mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-24 05:53:30 +08:00
libcurl: Allow selection of TLS package libcurl will use
Instead of defaulting to OpenSSL, allow selection of package to use through a choice in libcurl's config. The default will be to select the first enabled TLS provider in the same preference order as is used now, i.e. no change from current behavior. Some of the alternative libraries have advantages over OpenSSL in certain areas. For example, gnutls has vastly superior PKCS11 support. One can use client TLS private keys by supplying a PKCS11 URI instead of a private key file name. The TLS server cert trust store can be a PKCS11 URI, e.g. configure libcurl with a ca-bundle of "pkcs11:model=p11-kit-trust". Now server certs can be stored in a software and/or hardware HSM(s). This doesn't work with OpenSSL. However, some software only supports OpenSSL for TLS or other crypto functions. So it might be necessary to enable OpenSSL for that reason. Signed-off-by: Trent Piepho <tpiepho@impinj.com> [Peter: add BR2_PACKAGE_LIBCURL_TLS_SUPPORT and use it to hide choice & comment, explitly pass --without-foo if option is not enabled, only do .pc fixup if BR2_PACKAGE_LIBCURL_OPENSSL is enabled] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Trent Piepho
Peter Korsgaard
parent
35f468b0f0
commit
b8b78e7e6a
@ -19,4 +19,36 @@ config BR2_PACKAGE_LIBCURL_VERBOSE
|
||||
help
|
||||
Enable verbose text strings
|
||||
|
||||
config BR2_PACKAGE_LIBCURL_TLS_SUPPORT
|
||||
bool
|
||||
default y if BR2_PACKAGE_OPENSSL
|
||||
default y if BR2_PACKAGE_GNUTLS
|
||||
default y if BR2_PACKAGE_LIBNSS
|
||||
default y if BR2_PACKAGE_MBEDTLS
|
||||
|
||||
choice
|
||||
prompt "SSL/TLS library to use"
|
||||
depends on BR2_PACKAGE_LIBCURL_TLS_SUPPORT
|
||||
|
||||
config BR2_PACKAGE_LIBCURL_OPENSSL
|
||||
bool "OpenSSL"
|
||||
depends on BR2_PACKAGE_OPENSSL
|
||||
|
||||
config BR2_PACKAGE_LIBCURL_GNUTLS
|
||||
bool "GnuTLS"
|
||||
depends on BR2_PACKAGE_GNUTLS
|
||||
|
||||
config BR2_PACKAGE_LIBCURL_LIBNSS
|
||||
bool "NSS"
|
||||
depends on BR2_PACKAGE_LIBNSS
|
||||
|
||||
config BR2_PACKAGE_LIBCURL_MBEDTLS
|
||||
bool "mbed TLS"
|
||||
depends on BR2_PACKAGE_MBEDTLS
|
||||
|
||||
endchoice
|
||||
|
||||
comment "A TLS library is needed for SSL/TLS support"
|
||||
depends on !BR2_PACKAGE_LIBCURL_TLS_SUPPORT
|
||||
|
||||
endif
|
||||
|
||||
@ -19,7 +19,8 @@ LIBCURL_INSTALL_STAGING = YES
|
||||
# probably almost never used. See
|
||||
# http://curl.haxx.se/docs/manpage.html#--ntlm.
|
||||
LIBCURL_CONF_OPTS = --disable-manual --disable-ntlm-wb \
|
||||
--enable-hidden-symbols --with-random=/dev/urandom --disable-curldebug
|
||||
--enable-hidden-symbols --with-random=/dev/urandom --disable-curldebug \
|
||||
--without-polarssl
|
||||
|
||||
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
|
||||
LIBCURL_CONF_OPTS += --enable-threaded-resolver
|
||||
@ -35,7 +36,7 @@ endif
|
||||
|
||||
LIBCURL_CONFIG_SCRIPTS = curl-config
|
||||
|
||||
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
||||
ifeq ($(BR2_PACKAGE_LIBCURL_OPENSSL),y)
|
||||
LIBCURL_DEPENDENCIES += openssl
|
||||
# configure adds the cross openssl dir to LD_LIBRARY_PATH which screws up
|
||||
# native stuff during the rest of configure when target == host.
|
||||
@ -44,19 +45,31 @@ LIBCURL_DEPENDENCIES += openssl
|
||||
LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)/lib:/usr/lib
|
||||
LIBCURL_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr \
|
||||
--with-ca-path=/etc/ssl/certs
|
||||
else ifeq ($(BR2_PACKAGE_GNUTLS),y)
|
||||
LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr
|
||||
else
|
||||
LIBCURL_CONF_OPTS += -without-ssl
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBCURL_GNUTLS),y)
|
||||
LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr --without-ssl
|
||||
LIBCURL_DEPENDENCIES += gnutls
|
||||
else ifeq ($(BR2_PACKAGE_LIBNSS),y)
|
||||
LIBCURL_CONF_OPTS += --with-nss=$(STAGING_DIR)/usr
|
||||
else
|
||||
LIBCURL_CONF_OPTS += --without-gnutls
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBCURL_LIBNSS),y)
|
||||
LIBCURL_CONF_OPTS += --with-nss=$(STAGING_DIR)/usr --without-ssl --without-gnutls
|
||||
LIBCURL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) `$(PKG_CONFIG_HOST_BINARY) nspr nss --cflags`"
|
||||
LIBCURL_DEPENDENCIES += libnss
|
||||
else ifeq ($(BR2_PACKAGE_MBEDTLS),y)
|
||||
LIBCURL_CONF_OPTS += --with-mbedtls=$(STAGING_DIR)/usr
|
||||
else
|
||||
LIBCURL_CONF_OPTS += --without-nss
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBCURL_MBEDTLS),y)
|
||||
LIBCURL_CONF_OPTS += --with-mbedtls=$(STAGING_DIR)/usr \
|
||||
--without-ssl --without-gnutls --without-nss
|
||||
LIBCURL_DEPENDENCIES += mbedtls
|
||||
else
|
||||
LIBCURL_CONF_OPTS += --without-ssl --without-gnutls \
|
||||
--without-polarssl --without-nss --without-mbedtls
|
||||
LIBCURL_CONF_OPTS += --without-mbedtls
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_C_ARES),y)
|
||||
@ -98,7 +111,7 @@ endif
|
||||
define LIBCURL_FIX_DOT_PC
|
||||
printf 'Requires: openssl\n' >>$(@D)/libcurl.pc.in
|
||||
endef
|
||||
LIBCURL_POST_PATCH_HOOKS += $(if $(BR2_PACKAGE_OPENSSL),LIBCURL_FIX_DOT_PC)
|
||||
LIBCURL_POST_PATCH_HOOKS += $(if $(BR2_PACKAGE_LIBCURL_OPENSSL),LIBCURL_FIX_DOT_PC)
|
||||
|
||||
ifeq ($(BR2_PACKAGE_CURL),)
|
||||
define LIBCURL_TARGET_CLEANUP
|
||||
|
||||
Loading…
Reference in New Issue
Block a user