enable SSL for curl in bazel build environment #2415
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #2415 +/- ##
=======================================
Coverage 87.06% 87.06%
=======================================
Files 199 199
Lines 6079 6079
=======================================
Hits 5292 5292
Misses 787 787 |
| deps = [ | ||
| "@boringssl//:crypto", | ||
| "@boringssl//:ssl", | ||
| ], |
There was a problem hiding this comment.
The CMake build has a dependency on OpenSSL. Can we have the same dependency to maintain consistency?
There was a problem hiding this comment.
Looking into the boringssl documentation (https://github.com/google/boringssl) -
--
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
--
There was a problem hiding this comment.
I agree with @lalitb , I think we should use openssl.
There was a problem hiding this comment.
Agree, but gRPC also use boringssl, maybe we can use alias to switch the ssl library. (https://bazel.build/docs/configurable-attributes?#faq-select-bind)
bazel/curl.BUILD
Outdated
| @@ -34,6 +34,8 @@ cc_library( | |||
| ]), | |||
| copts = CURL_COPTS + [ | |||
| "-DOS=\"os\"", | |||
| "-DCURL_WITH_MULTI_SSL", | |||
There was a problem hiding this comment.
What is the option CURL_WITH_MULTI_SSL for?
There was a problem hiding this comment.
The CI build now fails with:
external/curl/lib/vtls/vtls.c:1254:2: error: #error "Missing struct Curl_ssl for selected SSL backend"
It looks like curl needs to be built with USE_OPENSSL and linked with openssl.
Relevant CURL code:
const struct Curl_ssl *Curl_ssl =
#if defined(CURL_WITH_MULTI_SSL)
&Curl_ssl_multi;
#elif defined(USE_WOLFSSL)
&Curl_ssl_wolfssl;
#elif defined(USE_SECTRANSP)
&Curl_ssl_sectransp;
#elif defined(USE_GNUTLS)
&Curl_ssl_gnutls;
#elif defined(USE_GSKIT)
&Curl_ssl_gskit;
#elif defined(USE_MBEDTLS)
&Curl_ssl_mbedtls;
#elif defined(USE_NSS)
&Curl_ssl_nss;
#elif defined(USE_RUSTLS)
&Curl_ssl_rustls;
#elif defined(USE_OPENSSL)
&Curl_ssl_openssl;
#elif defined(USE_SCHANNEL)
&Curl_ssl_schannel;
#elif defined(USE_BEARSSL)
&Curl_ssl_bearssl;
#else
#error "Missing struct Curl_ssl for selected SSL backend"
#endif
|
The discussion on this code review is inconclusive, as there is no agreement on which SSL library to use to build CURL, and the topic needs further investigation. Created issue #2489 to document the bug found, and closing this PR. |
No description provided.