Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error building curl #70

Open
rbright55 opened this issue Mar 29, 2024 · 6 comments
Open

Error building curl #70

rbright55 opened this issue Mar 29, 2024 · 6 comments

Comments

@rbright55
Copy link

Ran sh build.sh -3 -e -s 10.0 and encountered the following error in curl-8.7.1-x86_64.log

vtls/openssl.c:3547:18: error: call to undeclared function 'SSLv3_client_method'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    req_method = SSLv3_client_method();
                 ^
vtls/openssl.c:3547:16: warning: incompatible integer to pointer conversion assigning to 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') from 'int' [-Wint-conversion]
    req_method = SSLv3_client_method();
               ^ ~~~~~~~~~~~~~~~~~~~~~
vtls/openssl.c:3548:5: error: call to undeclared function 'use_sni'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    use_sni(FALSE);
    ^
  CC       vtls/libcurl_la-wolfssl.lo
1 warning and 2 errors generated.
make[2]: *** [vtls/libcurl_la-openssl.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1

Intel MacOS v13.6.5
build settings:
OPENSSL="3.0.13"
LIBCURL="8.7.1"
NGHTTP2="1.60.0"
@jasonacox
Copy link
Owner

Hi @rbright55 - Starting with curl 7.77.0, the library no longer supports SSLv3 and will block requests to build with SSLv3. The "patch" we have in the build script attempts rewrite that block in lib/vtls/openssl.c and add the required ciphers back in. Unfortunately, each version changes it a bit and it looks like 8.7.1 is not compatible with our patch.

I'm wondering how we should proceed here. It seems like the options are:

  1. Remove SSLv3 support as it is depreciated in openssl and curl.
  2. Update build script so that if -3 is specified, notify user and give option to downgrade to a curl version that supports it (e.g. 8.1.2)
  3. Figure out more logic to add SSLv3 back in to curl.

I tend to favor 2 since the only reason you would want SSLv3 would be for detection or legacy support so you already know you are using a vulnerable library.

I would love to hear feedback, specifically reasons for keeping SSLv3 and if something like option2 would work.

jasonacox added a commit that referenced this issue Mar 30, 2024
@jasonacox
Fix SSLv3 support and warning #70
e0d4c4c
@jasonacox
Copy link
Owner

I updated the patch to work with this build combination (curl 8.7.1). I wasn't able to test SSLv3 but it does now respond with curl command line -3 flag and the build does complete. Please let me know if it works for you.

Also: I added warning notice that requires user to confirm before proceeding.

image

@rbright55
Copy link
Author

HI @jasonacox. Even the without the -3 tag, curl no longer seems to build.

sh build.sh -e

Building Mac libraries
Building curl-8.7.1 for x86_64 (MacOS 13.6.5)
** ERROR with Build - Check /tmp/curl*.log
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_chacha20_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_chacha20_poly1305_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_sm4_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_default_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_wrap_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-endecoder_common.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_crypt.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_sign.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-sm2_key.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-cipher_tdes_common.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-wp_block.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_ccm_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_ec_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_ecx_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_rsa_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-der_dsa_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-der_sm2_gen.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libdefault-lib-digest_to_nid.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcommon-lib-ciphercommon_gcm_hw.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
ld: warning: all bitcode will be dropped because '/Users/mac/Documents/xCode/Build-OpenSSL-cURL/openssl/Mac/lib/libcrypto.a(libcrypto-lib-siv128.o)' was built without bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. 
Undefined symbols for architecture x86_64:
  "_SSL_get0_group_name", referenced from:
      _ossl_connect_common in libcurl.a(libcurl_la-openssl.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [curl] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all-recursive] Error 1

@jasonacox
Copy link
Owner

Thanks @rbright55

I tested on my M2 MacBook Air and our GitHub action CI builds and tests the script: https://github.com/jasonacox/Build-OpenSSL-cURL/actions/runs/8492632477/job/23265835970

Are you building on an Intel based Mac? Can you share what version? I'll try to replicate to see what it isn't builidng on your system.

@stdiodavid
Copy link

Thanks @rbright55

I tested on my M2 MacBook Air and our GitHub action CI builds and tests the script: https://github.com/jasonacox/Build-OpenSSL-cURL/actions/runs/8492632477/job/23265835970

Are you building on an Intel based Mac? Can you share what version? I'll try to replicate to see what it isn't builidng on your system.

i got same error on Intel Mac ,just like @rbright55
any idea to fix it ?

@jasonacox
Copy link
Owner

HI @stdiodavid Can you share what version of the libraries you are trying to compile? Also, what MacOS and xcode version? I'll try to replicate to see what it isn't building on your system.

Some thoughts:

  • Try different version of libraries to see if it is tied to that
  • Try upgrading MacOS / Xcode if you haven't
  • Do you get the same results with sh build.sh (no options)?
  • The ld: symbol(s) not found for architecture x86_64 somehow means that your Xcode is not building something for intel which doesn't make sense. I would like to know which component is breaking. Looking at the full log file may help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jasonacox @rbright55 @stdiodavid