1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 16:48:49 -05:00

PolarSSL: deprecate support step 1. Removed from configure.

Also removed mentions from most docs.

Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html

Closes #3888
This commit is contained in:
Daniel Stenberg 2019-05-15 13:57:16 +02:00
parent c9c4f7b547
commit 269f7df0ae
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
10 changed files with 47 additions and 125 deletions

View File

@ -155,7 +155,7 @@ AC_SUBST(PKGADD_VENDOR)
dnl dnl
dnl initialize all the info variables dnl initialize all the info variables
curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,schannel,secure-transport,mesalink,amissl} )" curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,cyassl,schannel,secure-transport,mesalink,amissl} )"
curl_ssh_msg="no (--with-libssh2)" curl_ssh_msg="no (--with-libssh2)"
curl_zlib_msg="no (--with-zlib)" curl_zlib_msg="no (--with-zlib)"
curl_brotli_msg="no (--with-brotli)" curl_brotli_msg="no (--with-brotli)"
@ -2118,98 +2118,6 @@ if test "$GNUTLS_ENABLED" = "1"; then
]) ])
fi fi
dnl ----------------------------------------------------
dnl check for PolarSSL
dnl ----------------------------------------------------
dnl Default to compiler & linker defaults for PolarSSL files & libraries.
OPT_POLARSSL=no
_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(polarssl,dnl
AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points to the installation root])
AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]),
OPT_POLARSSL=$withval)
if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then
ssl_msg=
if test X"$OPT_POLARSSL" != Xno; then
if test "$OPT_POLARSSL" = "yes"; then
OPT_POLARSSL=""
fi
if test -z "$OPT_POLARSSL" ; then
dnl check for lib first without setting any new path
AC_CHECK_LIB(polarssl, havege_init,
dnl libpolarssl found, set the variable
[
AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled])
AC_SUBST(USE_POLARSSL, [1])
POLARSSL_ENABLED=1
USE_POLARSSL="yes"
ssl_msg="PolarSSL"
test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
])
fi
addld=""
addlib=""
addcflags=""
polarssllib=""
if test "x$USE_POLARSSL" != "xyes"; then
dnl add the path and test again
addld=-L$OPT_POLARSSL/lib$libsuff
addcflags=-I$OPT_POLARSSL/include
polarssllib=$OPT_POLARSSL/lib$libsuff
LDFLAGS="$LDFLAGS $addld"
if test "$addcflags" != "-I/usr/include"; then
CPPFLAGS="$CPPFLAGS $addcflags"
fi
AC_CHECK_LIB(polarssl, ssl_init,
[
AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled])
AC_SUBST(USE_POLARSSL, [1])
POLARSSL_ENABLED=1
USE_POLARSSL="yes"
ssl_msg="PolarSSL"
test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
],
[
CPPFLAGS=$_cppflags
LDFLAGS=$_ldflags
])
fi
if test "x$USE_POLARSSL" = "xyes"; then
AC_MSG_NOTICE([detected PolarSSL])
check_for_ca_bundle=1
LIBS="-lpolarssl $LIBS"
if test -n "$polarssllib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$polarssllib"
export CURL_LIBRARY_PATH
AC_MSG_NOTICE([Added $polarssllib to CURL_LIBRARY_PATH])
fi
fi
fi
fi dnl PolarSSL not disabled
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl check for mbedTLS dnl check for mbedTLS
dnl ---------------------------------------------------- dnl ----------------------------------------------------
@ -2698,10 +2606,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi fi
case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in
x) x)
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.])
;; ;;
x1) x1)
# one SSL backend is enabled # one SSL backend is enabled
@ -3125,8 +3033,6 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
versioned_symbols_flavour="GNUTLS_" versioned_symbols_flavour="GNUTLS_"
elif test "x$NSS_ENABLED" = "x1"; then elif test "x$NSS_ENABLED" = "x1"; then
versioned_symbols_flavour="NSS_" versioned_symbols_flavour="NSS_"
elif test "x$POLARSSL_ENABLED" = "x1"; then
versioned_symbols_flavour="POLARSSL_"
elif test "x$CYASSL_ENABLED" = "x1"; then elif test "x$CYASSL_ENABLED" = "x1"; then
versioned_symbols_flavour="CYASSL_" versioned_symbols_flavour="CYASSL_"
elif test "x$WINSSL_ENABLED" = "x1"; then elif test "x$WINSSL_ENABLED" = "x1"; then

View File

@ -19,3 +19,32 @@ version. The default remains supported for now.
The support for HTTP/0.9 will be switched to disabled by default in 6 months, The support for HTTP/0.9 will be switched to disabled by default in 6 months,
in the September 2019 release (possibly called curl 7.68.0). in the September 2019 release (possibly called curl 7.68.0).
## PolarSSL
The polarssl TLS library has not had an update in over three years. The last
release was done on [January 7
2016](https://tls.mbed.org/tech-updates/releases). This library has been
superceded by the mbedTLS library, which is the current incarnation of
PolarSSL. curl has supported mbedTLS since 2015.
It seems unlikely that this library is a good choice for users to get proper
TLS security and support today and at the same time there are plenty of good
and updated alternatives.
I consider it likely that the existing users of curl + polarssl out there are
stuck on old curl versions and when they eventually manage to update curl they
should also be able to update their TLS library.
### State
In the curl 7.66.0 release (July 17, 2019) the ability to build with this TLS
backend is removed from the configure script. The code remains and can be
built and used going forward, but it has to be manually enabled in a build (or
the configure removal reverted).
### Removal
The support for PolarSSL and all code for it will be completely removed from
the curl code base six months after it ships disabled in configure in a
release. In the release on or near February 27, 2020. (Named 7.70.0?)

