search

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
https://www.wolfssl.com
GNU General Public License v2.0
2.36k stars 834 forks source link

[Bug]: wolfssl coexists does not support session callback #8145

Closed icing closed 2 weeks ago

icing commented 2 weeks ago

Contact Details

stefan.eissing@gmail.com

Version

master

Description

When building wolfSSL as described below, I adapted curl to link with both wolfSSL and openssl at the same time. Many thanks for that! The only feature that seems to be missing the the new session callback. That can be registered but is never invoked.

Looking at the source, the callback is only stored when opensslextra is configured, which we do not want in curl.

Is there another configure option, I missed, or is this indeed missing?

Thanks for the help!

Reproduction steps

  1. ./configure --prefix=/path --enable-ip-alt-name --enable-quic --enable-earlydata --enable-psk --enable-opensslcoexist

Relevant log output

No response

douzzer commented 2 weeks ago

@icing why aren't you just --enable-opensslextraing to solve this? There are no longer conflicts between --enable-opensslextra and --enable-opensslcoexist. Give it a try?

icing commented 2 weeks ago

@douzzer won't that drag in OpenSSL symbols that will conflict with linking curl together with wolfssl and openssl into the same executable?

icing commented 2 weeks ago

@douzzer got a bit lost in the configure options jungle. --enable-opensslextra still allows linking and that is nice. However, turns out what I really needed was --enable-session-ticket. So what I currently use to build curl is

./configure --prefix=/opt/quic/wolfssl-master --enable-ip-alt-name --enable-quic --enable-earlydata --enable-psk --enable-opensslcoexist  --enable-intelasm --enable-sp-asm --enable-session-ticket

and that passes all our tests.

I'll close this therefore as everything seems to work nicely.

douzzer commented 2 weeks ago

@icing

won't that drag in OpenSSL symbols that will conflict with linking curl together with wolfssl and openssl into the same executable?

not anymore -- #8132 , merged on Friday, fixes all the name conflicts in OPENSSL_EXTRA. you still can't use OPENSSL_ALL with OPENSSL_COEXIST though. but as long as you omit OPENSSL_ALL, the library is now always built with no symbol conflicts relative to OpenSSL.

got a bit lost in the configure options jungle.

we've all been there!