From 8bdb697671dedc73651ffd17fa4c592b264e68b6 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 28 Jun 2019 11:00:06 -0300 Subject: [PATCH] python-curl: add ssl locking support to wolfssl Patch was merged upstream. Signed-off-by: Eneas U de Queiroz --- lang/python/python-curl/Makefile | 5 + .../0001-Add-locking-support-to-wolfSSL.patch | 128 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 lang/python/python-curl/patches/0001-Add-locking-support-to-wolfSSL.patch diff --git a/lang/python/python-curl/Makefile b/lang/python/python-curl/Makefile index 862507e63..c6aba22c6 100644 --- a/lang/python/python-curl/Makefile +++ b/lang/python/python-curl/Makefile @@ -73,6 +73,11 @@ ifdef CONFIG_LIBCURL_MBEDTLS PYTHON3_PKG_SETUP_ARGS+=--with-mbedtls endif +ifdef CONFIG_LIBCURL_WOLFSSL + PYTHON_PKG_SETUP_ARGS+=--with-wolfssl + PYTHON3_PKG_SETUP_ARGS+=--with-wolfssl +endif + $(eval $(call PyPackage,python-curl)) $(eval $(call BuildPackage,python-curl)) $(eval $(call BuildPackage,python-curl-src)) diff --git a/lang/python/python-curl/patches/0001-Add-locking-support-to-wolfSSL.patch b/lang/python/python-curl/patches/0001-Add-locking-support-to-wolfSSL.patch new file mode 100644 index 000000000..585139e2e --- /dev/null +++ b/lang/python/python-curl/patches/0001-Add-locking-support-to-wolfSSL.patch @@ -0,0 +1,128 @@ +From 9b400b32eb3673ab525f12f41a2ff3e4e3bfcccb Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Fri, 28 Jun 2019 11:05:20 -0300 +Subject: [PATCH] Add locking support to wolfSSL + +This takes advantage of wolfSSL openssl compatibility layer, so all +that that's needed are library detection, and inclusion of specific +headers. +WolfSSL must be built with --enable-opensslextra to enable the required +API, and that's being checked at build time, with a warning if disabled. + +Signed-off-by: Eneas U de Queiroz + +diff --git a/setup.py b/setup.py +index 3be0fcb..d4303b0 100644 +--- a/setup.py ++++ b/setup.py +@@ -143,6 +143,7 @@ class ExtensionConfiguration(object): + return { + '--with-openssl': self.using_openssl, + '--with-ssl': self.using_openssl, ++ '--with-wolfssl': self.using_wolfssl, + '--with-gnutls': self.using_gnutls, + '--with-nss': self.using_nss, + '--with-mbedtls': self.using_mbedtls, +@@ -163,7 +164,7 @@ class ExtensionConfiguration(object): + + if 'PYCURL_SSL_LIBRARY' in os.environ: + ssl_lib = os.environ['PYCURL_SSL_LIBRARY'] +- if ssl_lib in ['openssl', 'gnutls', 'nss', 'mbedtls']: ++ if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls']: + ssl_lib_detected = ssl_lib + getattr(self, 'using_%s' % ssl_lib)() + else: +@@ -188,6 +189,10 @@ class ExtensionConfiguration(object): + self.using_openssl() + ssl_lib_detected = 'openssl' + break ++ if arg[2:] == 'wolfssl': ++ self.using_wolfssl() ++ ssl_lib_detected = 'wolfssl' ++ break + if arg[2:] == 'gnutls': + self.using_gnutls() + ssl_lib_detected = 'gnutls' +@@ -506,6 +511,11 @@ manually. For other SSL backends please ignore this message.''') + self.libraries.append('ssl') + self.define_macros.append(('HAVE_CURL_SSL', 1)) + ++ def using_wolfssl(self): ++ self.define_macros.append(('HAVE_CURL_WOLFSSL', 1)) ++ self.libraries.append('wolfssl') ++ self.define_macros.append(('HAVE_CURL_SSL', 1)) ++ + def using_gnutls(self): + self.define_macros.append(('HAVE_CURL_GNUTLS', 1)) + self.libraries.append('gnutls') +@@ -572,6 +582,7 @@ def strip_pycurl_options(argv): + PRETTY_SSL_LIBS = { + # setup.py may be detecting BoringSSL properly, need to test + 'openssl': 'OpenSSL/LibreSSL/BoringSSL', ++ 'wolfssl': 'wolfSSL', + 'gnutls': 'GnuTLS', + 'nss': 'NSS', + 'mbedtls': 'mbedTLS', +@@ -902,6 +913,7 @@ PycURL Unix options: + --with-gnutls libcurl is linked against GnuTLS + --with-nss libcurl is linked against NSS + --with-mbedtls libcurl is linked against mbedTLS ++ --with-wolfssl libcurl is linked against wolfSSL + ''' + + windows_help = '''\ +diff --git a/src/module.c b/src/module.c +index 909cdfe..23387ec 100644 +--- a/src/module.c ++++ b/src/module.c +@@ -351,6 +351,8 @@ initpycurl(void) + } else if (!strncmp(vi->ssl_version, "OpenSSL/", 8) || !strncmp(vi->ssl_version, "LibreSSL/", 9) || + !strncmp(vi->ssl_version, "BoringSSL", 9)) { + runtime_ssl_lib = "openssl"; ++ } else if (!strncmp(vi->ssl_version, "wolfSSL/", 8)) { ++ runtime_ssl_lib = "wolfssl"; + } else if (!strncmp(vi->ssl_version, "GnuTLS/", 7)) { + runtime_ssl_lib = "gnutls"; + } else if (!strncmp(vi->ssl_version, "NSS/", 4)) { +diff --git a/src/pycurl.h b/src/pycurl.h +index 2294cb8..092387f 100644 +--- a/src/pycurl.h ++++ b/src/pycurl.h +@@ -164,6 +164,28 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size); + # include + # include + # define COMPILE_SSL_LIB "openssl" ++# elif defined(HAVE_CURL_WOLFSSL) ++# include ++# if defined(OPENSSL_EXTRA) ++# define HAVE_CURL_OPENSSL ++# define PYCURL_NEED_SSL_TSL ++# define PYCURL_NEED_OPENSSL_TSL ++# include ++# include ++# else ++# ifdef _MSC_VER ++# pragma message(\ ++ "libcurl was compiled with wolfSSL, but the library was built without " \ ++ "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \ ++ "which may cause random crashes on SSL requests") ++# else ++# warning \ ++ "libcurl was compiled with wolfSSL, but the library was built without " \ ++ "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \ ++ "which may cause random crashes on SSL requests" ++# endif ++# endif ++# define COMPILE_SSL_LIB "wolfssl" + # elif defined(HAVE_CURL_GNUTLS) + # include + # if GNUTLS_VERSION_NUMBER <= 0x020b00 +@@ -195,7 +217,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size); + /* since we have no crypto callbacks for other ssl backends, + * no reason to require users match those */ + # define COMPILE_SSL_LIB "none/other" +-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */ ++# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */ + #else + # define COMPILE_SSL_LIB "none/other" + #endif /* HAVE_CURL_SSL */