From 6773c7ca65cf2183295e56603f9b86a5ce816a06 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 5 Jan 2020 10:51:39 +0100 Subject: wolfSSH: new SSH backend Adds support for SFTP (not SCP) using WolfSSH. Closes #4231 --- configure.ac | 40 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index dd149b7e3..5d8215c59 100755 --- a/configure.ac +++ b/configure.ac @@ -2795,17 +2795,23 @@ dnl ********************************************************************** dnl Default to compiler & linker defaults for LIBSSH2 files & libraries. OPT_LIBSSH2=off AC_ARG_WITH(libssh2,dnl -AC_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the LIBSSH2 installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) -AC_HELP_STRING([--with-libssh2], [enable LIBSSH2]), +AC_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the libssh2 installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--with-libssh2], [enable libssh2]), OPT_LIBSSH2=$withval, OPT_LIBSSH2=no) OPT_LIBSSH=off AC_ARG_WITH(libssh,dnl -AC_HELP_STRING([--with-libssh=PATH],[Where to look for libssh, PATH points to the LIBSSH installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) -AC_HELP_STRING([--with-libssh], [enable LIBSSH]), +AC_HELP_STRING([--with-libssh=PATH],[Where to look for libssh, PATH points to the libssh installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--with-libssh], [enable libssh]), OPT_LIBSSH=$withval, OPT_LIBSSH=no) +OPT_WOLFSSH=off +AC_ARG_WITH(wolfssh,dnl +AC_HELP_STRING([--with-wolfssh=PATH],[Where to look for wolfssh, PATH points to the wolfSSH installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--with-wolfssh], [enable wolfssh]), + OPT_WOLFSSH=$withval, OPT_WOLFSSH=no) + if test X"$OPT_LIBSSH2" != Xno; then dnl backup the pre-libssh2 variables CLEANLDFLAGS="$LDFLAGS" @@ -2952,6 +2958,28 @@ elif test X"$OPT_LIBSSH" != Xno; then CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS fi +elif test X"$OPT_WOLFSSH" != Xno; then + dnl backup the pre-wolfssh variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + + if test "$OPT_WOLFSSH" != yes; then + WOLFCONFIG="$OPT_WOLFSSH/bin/wolfssh-config" + LDFLAGS="$LDFLAGS `$WOLFCONFIG --libs`" + CPPFLAGS="$CPPFLAGS `$WOLFCONFIG --cflags`" + fi + + AC_CHECK_LIB(wolfssh, wolfSSH_Init) + + AC_CHECK_HEADERS(wolfssh/ssh.h, + curl_ssh_msg="enabled (wolfSSH)" + WOLFSSH_ENABLED=1 + AC_DEFINE(USE_WOLFSSH, 1, [if wolfSSH is in use]) + AC_SUBST(USE_WOLFSSH, [1]) + ) + fi dnl ********************************************************************** @@ -4761,6 +4789,10 @@ if test "x$USE_LIBSSH" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" fi +if test "x$USE_WOLFSSH" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" +fi if test "x$CURL_DISABLE_RTSP" != "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS RTSP" fi -- cgit v1.2.3 From 8f74bb361a403b905ba51c5bd310fd14312f9cb5 Mon Sep 17 00:00:00 2001 From: Cristian Greco Date: Sat, 8 Feb 2020 14:28:33 +0000 Subject: configure.ac: fix comments about --with-quiche A simple s/nghttp3/quiche in some comments of --with-quiche. Looks like a copy-paste error from --with-nghttp3. Closes #4897 --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 5d8215c59..7a6aa5303 100755 --- a/configure.ac +++ b/configure.ac @@ -3723,9 +3723,9 @@ if test X"$want_quiche" != Xno; then LIBS=$CLEANLIBS ) else - dnl no nghttp3 pkg-config found, deal with it + dnl no quiche pkg-config found, deal with it if test X"$want_quiche" != Xdefault; then - dnl To avoid link errors, we do not allow --with-nghttp3 without + dnl To avoid link errors, we do not allow --with-quiche without dnl a pkgconfig file AC_MSG_ERROR([--with-quiche was specified but could not find quiche pkg-config file.]) fi -- cgit v1.2.3 From 5808a0d0f5ea0399d4a2a22285f78c66f302c173 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 21 Feb 2020 11:30:05 +0100 Subject: http2: now require nghttp2 >= 1.12.0 To simplify our code and since earlier versions lack