Open rbright55 opened 6 months ago
Hi @rbright55 - Starting with curl 7.77.0, the library no longer supports SSLv3 and will block requests to build with SSLv3. The "patch" we have in the build script attempts rewrite that block in lib/vtls/openssl.c and add the required ciphers back in. Unfortunately, each version changes it a bit and it looks like 8.7.1 is not compatible with our patch.
I'm wondering how we should proceed here. It seems like the options are:
-3
is specified, notify user and give option to downgrade to a curl version that supports it (e.g. 8.1.2)I tend to favor 2 since the only reason you would want SSLv3 would be for detection or legacy support so you already know you are using a vulnerable library.
I would love to hear feedback, specifically reasons for keeping SSLv3 and if something like option2 would work.
I updated the patch to work with this build combination (curl 8.7.1). I wasn't able to test SSLv3 but it does now respond with curl command line -3
flag and the build does complete. Please let me know if it works for you.
Also: I added warning notice that requires user to confirm before proceeding.
HI @jasonacox. Even the without the -3 tag, curl no longer seems to build.
sh build.sh -e
Building Mac libraries
Building curl-8.7.1 for x86_64 (MacOS 13.6.5)
** ERROR with Build - Check /tmp/curl*.log
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_chacha20_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_chacha20_poly1305_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_sm4_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_default_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_wrap_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-endecoder_common.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_crypt.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_sign.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_key.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_common.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-wp_block.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_ccm_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_ec_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_ecx_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_rsa_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_dsa_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-der_sm2_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-digest_to_nid.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_gcm_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-siv128.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target.
Undefined symbols for architecture x86_64:
"_SSL_get0_group_name", referenced from:
_ossl_connect_common in libcurl.a(libcurl_la-openssl.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [curl] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all-recursive] Error 1
Thanks @rbright55
I tested on my M2 MacBook Air and our GitHub action CI builds and tests the script: https://github.com/jasonacox/Build-OpenSSL-cURL/actions/runs/8492632477/job/23265835970
Are you building on an Intel based Mac? Can you share what version? I'll try to replicate to see what it isn't builidng on your system.
Thanks @rbright55
I tested on my M2 MacBook Air and our GitHub action CI builds and tests the script: https://github.com/jasonacox/Build-OpenSSL-cURL/actions/runs/8492632477/job/23265835970
Are you building on an Intel based Mac? Can you share what version? I'll try to replicate to see what it isn't builidng on your system.
i got same error on Intel Mac ,just like @rbright55 any idea to fix it ?
HI @stdiodavid Can you share what version of the libraries you are trying to compile? Also, what MacOS and xcode version? I'll try to replicate to see what it isn't building on your system.
Some thoughts:
sh build.sh
(no options)?ld: symbol(s) not found for architecture x86_64
somehow means that your Xcode is not building something for intel which doesn't make sense. I would like to know which component is breaking. Looking at the full log file may help.
Ran
sh build.sh -3 -e -s 10.0
and encountered the following error incurl-8.7.1-x86_64.log
Intel MacOS v13.6.5 build settings: OPENSSL="3.0.13"
LIBCURL="8.7.1" NGHTTP2="1.60.0"