Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail

curl-users

curl openssl wrong headers issue when compiling

From: Artur D <tuwi.dc_at_gmail.com>
Date: Thu, 23 Feb 2017 10:45:40 +0100

Hi all,
I’m running latest version Centos 7 and was able to recreate the issue also with Centos 7 inside vagrant.

So it all started with a certain API accepting http2 requests only.

Looks like an easy task as I thought I would just need to compile curl with http2 support and that should be it right ? Well no..

After following this guide ( https://serversforhackers.com/video/curl-with-http2-support ) on setting up curl with h2 support after I finished I started getting weird results on curl.
H2 requests worked fine in general ( testing with curl --http2 -I nghttp2.org ) but i was getting issues on responses from that API ( stuff like @@ )

After some reading around I understood that it was openssl related as curl build with openssl versions prior to 1.0.2 would have these specific issues

So, I wanted to build curl with a more recent version of openssl. Got the latest openssl version and just compiled it, I thought it might be like :

  cd /usr/local/src/
  wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
  tar -zxvf openssl-1.0.2j.tar.gz

  wget https://curl.haxx.se/download/curl-7.53.0.tar.gz
  tar -zxvf curl-7.53.0.tar.gz
  
(for some odd reason I didnt really get the latest openssl version, i got this 1.0.2j version as suggested in a chineese article and without noticing i sticked with that )

mkdir /opt/openssl
cd openssl-1.0.2j
./config --prefix=/opt/openssl

and then

cd ../curl-7.53.0/
./config --prefix=/opt/openssl

Tried many different settings (default locations and non-default locations )
After trying several times to build it I would always get wrong openssl version or the config wouldnt detect it at all.

  SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
  SSH support: no (--with-libssh2)

Having the openssl-devel package installed I noticed that it ticked the config to find that as default so even though I would have openssl compiled and installed in /opt/openssl
and even though I would have curl use the —with-ssl=/opt/openssl flag that would still get compiled with the openssl of my system ( OpenSSL 1.0.1e-fips 11 Feb 2013 )

Investing this issue found this old thread that deals with a similar issue:

From: Ralph Mitchell <rmitchell_at_eds.com <mailto:rmitchell_at_eds.com?Subject=Re:%20cURL%20and%20openssl>>
Date: Thu, 30 May 2002 01:26:50 -0500
Further obsservations on the configure problem:

Removing the openssl-devel rpm made the /usr/include/openssl directory go away.
Configure was still happily finding the openssl include files, though, so it must
have been looking in the new openssl directory, as specified with:

    ./configure --with-ssl=/usr/local/openssl-0.9.6d

Just for grins, I went back and recreated /usr/include/openssl and put an empty
engine.h file in it. The above configure command then found that file and set
curl up to use it... Of course, the build failed miserably because the file was
empty... :)

So in conclusion, configure *is* looking where I tell it for the openssl header
files, but it is *also* looking in /usr/include/openssl. Anybody know enough
about configure to say if that behaviour can be modified??

Ralph Mitchell wrote:

> I think there may be a problem with configure...

So I removed the openssl-devel package and retried to compile curl with an openssl build with a /opt/openssl prefix
Same results.

  SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
  SSH support: no (--with-libssh2)

Tried also the suggested method with pkgconfig as curl docs suggest it

PKG_CONFIG_PATH=/opt/openssl/lib/pkgconfig ./configure --with-ssl=/opt/openssl

After some reading around thought to do a static independent build
  
  cd openssl-1.0.2j
  mkdir _build
  ./config no-shared —prefix=/opt/openssl/_build
  make depend && make && make install
  cd ..
  cd curl-7.53.0/
  mkdir /opt/curl
  LIBS="-ldl" ./configure —prefix=/opt/curl/_build --with-ssl=/opt/openssl/_build --disable-shared
  make
  ./src/curl --version
  curl 7.53.0 (x86_64-pc-linux-gnu) libcurl/7.53.0 OpenSSL/1.0.2j zlib/1.2.7

And finally it worked but I think there is something wrong on the configure part as Mitchell noted. Can anyone explain me in simple terms why the detection of proper header file openssl fails or what am I doing wrong here ?

Thanks
Artur

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-23