Re: [kamailio/kamailio] tls_wolfssl: clean-up; continue to remove OpenSSL-isms (5d3c11c)
What are the configure flags for the nightly builds? Is this using a system libwolfssl-dev or the submodule.
The module expects wolfssl ~ v5.6.6-stable which is equivalent to libwolfssl42(5.6.6-1.2) libwolfssl-dev_5.6.6. For RPM based-distros I build the module both with the in-tree submodule and external package wolfssl42-5.6.6.
``` # debian does this ./configure --enable-distro --enable-pkcs11
# libwolfssl35 ma
2422 * to the user. This is set by default with 2423 * OPENSSL_COMPATIBLE_DEFAULTS. The macro 2424 * WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to 2425 * limit the possibility of an infinite retry loop 2426 */ 2427 SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ 2428 /* Errors used in wolfSSL. utilize the values from the defines in 2429 * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix. 2430 */ 2431 WOLFSSL_X509_V_OK = 0, 2432 WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE = 7, 2433 WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID = 9, 2434 WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED = 10, 2435 WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13, 2436 WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14, 2437 WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18, 2438 WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20, 2439 WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21, 2440 WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG = 22, 2441 WOLFSSL_X509_V_ERR_CERT_REVOKED = 23, 2442 WOLFSSL_X509_V_ERR_INVALID_CA = 24, 2443 WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED = 25, 2444 WOLFSSL_X509_V_ERR_CERT_REJECTED = 28, 2445 WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, ```
Hi,
On 25/1/24 11:32, space88man via sr-dev wrote:
What are the configure flags for the nightly builds? Is this using a system libwolfssl-dev or the submodule.
The module expects wolfssl ~ v5.6.6-stable which is equivalent to libwolfssl42(5.6.6-1.2) libwolfssl-dev_5.6.6. For RPM based-distros I build the module both with the in-tree submodule and external package wolfssl42-5.6.6.
I think all the latest backports to 5.7 related to tls_wolfssl broke the idea of "stable" release since we are changing the expected version dependency of the module, no?
commit 8e915d440293df2ba3b2700e5a4705123925be9a (origin/5.7, 5.7) Author: S-P Chan shihping.chan@gmail.com Date: Wed Jan 24 16:30:48 2024 +0800
tls_wolfssl: clean-up; continue to remove OpenSSL-isms (cherry-pick from 5d3c11c5e0854ce74424a10a88b0cca4453cee75)commit 893e9ea4364f60c32a5477c5b75bdc24b619dd52 Author: S-P Chan shihping.chan@gmail.com Date: Tue Jan 23 23:13:08 2024 +0800
tls_wolfssl: clean-up; remove OpenSSL-isms (cherry-pick from 3d0e7521c6de4023b6595685fc306129ef57b8ac)commit 4240cbc1bdbf9eb5d8b3f7473fbf4ee9d4d90650 Author: S-P Chan shihping.chan@gmail.com Date: Sun Jan 21 18:17:37 2024 +0800
tls_wolfssl: refactor custom BIO - remove use of custom BIO at the expense of some memory copies (cherry-pick from 32089e134413200bf5d1a97f207378b7d10e65a2)commit 8e7df1345c828eeb6b999c30069e75ccdd440200 Author: S-P Chan shihping.chan@gmail.com Date: Fri Jan 19 12:16:01 2024 +0800
tls_wolfssl: use shared WOLFSSL_CTX (cherry-pick from 88f27e2b89142652ea1b8f133df1ff403f9f61b2)commit 0a481501024b0e85bde8fa74cde1df2bebaa167b Author: S-P Chan shihping.chan@gmail.com Date: Thu Jan 18 12:38:09 2024 +0800
tls_wolfssl: clean-up OpenSSL compatibility - remove unneeded OpenSSL-isms (cherry-pick from 255e563e94e9536f0e541c3baeec45cbc68fac5b)commit 3b79c1ef3cc6c1019fe7cb99ff77e0c51d8e789a Author: S-P Chan shihping.chan@gmail.com Date: Thu Jan 18 06:21:55 2024 +0800
tls_wolfssl: clean-up—using wolfSSL native naming for functions / structs (cherry-pick from 5bbb224fdad1770150dd2fc37c69393aeda96d40)
There were no impact in the deb builds process since tls_wolfssl is not in the list of modules built for 5.7.
-
space88man -
Victor Seva