|
From 9b400b32eb3673ab525f12f41a2ff3e4e3bfcccb Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
Date: Fri, 28 Jun 2019 11:05:20 -0300
|
|
Subject: [PATCH] Add locking support to wolfSSL
|
|
|
|
This takes advantage of wolfSSL openssl compatibility layer, so all
|
|
that that's needed are library detection, and inclusion of specific
|
|
headers.
|
|
WolfSSL must be built with --enable-opensslextra to enable the required
|
|
API, and that's being checked at build time, with a warning if disabled.
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
|
|
diff --git a/setup.py b/setup.py
|
|
index 3be0fcb..d4303b0 100644
|
|
--- a/setup.py
|
|
+++ b/setup.py
|
|
@@ -143,6 +143,7 @@ class ExtensionConfiguration(object):
|
|
return {
|
|
'--with-openssl': self.using_openssl,
|
|
'--with-ssl': self.using_openssl,
|
|
+ '--with-wolfssl': self.using_wolfssl,
|
|
'--with-gnutls': self.using_gnutls,
|
|
'--with-nss': self.using_nss,
|
|
'--with-mbedtls': self.using_mbedtls,
|
|
@@ -163,7 +164,7 @@ class ExtensionConfiguration(object):
|
|
|
|
if 'PYCURL_SSL_LIBRARY' in os.environ:
|
|
ssl_lib = os.environ['PYCURL_SSL_LIBRARY']
|
|
- if ssl_lib in ['openssl', 'gnutls', 'nss', 'mbedtls']:
|
|
+ if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls']:
|
|
ssl_lib_detected = ssl_lib
|
|
getattr(self, 'using_%s' % ssl_lib)()
|
|
else:
|
|
@@ -188,6 +189,10 @@ class ExtensionConfiguration(object):
|
|
self.using_openssl()
|
|
ssl_lib_detected = 'openssl'
|
|
break
|
|
+ if arg[2:] == 'wolfssl':
|
|
+ self.using_wolfssl()
|
|
+ ssl_lib_detected = 'wolfssl'
|
|
+ break
|
|
if arg[2:] == 'gnutls':
|
|
self.using_gnutls()
|
|
ssl_lib_detected = 'gnutls'
|
|
@@ -506,6 +511,11 @@ manually. For other SSL backends please ignore this message.''')
|
|
self.libraries.append('ssl')
|
|
self.define_macros.append(('HAVE_CURL_SSL', 1))
|
|
|
|
+ def using_wolfssl(self):
|
|
+ self.define_macros.append(('HAVE_CURL_WOLFSSL', 1))
|
|
+ self.libraries.append('wolfssl')
|
|
+ self.define_macros.append(('HAVE_CURL_SSL', 1))
|
|
+
|
|
def using_gnutls(self):
|
|
self.define_macros.append(('HAVE_CURL_GNUTLS', 1))
|
|
self.libraries.append('gnutls')
|
|
@@ -572,6 +582,7 @@ def strip_pycurl_options(argv):
|
|
PRETTY_SSL_LIBS = {
|
|
# setup.py may be detecting BoringSSL properly, need to test
|
|
'openssl': 'OpenSSL/LibreSSL/BoringSSL',
|
|
+ 'wolfssl': 'wolfSSL',
|
|
'gnutls': 'GnuTLS',
|
|
'nss': 'NSS',
|
|
'mbedtls': 'mbedTLS',
|
|
@@ -902,6 +913,7 @@ PycURL Unix options:
|
|
--with-gnutls libcurl is linked against GnuTLS
|
|
--with-nss libcurl is linked against NSS
|
|
--with-mbedtls libcurl is linked against mbedTLS
|
|
+ --with-wolfssl libcurl is linked against wolfSSL
|
|
'''
|
|
|
|
windows_help = '''\
|
|
diff --git a/src/module.c b/src/module.c
|
|
index 909cdfe..23387ec 100644
|
|
--- a/src/module.c
|
|
+++ b/src/module.c
|
|
@@ -351,6 +351,8 @@ initpycurl(void)
|
|
} else if (!strncmp(vi->ssl_version, "OpenSSL/", 8) || !strncmp(vi->ssl_version, "LibreSSL/", 9) ||
|
|
!strncmp(vi->ssl_version, "BoringSSL", 9)) {
|
|
runtime_ssl_lib = "openssl";
|
|
+ } else if (!strncmp(vi->ssl_version, "wolfSSL/", 8)) {
|
|
+ runtime_ssl_lib = "wolfssl";
|
|
} else if (!strncmp(vi->ssl_version, "GnuTLS/", 7)) {
|
|
runtime_ssl_lib = "gnutls";
|
|
} else if (!strncmp(vi->ssl_version, "NSS/", 4)) {
|
|
diff --git a/src/pycurl.h b/src/pycurl.h
|
|
index 2294cb8..092387f 100644
|
|
--- a/src/pycurl.h
|
|
+++ b/src/pycurl.h
|
|
@@ -164,6 +164,28 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
|
|
# include <openssl/ssl.h>
|
|
# include <openssl/err.h>
|
|
# define COMPILE_SSL_LIB "openssl"
|
|
+# elif defined(HAVE_CURL_WOLFSSL)
|
|
+# include <wolfssl/options.h>
|
|
+# if defined(OPENSSL_EXTRA)
|
|
+# define HAVE_CURL_OPENSSL
|
|
+# define PYCURL_NEED_SSL_TSL
|
|
+# define PYCURL_NEED_OPENSSL_TSL
|
|
+# include <wolfssl/openssl/ssl.h>
|
|
+# include <wolfssl/openssl/err.h>
|
|
+# else
|
|
+# ifdef _MSC_VER
|
|
+# pragma message(\
|
|
+ "libcurl was compiled with wolfSSL, but the library was built without " \
|
|
+ "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \
|
|
+ "which may cause random crashes on SSL requests")
|
|
+# else
|
|
+# warning \
|
|
+ "libcurl was compiled with wolfSSL, but the library was built without " \
|
|
+ "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \
|
|
+ "which may cause random crashes on SSL requests"
|
|
+# endif
|
|
+# endif
|
|
+# define COMPILE_SSL_LIB "wolfssl"
|
|
# elif defined(HAVE_CURL_GNUTLS)
|
|
# include <gnutls/gnutls.h>
|
|
# if GNUTLS_VERSION_NUMBER <= 0x020b00
|
|
@@ -195,7 +217,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
|
|
/* since we have no crypto callbacks for other ssl backends,
|
|
* no reason to require users match those */
|
|
# define COMPILE_SSL_LIB "none/other"
|
|
-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
|
|
+# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
|
|
#else
|
|
# define COMPILE_SSL_LIB "none/other"
|
|
#endif /* HAVE_CURL_SSL */
|