romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-06 02:34:20 +03:00
Code Issues Projects Releases Packages Wiki Activity

NTLM: disable if DES support missing from OpenSSL or mbedTLS

Browse source 
Make autotools and cmake detect DES support in OpenSSL and mbedTLS.
Forward feature macros to C and omit NTLM from the feature preview list.
Use the feature macros in source. This ensure that `-V` output matches
the preview.

OpenSSL doesn't support DES when built with `no-des` or `no-deprecated`.
mbedTLS 4.x no longer supports it, and it's possible to disable it in
<4 with `scripts/config.py unset MBEDTLS_DES_C`.

Before this patch this worked for
mbedTLS 4 only, and with a regression for pending PR #16973.

Also:

- drop NTLM feature check from `curl_setup.h` in favour of autotools/
  cmake feature macros. This makes `curl_setup.h` no longer need
  to include an mbedTLS header, which in turn makes tests/server build
  without depending on mbedTLS.
  Fixing, in #16973:
  ```
  In file included from tests/server/first.h:40,
                   from bld/tests/server/servers.c:3:
  lib/curl_setup.h:741:10: fatal error: mbedtls/version.h: No such file or directory
    741 | #include <mbedtls/version.h>
        |          ^~~~~~~~~~~~~~~~~~~
  ```
  Ref: https://github.com/curl/curl/actions/runs/18689537893/job/53291322012?pr=16973
  Ref: #19181 (initial fix idea)
  Follow-up to 3a305831d1 #19077

- move back mbedTLS header include and version check from
  `curl_setup.h` to each source which consumes mbedTLS.

- GHA/http3-linux: drop workaround that disabled NTLM for
  `no-deprecated` OpenSSL builds.
  Follow-up to 006977859d #12384

- curl_ntlm_core: drop pointless macro `CURL_NTLM_NOT_SUPPORTED`.
  Follow-up to 006977859d #12384

Closes #19206
This commit is contained in:
Viktor Szakats 2025-10-23 22:08:53 +02:00
parent 1de4a9a5fb
commit 4a6fbd5e1d
No known key found for this signature in database
GPG key ID: B5ABD165E2AEF201
12 changed files with 95 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

34
.github/workflows/http3-linux.yml vendored
View file

@ -334,8 +334,7 @@ jobs:
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib
--with-ngtcp2 --disable-ntlm
--with-openssl=/home/runner/openssl/build --enable-ssls-export
--with-openssl=/home/runner/openssl/build --with-ngtcp2 --enable-ssls-export
- name: 'openssl'
install_steps: skipall
@ -343,7 +342,6 @@ jobs:
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_NGTCP2=ON
-DCURL_DISABLE_LDAP=ON
-DCURL_DISABLE_NTLM=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'libressl'
@ -351,29 +349,25 @@ jobs:
PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/libressl/build/lib
--with-ngtcp2 --disable-ntlm
--with-openssl=/home/runner/libressl/build --enable-ssls-export
--with-openssl=/home/runner/libressl/build --with-ngtcp2 --enable-ssls-export
--enable-unity
- name: 'libressl'
PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/libressl/build
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
-DOPENSSL_ROOT_DIR=/home/runner/libressl/build -DUSE_NGTCP2=ON
- name: 'awslc'
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/awslc/build/lib
--with-ngtcp2 --disable-ntlm
--with-openssl=/home/runner/awslc/build --enable-ssls-export
--with-openssl=/home/runner/awslc/build --with-ngtcp2 --enable-ssls-export
- name: 'awslc'
PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/awslc/build -DBUILD_SHARED_LIBS=OFF
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
-DOPENSSL_ROOT_DIR=/home/runner/awslc/build -DUSE_NGTCP2=ON -DBUILD_SHARED_LIBS=OFF
-DCMAKE_UNITY_BUILD=ON
- name: 'boringssl'
@ -381,14 +375,12 @@ jobs:
PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/boringssl/build/lib
--with-ngtcp2 --disable-ntlm
--with-openssl=/home/runner/boringssl/build --enable-ssls-export
--with-openssl=/home/runner/boringssl/build --with-ngtcp2 --enable-ssls-export
- name: 'boringssl'
PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/boringssl/build -DBUILD_SHARED_LIBS=OFF
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
-DOPENSSL_ROOT_DIR=/home/runner/boringssl/build -DUSE_NGTCP2=ON -DBUILD_SHARED_LIBS=OFF
-DCMAKE_UNITY_BUILD=ON
- name: 'gnutls'
@ -397,15 +389,13 @@ jobs:
PKG_CONFIG_PATH: /home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/gnutls/build/lib
--with-ngtcp2
--with-gnutls=/home/runner/gnutls/build --enable-ssls-export
--with-gnutls=/home/runner/gnutls/build --with-ngtcp2 --enable-ssls-export
- name: 'gnutls'
install_packages: nettle-dev libp11-kit-dev
PKG_CONFIG_PATH: /home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DCURL_USE_GNUTLS=ON
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
-DCURL_USE_GNUTLS=ON -DUSE_NGTCP2=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'wolfssl'
@ -413,9 +403,7 @@ jobs:
PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/wolfssl/build/lib
--with-ngtcp2
--with-wolfssl=/home/runner/wolfssl/build
--enable-ech --enable-ssls-export
--with-wolfssl=/home/runner/wolfssl/build --with-ngtcp2 --enable-ech --enable-ssls-export
--enable-unity
- name: 'wolfssl'
@ -429,7 +417,6 @@ jobs:
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib
--disable-ntlm
--with-openssl=/home/runner/openssl/build --with-openssl-quic
- name: 'openssl-quic'
@ -437,7 +424,6 @@ jobs:
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_OPENSSL_QUIC=ON
-DCURL_DISABLE_LDAP=ON
-DCURL_DISABLE_NTLM=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'quiche'