_x64-avx\lib\nghttp3.lib C:\sdk\src\curl
-- The C compiler identification is MSVC 19.34.31933.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: C:/sdk/softs/vs22/Community/VC/Tools/MSVC/14.34.31933/bin/Hostx64/x64/cl.exe - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- curl version=[7.86.0-DEV]
-- Found CARES: C:/sdk/release/vs17_x64-avx/lib/cares.lib 
-- Found Perl: C:/sdk/softs/perl/perl/bin/perl.exe (found version "5.32.1")
...
-- Found OpenSSL: C:/sdk/release/vs17_x64-avx/_openssl/openssl-quic/lib/libcrypto.lib (found version "3.0.7") 
...
-- Found NGHTTP2: C:/sdk/release/vs17_x64-avx/lib/nghttp2.lib 
-- Found NGTCP2: C:/sdk/release/vs17_x64-avx/lib/ngtcp2_crypto_openssl.lib;C:/sdk/release/vs17_x64-avx/lib/ngtcp2.lib  found components: OpenSSL
...
-- Found NGHTTP3: C:/sdk/release/vs17_x64-avx/lib/nghttp3.lib 
...
-- Found ZLIB: C:\sdk\release\vs17_x64-avx\lib\zlib.lib (found version "1.2.13")
-- Found BROTLI: C:/sdk/release/vs17_x64-avx/lib/brotlidec.lib 
...
-- Found LibSSH2: C:/sdk/release/vs17_x64-avx/lib/libssh2.lib (found version "1.10.0")
...
-- Enabled features: SSL IPv6 unixsockets libz brotli AsynchDNS Largefile SSPI alt-svc HSTS SPNEGO Kerberos NTLM HTTP2 HTTP3 MultiSSL HTTPS-proxy threadsafe
-- Enabled protocols: DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS LDAP LDAPS MQTT POP3 POP3S RTSP SCP SFTP SMB SMBS SMTP SMTPS TELNET TFTP
-- Enabled SSL backends: OpenSSL Schannel
...

And the incriminated build line (ninja)
Code:
C:\sdk\build\vs17_x64-avx\curl>C:\sdk\softs\ninja.exe -v install
...
[147/210] C:\sdk\softs\vs22\Community\VC\Tools\MSVC\14.34.31933\bin\Hostx64\x64\cl.exe  /nologo -DBUILDING_LIBCURL -DCURL_HIDDEN_SYMBOLS -DHAVE_CONFIG_H -DOPENSSL_SUPPRESS_DEPRECATED -D_CRT_NONSTDC_NO_DEPRECATE -D_CRT_SECURE_NO_DEPRECATE -Dlibcurl_EXPORTS -IC:\sdk\src\curl\include -IC:\sdk\build\vs17_x64-avx\curl\lib\..\include -IC:\sdk\src\curl\lib\.. -IC:\sdk\src\curl\lib\..\include -IC:\sdk\build\vs17_x64-avx\curl\lib\.. -IC:\sdk\src\curl\lib -IC:\sdk\build\vs17_x64-avx\curl\lib -external:IC:\sdk\release\vs17_x64-avx\include -external:IC:\sdk\release\vs17_x64-avx\_openssl\openssl-quic\include -external:W0 /DWIN32 /D_WINDOWS /w /MP /Zi /Zf /Zi /FS /O2 /GL /MP16 /arch:AVX /w /DNDEBUG -MD /GL /showIncludes /Folib\CMakeFiles\libcurl.dir\vtls\openssl.c.obj /Fdlib\CMakeFiles\libcurl.dir\ /FS -c C:\sdk\src\curl\lib\vtls\openssl.c
...
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 348
Location: UK

PostPosted: Mon 07 Nov '22 22:50    Post subject: Reply with quote

Hi @nono303,

Thanks for your follow-up post and pointers. Much appreciated.

