Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enable SSL for curl in bazel build environment #2415

Closed
wants to merge 3 commits into from
Closed
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions bazel/curl.BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ cc_library(
]),
copts = CURL_COPTS + [
"-DOS=\"os\"",
"-DCURL_WITH_MULTI_SSL",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the option CURL_WITH_MULTI_SSL for?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CI build now fails with:

external/curl/lib/vtls/vtls.c:1254:2: error: #error "Missing struct Curl_ssl for selected SSL backend"

It looks like curl needs to be built with USE_OPENSSL and linked with openssl.

Relevant CURL code:

const struct Curl_ssl *Curl_ssl =
#if defined(CURL_WITH_MULTI_SSL)
  &Curl_ssl_multi;
#elif defined(USE_WOLFSSL)
  &Curl_ssl_wolfssl;
#elif defined(USE_SECTRANSP)
  &Curl_ssl_sectransp;
#elif defined(USE_GNUTLS)
  &Curl_ssl_gnutls;
#elif defined(USE_GSKIT)
  &Curl_ssl_gskit;
#elif defined(USE_MBEDTLS)
  &Curl_ssl_mbedtls;
#elif defined(USE_NSS)
  &Curl_ssl_nss;
#elif defined(USE_RUSTLS)
  &Curl_ssl_rustls;
#elif defined(USE_OPENSSL)
  &Curl_ssl_openssl;
#elif defined(USE_SCHANNEL)
  &Curl_ssl_schannel;
#elif defined(USE_BEARSSL)
  &Curl_ssl_bearssl;
#else
#error "Missing struct Curl_ssl for selected SSL backend"
#endif

"-DUSE_SSL",
],
defines = ["CURL_STATICLIB"],
includes = [
Expand All @@ -55,5 +57,9 @@ cc_library(
"-lpthread",
],
}),
deps = [
"@boringssl//:crypto",
"@boringssl//:ssl",
],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CMake build has a dependency on OpenSSL. Can we have the same dependency to maintain consistency?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking into the boringssl documentation (https://github.com/google/boringssl) -

--
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

--

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @lalitb , I think we should use openssl.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, but gRPC also use boringssl, maybe we can use alias to switch the ssl library. (https://bazel.build/docs/configurable-attributes?#faq-select-bind)

visibility = ["//visibility:public"],
)