important function calls libcurl needs to function correctly. nghttp2 1.12.0 was relased on June 26, 2016. Closes #4961 --- configure.ac | 8 ++++---- docs/INTERNALS.md | 2 +- lib/http2.c | 52 +++++----------------------------------------------- 3 files changed, 10 insertions(+), 52 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 7a6aa5303..bde7d8853 100755 --- a/configure.ac +++ b/configure.ac @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -3379,9 +3379,9 @@ if test X"$want_h2" != Xno; then CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - # use nghttp2_option_set_no_recv_client_magic to require nghttp2 - # >= 1.0.0 - AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic, + # use nghttp2_session_set_local_window_size to require nghttp2 + # >= 1.12.0 + AC_CHECK_LIB(nghttp2, nghttp2_session_set_local_window_size, [ AC_CHECK_HEADERS(nghttp2/nghttp2.h, curl_h2_msg="enabled (nghttp2)" diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md index 9ae722898..9fb0733bb 100644 --- a/docs/INTERNALS.md +++ b/docs/INTERNALS.md @@ -97,7 +97,7 @@ Dependencies - NSS 3.14.x - PolarSSL 1.3.0 - Heimdal ? - - nghttp2 1.0.0 + - nghttp2 1.12.0 Operating Systems ----------------- diff --git a/lib/http2.c b/lib/http2.c index 690a537bf..dffc7a254 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -43,19 +43,11 @@ #define H2_BUFSIZE 32768 -#if (NGHTTP2_VERSION_NUM < 0x010000) +#if (NGHTTP2_VERSION_NUM < 0x010c00) #error too old nghttp2 version, upgrade! #endif -#if (NGHTTP2_VERSION_NUM > 0x010800) -#define NGHTTP2_HAS_HTTP2_STRERROR 1 -#endif - -#if (NGHTTP2_VERSION_NUM >= 0x010900) -/* nghttp2_session_callbacks_set_error_callback is present in nghttp2 1.9.0 or - later */ -#define NGHTTP2_HAS_ERROR_CALLBACK 1 -#else +#ifdef CURL_DISABLE_VERBOSE_STRINGS #define nghttp2_session_callbacks_set_error_callback(x,y) #endif @@ -344,35 +336,6 @@ int Curl_http2_ver(char *p, size_t len) return msnprintf(p, len, " nghttp2/%s", h2->version_str); } -/* HTTP/2 error code to name based on the Error Code Registry. -https://tools.ietf.org/html/rfc7540#page-77 -nghttp2_error_code enums are identical. -*/ -static const char *http2_strerror(uint32_t err) -{ -#ifndef NGHTTP2_HAS_HTTP2_STRERROR - const char *str[] = { - "NO_ERROR", /* 0x0 */ - "PROTOCOL_ERROR", /* 0x1 */ - "INTERNAL_ERROR", /* 0x2 */ - "FLOW_CONTROL_ERROR", /* 0x3 */ - "SETTINGS_TIMEOUT", /* 0x4 */ - "STREAM_CLOSED", /* 0x5 */ - "FRAME_SIZE_ERROR", /* 0x6 */ - "REFUSED_STREAM", /* 0x7 */ - "CANCEL", /* 0x8 */ - "COMPRESSION_ERROR", /* 0x9 */ - "CONNECT_ERROR", /* 0xA */ - "ENHANCE_YOUR_CALM", /* 0xB */ - "INADEQUATE_SECURITY", /* 0xC */ - "HTTP_1_1_REQUIRED" /* 0xD */ - }; - return (err < sizeof(str) / sizeof(str[0])) ? str[err] : "unknown"; -#else - return nghttp2_http2_strerror(err); -#endif -} - /* * The implementation of nghttp2_send_callback type. Here we write |data| with * size |length| to the network and return the number of bytes actually @@ -838,7 +801,7 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, return 0; } H2BUGF(infof(data_s, "on_stream_close(), %s (err %d), stream %u\n", - http2_strerror(error_code), error_code, stream_id)); + nghttp2_strerror(error_code), error_code, stream_id)); stream = data_s->req.protop; if(!stream) return NGHTTP2_ERR_CALLBACK_FAILURE; @@ -1138,8 +1101,7 @@ static ssize_t data_source_read_callback(nghttp2_session *session, return nread; } -#if defined(NGHTTP2_HAS_ERROR_CALLBACK) && \ - !defined(CURL_DISABLE_VERBOSE_STRINGS) +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) static int error_callback(nghttp2_session *session, const char *msg, size_t len, @@ -1257,9 +1219,7 @@ static CURLcode http2_init(struct connectdata *conn) /* nghttp2_on_header_callback */ nghttp2_session_callbacks_set_on_header_callback(callbacks, on_header); -#ifndef CURL_DISABLE_VERBOSE_STRINGS nghttp2_session_callbacks_set_error_callback(callbacks, error_callback); -#endif /* The nghttp2 session is not yet setup, do it */ rc = nghttp2_session_client_new(&conn->proto.httpc.h2, callbacks, conn); @@ -1457,7 +1417,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, } else if(httpc->error_code != NGHTTP2_NO_ERROR) { failf(data, "HTTP/2 stream %d was not closed cleanly: %s (err %u)", - stream->stream_id, http2_strerror(httpc->error_code), + stream->stream_id, nghttp2_strerror(httpc->error_code), httpc->error_code); *err = CURLE_HTTP2_STREAM; return -1; @@ -2264,7 +2224,6 @@ CURLcode Curl_http2_switched(struct connectdata *conn, } } -#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE rv = nghttp2_session_set_local_window_size(httpc->h2, NGHTTP2_FLAG_NONE, 0, HTTP2_HUGE_WINDOW_SIZE); if(rv != 0) { @@ -2272,7 +2231,6 @@ CURLcode Curl_http2_switched(struct connectdata *conn, nghttp2_strerror(rv), rv); return CURLE_HTTP2; } -#endif /* we are going to copy mem to httpc->inbuf. This is required since mem is part of buffer pointed by stream->mem, and callbacks -- cgit v1.2.3 From cdcc9df182727b744b1baf686685a2ac41d0f36d Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sat, 29 Feb 2020 21:44:10 +0000 Subject: configure.ac: Disable metalink support if an incompatible SSL/TLS specified tool_metalink only supports cryptography from OpenSSL, GnuTLS, NSS, The Win32 Crypto library and Apple's Common Crypto library. If an TLS backend such as mbedTLS or WolfSSL is specified then the following error is given during compilation along, with a load of unresolved extern errors: Can't compile METALINK support without a crypto library. Reviewed-by: Daniel Stenberg Closes #5006 --- configure.ac | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index bde7d8853..6feab9284 100755 --- a/configure.ac +++ b/configure.ac @@ -2770,6 +2770,12 @@ if test X"$OPT_LIBMETALINK" != Xno; then AC_MSG_NOTICE([libmetalink library defective or too old]) want_metalink="no" ]) + if test "x$OPENSSL_ENABLED" != "x1" -a "x$USE_WINDOWS_SSPI" != "x1" \ + -a "x$GNUTLS_ENABLED" != "x1" -a "x$MBEDTLS_ENABLED" != "x1" \ + -a "x$NSS_ENABLED" != "x1" -a "x$SECURETRANSPORT_ENABLED" != "x1"; then + AC_MSG_WARN([metalink support requires a compatible SSL/TLS backend]) + want_metalink="no" + fi CPPFLAGS="$clean_CPPFLAGS" LDFLAGS="$clean_LDFLAGS" LIBS="$clean_LIBS" -- cgit v1.2.3 From 967bf4633ab164fc0da1876428af9386f18659af Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 2 Mar 2020 09:44:03 +0100 Subject: configure: bump the AC_COPYRIGHT year range --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 6feab9284..d08553bb7 100755 --- a/configure.ac +++ b/configure.ac @@ -31,7 +31,7 @@ XC_OVR_ZZ60 CURL_OVERRIDE_AUTOCONF dnl configure script copyright -AC_COPYRIGHT([Copyright (c) 1998 - 2019 Daniel Stenberg, +AC_COPYRIGHT([Copyright (c) 1998 - 2020 Daniel Stenberg, This configure script may be copied, distributed and modified under the terms of the curl license; see COPYING for more details]) -- cgit v1.2.3 From 18901c7bb7a3a718681267210355ac62d8a3e314 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Mon, 2 Mar 2020 01:51:49 +0000 Subject: configure.ac: Disable metalink if mbedTLS is specified Follow up to cdcc9df1 and #5006. Even though I mentioned mbedTLS as being one of the backends that metalink needs to be disabled for, I seem to have included it in the list of allowed SSL/TLS backends in comnfigure.ac :( Closes #5013 --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index d08553bb7..e7ad63925 100755 --- a/configure.ac +++ b/configure.ac @@ -2771,8 +2771,8 @@ if test X"$OPT_LIBMETALINK" != Xno; then want_metalink="no" ]) if test "x$OPENSSL_ENABLED" != "x1" -a "x$USE_WINDOWS_SSPI" != "x1" \ - -a "x$GNUTLS_ENABLED" != "x1" -a "x$MBEDTLS_ENABLED" != "x1" \ - -a "x$NSS_ENABLED" != "x1" -a "x$SECURETRANSPORT_ENABLED" != "x1"; then + -a "x$GNUTLS_ENABLED" != "x1" -a "x$NSS_ENABLED" != "x1" \ + -a "x$SECURETRANSPORT_ENABLED" != "x1"; then AC_MSG_WARN([metalink support requires a compatible SSL/TLS backend]) want_metalink="no" fi -- cgit v1.2.3