Unfortunately, I'm still not able to get Curl 7.86.0 to build with both OpenSSL and Schannel enabled. I've tried OpenSSL 3.0.5 as well as 3.0.7 and get the same error when the Curl compile of openssl.c reads through x509v3.h. Curl 7.85.0 builds just fine.

My MSVC is 19.33, within VS17 (Visual Studio Build Tools 2022 (17.3.6)), along with their bundled CMake (3.23). The main difference I can see between your (mature) build process and the basic one I've used in the HowTo, is you're using Ninja and I've stuck with MS Nmake, but I don't see why that should be a factor.

I've spent quite some time digging for an explanation, and the best clue I've found is in comparing vtls\openssl.h for versions 7.85.0 and 7.86.0
There's actually a comment relating to Schannel and OpenSSL support in both, which says:

Code:
/*
 * In an effort to avoid using 'X509 *' here, we instead use the struct
 * x509_st version of the type so that we can forward-declare it here without
 * having to include <openssl/x509v3.h>. Including that header causes name
 * conflicts when libcurl is built with both Schannel and OpenSSL support.
 */

Here's a diff output:

Code:
C:\Development\Apache24\src>diff -u curl-7.85.0\lib\vtls\openssl.h curl-7.86.0\lib\vtls\openssl.h
--- curl-7.85.0\lib\vtls\openssl.h      Sat Aug 13 16:50:57 2022
+++ curl-7.86.0\lib\vtls\openssl.h      Mon Nov 07 20:20:48 2022
@@ -31,6 +31,7 @@
  * This header should only be needed to get included by vtls.c, openssl.c
  * and ngtcp2.c
  */
+#include <openssl/ssl.h>

 #include "urldata.h"

@@ -52,6 +53,8 @@
                                    const char *cert_type, char *key_file,
                                    const struct curl_blob *key_blob,
                                    const char *key_type, char *key_passwd);
+
+CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl);

 #endif /* USE_OPENSSL */
 #endif /* HEADER_CURL_SSLUSE_H */

The key issue is the 7.86.0 version of vtls/openssl.h DOES now include openssl/ssl.h which in turn includes openssl/x509v3.h. Hence a name conflict?

At the moment I don't know what name conflict is occuring, or with what, and the fact it builds ok for you just confuses me further. I'm tempted to post to the Curl mailing list for their advice.
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 348
Location: UK

PostPosted: Tue 08 Nov '22 23:29    Post subject: Reply with quote

It's been slow going, but I've made some progress.

It seems the problem compiling both OpenSSL and Schannel backends with Curl, was down to the CMake logic failing to set USE_WIN32_CRYPTO on my build platform.

In the Curl CMakeLists.txt file, the following section of code normally does this:
Code:

  # Check if crypto functions in wincrypt.h are actually available
  if(HAVE_WINCRYPT_H)
    check_symbol_exists(CryptAcquireContext "${CURL_INCLUDES}" USE_WINCRYPT)
  endif()
  if(USE_WINCRYPT)
    set(USE_WIN32_CRYPTO ON)
  endif()

CryptAcquireContext does exist in wincrypt.h, but on my platform its definition appears to be constrained by the following pragma.
Code:
#pragma region Desktop Family or OneCore or Games Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP|WINAPI_PARTITION_PHONE_RESTRICTED | WINAPI_PARTITION_SYSTEM | WINAPI_PARTITION_GAMES)

I'm using Visual Studio 2022 Community Edition in a Windows 11 development environment VM, so am guessing this doesn't fit this WINAPI_FAMILY_PARTITION definition.

Either way, for me the solution is to simply pass -DUSE_WIN32_CRYTO=ON to the Cmake build process. You still need the url.c patch if you want to use the OpenSSL backend with the native CA store.

I'll update the CMake build HowTo for the various dependency updates in due course.
Back to top


Reply to topic   Topic: Latest dependencies 2.4.54 Cmake Curl 7.86 View previous topic :: View next topic
Post new topic   Forum Index -> Building & Member Downloads