View File

@ -17,11 +17,9 @@ PEM/DER support:
7.39.0: OpenSSL, GnuTLS and GSKit 7.39.0: OpenSSL, GnuTLS and GSKit
7.43.0: NSS and wolfSSL/CyaSSL 7.43.0: NSS and wolfSSL/CyaSSL
7.47.0: mbedtls 7.47.0: mbedtls
7.49.0: PolarSSL
sha256 support: sha256 support:
7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL.
7.47.0: mbedtls 7.47.0: mbedtls
7.49.0: PolarSSL
Other SSL backends not supported. Other SSL backends not supported.
If this option is used several times, the last one will be used. If this option is used several times, the last one will be used.

View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 2015 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@ -56,10 +56,6 @@ https://curl.haxx.se/libcurl/c/opensslthreadlock.html
https://gnutls.org/manual/html_node/Thread-safety.html https://gnutls.org/manual/html_node/Thread-safety.html
.IP NSS .IP NSS
thread-safe already without anything required. thread-safe already without anything required.
.IP PolarSSL
Required actions unknown.
.IP yassl
Required actions unknown.
.IP Secure-Transport .IP Secure-Transport
The engine is used by libcurl in a way that is fully thread-safe. The engine is used by libcurl in a way that is fully thread-safe.
.IP WinSSL .IP WinSSL

View File

@ -99,13 +99,11 @@ PEM/DER support:
7.39.0-7.48.0,7.58.1+: GSKit 7.39.0-7.48.0,7.58.1+: GSKit
7.43.0: NSS and wolfSSL/CyaSSL 7.43.0: NSS and wolfSSL
7.47.0: mbedtls 7.47.0: mbedtls
7.49.0: PolarSSL 7.54.1: SecureTransport on macOS 10.7+/iOS 10+
7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+
7.58.1: SChannel 7.58.1: SChannel
@ -115,9 +113,7 @@ sha256 support:
7.47.0: mbedtls 7.47.0: mbedtls
7.49.0: PolarSSL 7.54.1: SecureTransport on macOS 10.7+/iOS 10+
7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+
7.58.1: SChannel Windows XP SP3+ 7.58.1: SChannel Windows XP SP3+

View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@ -55,9 +55,8 @@ if(curl) {
.SH AVAILABILITY .SH AVAILABILITY
Added in 7.52.0 Added in 7.52.0
This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS This option is supported by the OpenSSL, GnuTLS, and mbedTLS (since 7.56.0)
(since 7.56.0) backends. The NSS backend provides the option only for backends. The NSS backend provides the option only for backward compatibility.
backward compatibility.
.SH RETURN VALUE .SH RETURN VALUE
CURLE_OK if supported; or an error such as: CURLE_OK if supported; or an error such as:

View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@ -94,11 +94,11 @@ footer:
.SH AVAILABILITY .SH AVAILABILITY
PEM/DER support: PEM/DER support:
7.52.0: GSKit, GnuTLS, NSS, OpenSSL, PolarSSL, mbedtls, wolfSSL/CyaSSL 7.52.0: GSKit, GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL
sha256 support: sha256 support:
7.52.0: GnuTLS, NSS, OpenSSL, PolarSSL, mbedtls, wolfSSL/CyaSSL 7.52.0: GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL
Other SSL backends not supported. Other SSL backends not supported.
.SH RETURN VALUE .SH RETURN VALUE

View File

@ -647,7 +647,7 @@ int netware_init(void);
#define LIBIDN_REQUIRED_VERSION "0.4.1" #define LIBIDN_REQUIRED_VERSION "0.4.1"
#if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \
defined(USE_POLARSSL) || defined(USE_MBEDTLS) || \ defined(USE_MBEDTLS) || \
defined(USE_CYASSL) || defined(USE_SCHANNEL) || \ defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK) defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK)
#define USE_SSL /* SSL support has been enabled */ #define USE_SSL /* SSL support has been enabled */

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -106,8 +106,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
* 'rndptr' points to. * 'rndptr' points to.
* *
* If libcurl is built without TLS support or with a TLS backend that lacks a * If libcurl is built without TLS support or with a TLS backend that lacks a
* proper random API (Gskit, PolarSSL or mbedTLS), this function will use * proper random API (Gskit or mbedTLS), this function will use "weak" random.
* "weak" random.
* *
* When built *with* TLS support and a backend that offers strong random, it * When built *with* TLS support and a backend that offers strong random, it
* will return error if it cannot provide strong random values. * will return error if it cannot provide strong random values.

View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -27,8 +27,7 @@
* 'rnd' points to. * 'rnd' points to.
* *
* If libcurl is built without TLS support or with a TLS backend that lacks a * If libcurl is built without TLS support or with a TLS backend that lacks a
* proper random API (Gskit, PolarSSL or mbedTLS), this function will use * proper random API (Gskit or mbedTLS), this function will use "weak" random.
* "weak" random.
* *
* When built *with* TLS support and a backend that offers strong random, it * When built *with* TLS support and a backend that offers strong random, it
* will return error if it cannot provide strong random values. * will return error if it cannot provide strong random values.