romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-27 22:52:12 +03:00
Code Issues Projects Releases Packages Wiki Activity

build: check required rustls-ffi version

Browse source 
Try to enforce that the Rustls vTLS backend is only used with
rustls-ffi 0.15 - the documentation already describes this as
the required version.

Follow-up from https://github.com/curl/curl/issues/16890

Closes #16922
This commit is contained in:
Daniel McCarney 2025-04-02 09:09:57 -04:00 committed by Viktor Szakats
parent 304b01b8cf
commit 2ade14b666
No known key found for this signature in database
GPG key ID: B5ABD165E2AEF201
2 changed files with 31 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
CMakeLists.txt
View file

@ -943,6 +943,22 @@ if(CURL_USE_RUSTLS)
string(APPEND CMAKE_C_FLAGS " ${RUSTLS_CFLAGS}")
endif()
if(NOT DEFINED HAVE_RUSTLS_SUPPORTED_HPKE)
if(RUSTLS_VERSION AND RUSTLS_VERSION VERSION_GREATER_EQUAL "0.15")
set(HAVE_RUSTLS_SUPPORTED_HPKE TRUE)
elseif(NOT RUSTLS_VERSION)
cmake_push_check_state()
list(APPEND CMAKE_REQUIRED_INCLUDES ${RUSTLS_INCLUDE_DIRS})
list(APPEND CMAKE_REQUIRED_LIBRARIES ${RUSTLS_LIBRARIES})
curl_required_libpaths("${RUSTLS_LIBRARY_DIRS}")
check_symbol_exists("rustls_supported_hpke" "rustls.h" HAVE_RUSTLS_SUPPORTED_HPKE)
cmake_pop_check_state()
endif()
endif()
if(NOT HAVE_RUSTLS_SUPPORTED_HPKE)
message(FATAL_ERROR "rustls-ffi library does not provide rustls_supported_hpke function. Required version is 0.15 or newer.")
endif()
if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "rustls")
set(_valid_default_ssl_backend TRUE)
endif()

25
m4/curl-rustls.m4
View file

@ -88,22 +88,16 @@ if test "x$OPT_RUSTLS" != xno; then
else
RUSTLS_LDFLAGS="-lpthread -ldl -lm"
fi
AC_CHECK_LIB(rustls, rustls_connection_read,
[
AC_DEFINE(USE_RUSTLS, 1, [if Rustls is enabled])
RUSTLS_ENABLED=1
USE_RUSTLS="yes"
ssl_msg="rustls"
test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
],
AC_MSG_ERROR([--with-rustls was specified but could not find Rustls.]),
$RUSTLS_LDFLAGS)
LIB_RUSTLS="$PREFIX_RUSTLS/lib$libsuff"
if test "$PREFIX_RUSTLS" != "/usr" ; then
SSL_LDFLAGS="-L$LIB_RUSTLS $RUSTLS_LDFLAGS"
SSL_CPPFLAGS="-I$PREFIX_RUSTLS/include"
fi
dnl we will verify AC_CHECK_LIB later on
AC_DEFINE(USE_RUSTLS, 1, [if Rustls is enabled])
USE_RUSTLS="yes"
fi
;;
esac
@ -176,6 +170,17 @@ if test "x$OPT_RUSTLS" != xno; then
if test -n "$link_pkgconfig"; then
LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE rustls"
fi
AC_CHECK_LIB(rustls, rustls_supported_hpke,
[
AC_DEFINE(USE_RUSTLS, 1, [if Rustls is enabled])
RUSTLS_ENABLED=1
USE_RUSTLS="yes"
ssl_msg="rustls"
test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
],
AC_MSG_ERROR([--with-rustls was specified but could not find compatible Rustls.]),
$RUSTLS_LDFLAGS)
fi
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"