--- /dev/null
+From 9b400b32eb3673ab525f12f41a2ff3e4e3bfcccb Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 28 Jun 2019 11:05:20 -0300
+Subject: [PATCH] Add locking support to wolfSSL
+
+This takes advantage of wolfSSL openssl compatibility layer, so all
+that that's needed are library detection, and inclusion of specific
+headers.
+WolfSSL must be built with --enable-opensslextra to enable the required
+API, and that's being checked at build time, with a warning if disabled.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+diff --git a/setup.py b/setup.py
+index 3be0fcb..d4303b0 100644
+--- a/setup.py
++++ b/setup.py
+@@ -143,6 +143,7 @@ class ExtensionConfiguration(object):
+ return {
+ '--with-openssl': self.using_openssl,
+ '--with-ssl': self.using_openssl,
++ '--with-wolfssl': self.using_wolfssl,
+ '--with-gnutls': self.using_gnutls,
+ '--with-nss': self.using_nss,
+ '--with-mbedtls': self.using_mbedtls,
+@@ -163,7 +164,7 @@ class ExtensionConfiguration(object):
+
+ if 'PYCURL_SSL_LIBRARY' in os.environ:
+ ssl_lib = os.environ['PYCURL_SSL_LIBRARY']
+- if ssl_lib in ['openssl', 'gnutls', 'nss', 'mbedtls']:
++ if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls']:
+ ssl_lib_detected = ssl_lib
+ getattr(self, 'using_%s' % ssl_lib)()
+ else:
+@@ -188,6 +189,10 @@ class ExtensionConfiguration(object):
+ self.using_openssl()
+ ssl_lib_detected = 'openssl'
+ break
++ if arg[2:] == 'wolfssl':
++ self.using_wolfssl()
++ ssl_lib_detected = 'wolfssl'
++ break
+ if arg[2:] == 'gnutls':
+ self.using_gnutls()
+ ssl_lib_detected = 'gnutls'
+@@ -506,6 +511,11 @@ manually. For other SSL backends please ignore this message.''')
+ self.libraries.append('ssl')
+ self.define_macros.append(('HAVE_CURL_SSL', 1))
+
++ def using_wolfssl(self):
++ self.define_macros.append(('HAVE_CURL_WOLFSSL', 1))
++ self.libraries.append('wolfssl')
++ self.define_macros.append(('HAVE_CURL_SSL', 1))
++
+ def using_gnutls(self):
+ self.define_macros.append(('HAVE_CURL_GNUTLS', 1))
+ self.libraries.append('gnutls')
+@@ -572,6 +582,7 @@ def strip_pycurl_options(argv):
+ PRETTY_SSL_LIBS = {
+ # setup.py may be detecting BoringSSL properly, need to test
+ 'openssl': 'OpenSSL/LibreSSL/BoringSSL',
++ 'wolfssl': 'wolfSSL',
+ 'gnutls': 'GnuTLS',
+ 'nss': 'NSS',
+ 'mbedtls': 'mbedTLS',
+@@ -902,6 +913,7 @@ PycURL Unix options:
+ --with-gnutls libcurl is linked against GnuTLS
+ --with-nss libcurl is linked against NSS
+ --with-mbedtls libcurl is linked against mbedTLS
++ --with-wolfssl libcurl is linked against wolfSSL
+ '''
+
+ windows_help = '''\
+diff --git a/src/module.c b/src/module.c
+index 909cdfe..23387ec 100644
+--- a/src/module.c
++++ b/src/module.c
+@@ -351,6 +351,8 @@ initpycurl(void)
+ } else if (!strncmp(vi->ssl_version, "OpenSSL/", 8) || !strncmp(vi->ssl_version, "LibreSSL/", 9) ||
+ !strncmp(vi->ssl_version, "BoringSSL", 9)) {
+ runtime_ssl_lib = "openssl";
++ } else if (!strncmp(vi->ssl_version, "wolfSSL/", 8)) {
++ runtime_ssl_lib = "wolfssl";
+ } else if (!strncmp(vi->ssl_version, "GnuTLS/", 7)) {
+ runtime_ssl_lib = "gnutls";
+ } else if (!strncmp(vi->ssl_version, "NSS/", 4)) {
+diff --git a/src/pycurl.h b/src/pycurl.h
+index 2294cb8..092387f 100644
+--- a/src/pycurl.h
++++ b/src/pycurl.h
+@@ -164,6 +164,28 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
+ # include <openssl/ssl.h>
+ # include <openssl/err.h>
+ # define COMPILE_SSL_LIB "openssl"
++# elif defined(HAVE_CURL_WOLFSSL)
++# include <wolfssl/options.h>
++# if defined(OPENSSL_EXTRA)
++# define HAVE_CURL_OPENSSL
++# define PYCURL_NEED_SSL_TSL
++# define PYCURL_NEED_OPENSSL_TSL
++# include <wolfssl/openssl/ssl.h>
++# include <wolfssl/openssl/err.h>
++# else
++# ifdef _MSC_VER
++# pragma message(\
++ "libcurl was compiled with wolfSSL, but the library was built without " \
++ "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \
++ "which may cause random crashes on SSL requests")
++# else
++# warning \
++ "libcurl was compiled with wolfSSL, but the library was built without " \
++ "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \
++ "which may cause random crashes on SSL requests"
++# endif
++# endif
++# define COMPILE_SSL_LIB "wolfssl"
+ # elif defined(HAVE_CURL_GNUTLS)
+ # include <gnutls/gnutls.h>
+ # if GNUTLS_VERSION_NUMBER <= 0x020b00
+@@ -195,7 +217,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
+ /* since we have no crypto callbacks for other ssl backends,
+ * no reason to require users match those */
+ # define COMPILE_SSL_LIB "none/other"
+-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
++# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
+ #else
+ # define COMPILE_SSL_LIB "none/other"
+ #endif /* HAVE_CURL_SSL */
projects / feed / packages.git / commitdiff