Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1745907605, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"94e03093dc6716b873f0747a283a6b93", "commit": {"type":"commit", "time": 1613561955, "time_ofs": 0, "oid_tree": { "oid": "cb41224258e41ebd3ea70e5c36aa877935f7b3f6", "alias": []}, "oid":{ "oid": "8e5f8491db7234c100893998ff4f21542a820b4e", "alias": []}, "msg": "opensslv3: handle deprecation of EC apis", "sig_commit": { "git_time": { "time": 1613561955, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1613282716, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "opensslv3: handle deprecation of EC apis\n\nopenssl v3-alpha11 has marked EC_KEY pieces as deprecated... we use it in\nLWS_WITH_GENCRYPTO but the related RSA etc pieces were already deprecated\nfor that. We use EC_KEY pieces in vhost init...\n\nThe apis are not removed but deprecated, we should have a way to keep\ntrucking, but as it is the deprecation warning is promoted to an error.\n\nLet's add LWS_SUPPRESS_DEPRECATED_API_WARNINGS option off by default. If\nenabled at cmake, external deprecated api warnings are suppressed. This\ngives a general workaround for now for opensslv3.\n\nIn addition, even if you don't do that, let's notice we are on openssl v3\nand don't build the EC curve selection stuff, I don't think anyone is\nactually using it anyway.\n" , "diff": "diff --git a/.sai.json b/.sai.json\nindex 6af699b..8a937a7 100644\n--- a/.sai.json\n+++ b/.sai.json\n@@ -125,6 +125,10 @@\n \t\t\t\u0022cmake\u0022:\t\u0022-DLWS_OPENSSL_LIBRARIES\u003d\u005c\u0022/usr/local/src/openssl/v3/usr/local/lib64/libssl.a;/usr/local/src/openssl/v3/usr/local/lib64/libcrypto.a\u005c\u0022 -DLWS_OPENSSL_INCLUDE_DIRS\u003d\u005c\u0022/usr/local/src/openssl/v3/usr/local/include/\u005c\u0022 -DLWS_WITH_MINIMAL_EXAMPLES\u003d1 -DLWS_WITH_GENCRYPTO\u003d0\u0022,\n \t\t\t\u0022platforms\u0022:\t\u0022none,linux-fedora-32/x86_64-amd/gcc\u0022\n \t\t},\n+\t\t\u0022default-examples-openssl-v3-gencrypto\u0022: {\n+\t\t\t\u0022cmake\u0022:\t\u0022-DLWS_SUPPRESS_DEPRECATED_API_WARNINGS\u003d1 -DLWS_OPENSSL_LIBRARIES\u003d\u005c\u0022/usr/local/src/openssl/v3/usr/local/lib64/libssl.a;/usr/local/src/openssl/v3/usr/local/lib64/libcrypto.a\u005c\u0022 -DLWS_OPENSSL_INCLUDE_DIRS\u003d\u005c\u0022/usr/local/src/openssl/v3/usr/local/include/\u005c\u0022 -DLWS_WITH_MINIMAL_EXAMPLES\u003d1 -DLWS_WITH_GENCRYPTO\u003d1\u0022,\n+\t\t\t\u0022platforms\u0022:\t\u0022none,linux-fedora-32/x86_64-amd/gcc\u0022\n+\t\t},\n \t\t\u0022default-examples-boringssl\u0022: {\n \t\t\t\u0022cmake\u0022:\t\u0022cmake .. -DLWS_WITH_BORINGSSL\u003d1 -DLWS_OPENSSL_INCLUDE_DIRS\u003d\u005c\u0022/usr/local/src/boringssl/include\u005c\u0022 -DLWS_OPENSSL_LIBRARIES\u003d\u005c\u0022/usr/local/src/boringssl/build/ssl/libssl.so;/usr/local/src/boringssl/build/crypto/libcrypto.so\u005c\u0022 -DLWS_WITH_MINIMAL_EXAMPLES\u003d1\u0022,\n \t\t\t\u0022platforms\u0022:\t\u0022none,linux-fedora-32/x86_64-amd/gcc\u0022\n@@ -153,8 +157,9 @@\n \t\t\t\u0022cmake\u0022:\t\u0022-DLWS_WITH_PLUGINS\u003d1\u0022,\n \t\t\t\u0022platforms\u0022:\t\u0022none,linux-fedora-32/x86_64-amd/gcc,linux-debian-sid/x86-amd/gcc,linux-debian-sid/x86_64-amd/gcc\u0022\n \t\t},\n+\t\t# WARN_DEPRECATED disabled for openssl v3 case on windows\n \t\t\u0022lws_system\u0022: {\n-\t\t\t\u0022cmake\u0022:\t\u0022-DLWS_WITH_ACME\u003d1 -DLWS_WITH_MINIMAL_EXAMPLES\u003d1 -DCMAKE_BUILD_TYPE\u003dRELEASE -DLWS_WITH_GENCRYPTO\u003d1 -DLWS_WITH_JOSE\u003d1 -DLWS_WITH_SYS_ASYNC_DNS\u003d1 -DLWS_WITH_SYS_NTPCLIENT\u003d1\u0022,\n+\t\t\t\u0022cmake\u0022:\t\u0022-DLWS_SUPPRESS_DEPRECATED_API_WARNINGS\u003d1 -DLWS_WITH_ACME\u003d1 -DLWS_WITH_MINIMAL_EXAMPLES\u003d1 -DCMAKE_BUILD_TYPE\u003dRELEASE -DLWS_WITH_GENCRYPTO\u003d1 -DLWS_WITH_JOSE\u003d1 -DLWS_WITH_SYS_ASYNC_DNS\u003d1 -DLWS_WITH_SYS_NTPCLIENT\u003d1\u0022,\n \t\t\t\u0022platforms\u0022:\t\u0022w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc\u0022\n \t\t},\n \t\t\u0022secure-streams\u0022: {\ndiff --git a/CMakeLists.txt b/CMakeLists.txt\nindex 4e4d2db..5221cd0 100644\n--- a/CMakeLists.txt\n+++ b/CMakeLists.txt\n@@ -198,6 +198,8 @@ option(LWS_WITH_STATIC \u0022Build the static version of the library\u0022 ON)\n option(LWS_WITH_SHARED \u0022Build the shared version of the library\u0022 ON)\n option(LWS_LINK_TESTAPPS_DYNAMIC \u0022Link the test apps to the shared version of the library. Default is to link statically\u0022 OFF)\n option(LWS_STATIC_PIC \u0022Build the static version of the library with position-independent code\u0022 OFF)\n+option(LWS_SUPPRESS_DEPRECATED_API_WARNINGS \u0022Turn off complaints about, eg, openssl deprecated api usage\u0022 OFF)\n+\n #\n # Specific platforms\n #\n@@ -717,6 +719,7 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR COMPILER_IS_CLANG)\n \n \tcheck_c_compiler_flag(\u0022-Wignored-qualifiers\u0022 LWS_GCC_HAS_IGNORED_QUALIFIERS)\n \tcheck_c_compiler_flag(\u0022-Wtype-limits\u0022 LWS_GCC_HAS_TYPE_LIMITS)\n+\tcheck_c_compiler_flag(\u0022-Wno-deprecated-declarations\u0022 LWS_GCC_HAS_NO_DEPRECATED_DECLARATIONS)\n \n \tif (LWS_GCC_HAS_IGNORED_QUALIFIERS)\n \t\tset(CMAKE_C_FLAGS \u0022-Wignored-qualifiers ${CMAKE_C_FLAGS}\u0022 )\n@@ -744,6 +747,13 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR COMPILER_IS_CLANG)\n \tif (\u0022${DISABLE_WERROR}\u0022 STREQUAL \u0022OFF\u0022)\n \t\tset(CMAKE_C_FLAGS \u0022${CMAKE_C_FLAGS} -Werror\u0022)\n \tendif()\n+\n+\tif (LWS_SUPPRESS_DEPRECATED_API_WARNINGS)\n+\t\tset(CMAKE_C_FLAGS \u0022-Wno-deprecated ${CMAKE_C_FLAGS}\u0022)\n+\t\tif (LWS_GCC_HAS_NO_DEPRECATED_DECLARATIONS)\n+\t\t\tset(CMAKE_C_FLAGS \u0022-Wno-deprecated-declarations ${CMAKE_C_FLAGS}\u0022)\n+\t\tendif()\n+\tendif()\n endif ()\n \n if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT LWS_WITHOUT_TESTAPPS)\ndiff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in\nindex ab77763..732767c 100644\n--- a/cmake/lws_config.h.in\n+++ b/cmake/lws_config.h.in\n@@ -37,6 +37,7 @@\n #cmakedefine LWS_HAVE_BN_bn2binpad\n #cmakedefine LWS_HAVE_CLOCK_GETTIME\n #cmakedefine LWS_HAVE_EC_POINT_get_affine_coordinates\n+#cmakedefine LWS_HAVE_EC_KEY_new_by_curve_name\n #cmakedefine LWS_HAVE_ECDSA_SIG_set0\n #cmakedefine LWS_HAVE_EVP_MD_CTX_free\n #cmakedefine LWS_HAVE_EVP_aes_128_wrap\n@@ -116,6 +117,7 @@\n #cmakedefine LWS_SHA1_USE_OPENSSL_NAME\n #cmakedefine LWS_SSL_CLIENT_USE_OS_CA_CERTS\n #cmakedefine LWS_SSL_SERVER_WITH_ECDH_CERT\n+#cmakedefine LWS_SUPPRESS_DEPRECATED_API_WARNINGS\n #cmakedefine LWS_TLS_LOG_PLAINTEXT_RX\n #cmakedefine LWS_TLS_LOG_PLAINTEXT_TX\n #cmakedefine LWS_WITH_ABSTRACT\ndiff --git a/include/libwebsockets.h b/include/libwebsockets.h\nindex 764b6b1..bf027a6 100644\n--- a/include/libwebsockets.h\n+++ b/include/libwebsockets.h\n@@ -41,6 +41,10 @@ extern \u0022C\u0022 {\n \n #include \u0022lws_config.h\u0022\n \n+#if defined(LWS_SUPPRESS_DEPRECATED_API_WARNINGS)\n+#define OPENSSL_USE_DEPRECATED\n+#endif\n+\n /* place for one-shot opaque forward references */\n \n typedef struct lws_context * lws_ctx_t;\ndiff --git a/lib/tls/CMakeLists.txt b/lib/tls/CMakeLists.txt\nindex a499b33..9f7d2b3 100644\n--- a/lib/tls/CMakeLists.txt\n+++ b/lib/tls/CMakeLists.txt\n@@ -307,6 +307,9 @@ CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE)\n CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE)\n CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE)\n \n+# deprecated in openssl v3\n+CHECK_FUNCTION_EXISTS(${VARIA}EC_KEY_new_by_curve_name LWS_HAVE_EC_KEY_new_by_curve_name PARENT_SCOPE)\n+\n if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS)\n \t# we don't want to confuse what's in or out of the wrapper with\n \t# what's in an openssl also installed on the build host\ndiff --git a/lib/tls/openssl/lws-genec.c b/lib/tls/openssl/lws-genec.c\nindex 1e953b7..8600b62 100644\n--- a/lib/tls/openssl/lws-genec.c\n+++ b/lib/tls/openssl/lws-genec.c\n@@ -27,6 +27,12 @@\n #include \u0022private-lib-core.h\u0022\n #include \u0022private-lib-tls-openssl.h\u0022\n \n+#if !defined(OPENSSL_NO_EC) \u0026\u0026 defined(LWS_HAVE_EC_KEY_new_by_curve_name) \u0026\u0026 \u005c\n+ (OPENSSL_VERSION_NUMBER \u003e\u003d 0x30000000l) \u0026\u0026 \u005c\n+ !defined(LWS_SUPPRESS_DEPRECATED_API_WARNINGS)\n+#warning \u0022You probably need LWS_SUPPRESS_DEPRECATED_API_WARNINGS\u0022\n+#endif\n+\n /*\n * Care: many openssl apis return 1 for success. These are translated to the\n * lws convention of 0 for success.\ndiff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c\nindex 3923f14..24f832e 100644\n--- a/lib/tls/openssl/openssl-server.c\n+++ b/lib/tls/openssl/openssl-server.c\n@@ -155,7 +155,9 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi,\n \t\t\t const char *mem_cert, size_t mem_cert_len,\n \t\t\t const char *mem_privkey, size_t mem_privkey_len)\n {\n-#if !defined(OPENSSL_NO_EC)\n+#if !defined(OPENSSL_NO_EC) \u0026\u0026 defined(LWS_HAVE_EC_KEY_new_by_curve_name) \u0026\u0026 \u005c\n+ ((OPENSSL_VERSION_NUMBER \u003c 0x30000000l) || \u005c\n+ defined(LWS_SUPPRESS_DEPRECATED_API_WARNINGS))\n \tconst char *ecdh_curve \u003d \u0022prime256v1\u0022;\n #if !defined(LWS_WITH_BORINGSSL) \u0026\u0026 defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)\n \tSTACK_OF(X509) *extra_certs \u003d NULL;\n@@ -419,7 +421,9 @@ check_key:\n \t}\n \n \n-#if !defined(OPENSSL_NO_EC)\n+#if !defined(OPENSSL_NO_EC) \u0026\u0026 defined(LWS_HAVE_EC_KEY_new_by_curve_name) \u0026\u0026 \u005c\n+ ((OPENSSL_VERSION_NUMBER \u003c 0x30000000l) || \u005c\n+ defined(LWS_SUPPRESS_DEPRECATED_API_WARNINGS))\n \tif (vhost-\u003etls.ecdh_curve[0])\n \t\tecdh_curve \u003d vhost-\u003etls.ecdh_curve;\n \n@@ -461,7 +465,8 @@ check_key:\n \t}\n #else\n \treturn 0;\n-#endif\n+#endif /* !boringssl */\n+\n \t/* Get the public key from certificate */\n \tpkey \u003d X509_get_pubkey(x);\n \tif (!pkey) {\n@@ -486,13 +491,14 @@ check_key:\n \tSSL_CTX_set_tmp_ecdh(vhost-\u003etls.ssl_ctx, EC_key);\n \n \tEC_KEY_free(EC_key);\n-#else\n-\tlwsl_notice(\u0022 OpenSSL doesn't support ECDH\u005cn\u0022);\n-#endif\n+\n #if !defined(OPENSSL_NO_EC) \u0026\u0026 !defined(LWS_WITH_BORINGSSL)\n post_ecdh:\n #endif\n \tvhost-\u003etls.skipped_certs \u003d 0;\n+#else\n+\tlwsl_notice(\u0022 OpenSSL doesn't support ECDH\u005cn\u0022);\n+#endif\n \n \treturn 0;\n }\n","s":{"c":1745907605,"u": 13661}} ],"g": 15471,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}