search

jasonacox / Build-OpenSSL-cURL

Scripts to build OpenSSL, HTTP/2 (nghttp2) and cURL (libcurl) for MacOS, iOS and tvOS devices (x86_64, armv7, armv7s, arm64, arm64e). Now Supporting Apple Silicon, OpenSSL 3.0.x with TLS 1.3 and Mac Catalyst builds.
MIT License
430 stars 129 forks source link

Error building curl #70

Open rbright55 opened 6 months ago

rbright55 commented 6 months ago

Ran sh build.sh -3 -e -s 10.0 and encountered the following error in curl-8.7.1-x86_64.log

vtls/openssl.c:3547:18: error: call to undeclared function 'SSLv3_client_method'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    req_method = SSLv3_client_method();
                 ^
vtls/openssl.c:3547:16: warning: incompatible integer to pointer conversion assigning to 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') from 'int' [-Wint-conversion]
    req_method = SSLv3_client_method();
               ^ ~~~~~~~~~~~~~~~~~~~~~
vtls/openssl.c:3548:5: error: call to undeclared function 'use_sni'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    use_sni(FALSE);
    ^
  CC       vtls/libcurl_la-wolfssl.lo
1 warning and 2 errors generated.
make[2]: *** [vtls/libcurl_la-openssl.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1

Intel MacOS v13.6.5 build settings: OPENSSL="3.0.13"
LIBCURL="8.7.1" NGHTTP2="1.60.0"

jasonacox commented 6 months ago

Hi @rbright55 - Starting with curl 7.77.0, the library no longer supports SSLv3 and will block requests to build with SSLv3. The "patch" we have in the build script attempts rewrite that block in lib/vtls/openssl.c and add the required ciphers back in. Unfortunately, each version changes it a bit and it looks like 8.7.1 is not compatible with our patch.

I'm wondering how we should proceed here. It seems like the options are:

  1. Remove SSLv3 support as it is depreciated in openssl and curl.
  2. Update build script so that if -3 is specified, notify user and give option to downgrade to a curl version that supports it (e.g. 8.1.2)
  3. Figure out more logic to add SSLv3 back in to curl.

I tend to favor 2 since the only reason you would want SSLv3 would be for detection or legacy support so you already know you are using a vulnerable library.

I would love to hear feedback, specifically reasons for keeping SSLv3 and if something like option2 would work.

jasonacox commented 6 months ago

I updated the patch to work with this build combination (curl 8.7.1). I wasn't able to test SSLv3 but it does now respond with curl command line -3 flag and the build does complete. Please let me know if it works for you.

Also: I added warning notice that requires user to confirm before proceeding.

image
rbright55 commented 5 months ago

HI @jasonacox. Even the without the -3 tag, curl no longer seems to build.

sh build.sh -e

Building Mac libraries
Building curl-8.7.1 for x86_64 (MacOS 13.6.5)
** ERROR with Build - Check /tmp/curl*.log
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_chacha20_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_chacha20_poly1305_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_sm4_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_default_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_wrap_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-endecoder_common.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_crypt.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_sign.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_key.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_common.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-wp_block.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_ccm_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_ec_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_ecx_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_rsa_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_dsa_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-der_sm2_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-digest_to_nid.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_gcm_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-siv128.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
Undefined symbols for architecture x86_64:
  "_SSL_get0_group_name", referenced from:
      _ossl_connect_common in libcurl.a(libcurl_la-openssl.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [curl] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all-recursive] Error 1
jasonacox commented 5 months ago

Thanks @rbright55

I tested on my M2 MacBook Air and our GitHub action CI builds and tests the script: https://github.com/jasonacox/Build-OpenSSL-cURL/actions/runs/8492632477/job/23265835970

Are you building on an Intel based Mac? Can you share what version? I'll try to replicate to see what it isn't builidng on your system.

stdiodavid commented 4 months ago

Thanks @rbright55

I tested on my M2 MacBook Air and our GitHub action CI builds and tests the script: https://github.com/jasonacox/Build-OpenSSL-cURL/actions/runs/8492632477/job/23265835970

Are you building on an Intel based Mac? Can you share what version? I'll try to replicate to see what it isn't builidng on your system.

i got same error on Intel Mac ,just like @rbright55 any idea to fix it ?

jasonacox commented 4 months ago

HI @stdiodavid Can you share what version of the libraries you are trying to compile? Also, what MacOS and xcode version? I'll try to replicate to see what it isn't building on your system.

Some thoughts: