diff --git a/deps/Makefile b/deps/Makefile index 442e8165a..2823e66db 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -38,7 +38,7 @@ endif STDCPP := -std=c++$(shell echo $(CPLUSPLUS) | cut -c3-4) -DCXX$(shell echo $(CPLUSPLUS) | cut -c3-4) -targets := libconfig libdaemon jemalloc mariadb_client re2 sqlite3 pcre lz4 cityhash microhttpd curl ev libssl libhttpserver libinjection prometheus-cpp postgresql libusual libscram +targets := check_openssl_version libconfig libdaemon jemalloc mariadb_client re2 sqlite3 pcre lz4 cityhash microhttpd curl ev libhttpserver libinjection prometheus-cpp postgresql libusual libscram ifeq ($(SYS_KERN),Linux) targets += coredumper endif @@ -69,19 +69,42 @@ endif libinjection: libinjection/libinjection/src/libinjection.a +DISTRO := $(shell lsb_release -si 2>/dev/null || grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"') +OPENSSL_VERSION_3 := 3.0.0 -libssl/openssl/libssl.a: - cd libssl && rm -rf openssl-openssl-*/ openssl-3*/ || true - cd libssl && tar -zxf openssl-*.tar.gz - cd libssl && ./verify-bio_st-match.sh -# cd libssl/openssl && patch crypto/ec/curve448/curve448.c < ../curve448.c-multiplication-overflow.patch -# cd libssl/openssl && patch crypto/asn1/a_time.c < ../a_time.c-multiplication-overflow.patch - cd libssl/openssl && ./config no-ssl3 no-tests - cd libssl/openssl && CC=${CC} CXX=${CXX} ${MAKE} - cd libssl/openssl && ln -fs ./ lib # curl wants this path +ifeq ($(DISTRO), almalinux) + ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl3/*" 2>/dev/null | head -n 1) + LIB_SSL_PATH := $(shell find /usr /usr/local /opt -name "libssl.so.3" 2>/dev/null | head -n 1) + LIB_CRYPTO_PATH := $(shell find /usr /usr/local /opt -name "libcrypto.so.3" 2>/dev/null | head -n 1) + SSL_LDIR := $(dir $(LIB_SSL_PATH)) +else + ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) + LIB_SSL_PATH := $(shell find /usr /usr/local /opt -name "libssl.so" 2>/dev/null | head -n 1) + LIB_CRYPTO_PATH := $(shell find /usr /usr/local /opt -name "libcrypto.so" 2>/dev/null | head -n 1) + SSL_LDIR := $(dir $(LIB_SSL_PATH)) +endif -libssl: libssl/openssl/libssl.a +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(shell dirname $(ssl_header_path))) + $(info Found OpenSSL headers at $(SSL_IDIR)) + $(info OpenSSL lib full path is $(LIB_SSL_PATH)) + $(info OpenSSL libs directory is $(SSL_LDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif +check_openssl_version: + @if [ "$(DISTRO)" = "almalinux" ]; then \ + @current_version=$$(openssl3 version | awk '{print $$2}'); \ + else \ + @current_version=$$(openssl version | awk '{print $$2}'); \ + fi; \ + echo "Installed OpenSSL version: $$current_version"; \ + compare_result=`printf "%s\n%s" "$(OPENSSL_VERSION_3)" "$$current_version" | sort -V | head -n 1`; \ + if [ "$$compare_result" != "$(OPENSSL_VERSION_3)" ]; then \ + echo "Error: Installed OpenSSL version must be $(OPENSSL_VERSION_3) or higher, Please upgrade OpenSSL."; \ + exit 1; \ + fi libhttpserver/libhttpserver/build/src/.libs/libhttpserver.a: libmicrohttpd/libmicrohttpd/src/microhttpd/.libs/libmicrohttpd.a re2/re2/obj/libre2.a cd libhttpserver && rm -rf libhttpserver-*/ || true @@ -120,7 +143,7 @@ coredumper/coredumper/src/libcoredumper.a: cd coredumper/coredumper && CC=${CC} CXX=${CXX} ${MAKE} coredumper: coredumper/coredumper/src/libcoredumper.a -curl/curl/lib/.libs/libcurl.a: libssl/openssl/libssl.a +curl/curl/lib/.libs/libcurl.a: cd curl && rm -rf curl-*/ || true cd curl && tar -zxf curl-*.tar.gz # cd curl/curl && ./configure --disable-debug --disable-ftp --disable-ldap --disable-ldaps --disable-rtsp --disable-proxy --disable-dict --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-manual --disable-ipv6 --disable-sspi --disable-crypto-auth --disable-ntlm-wb --disable-tls-srp --without-nghttp2 --without-libidn2 --without-libssh2 --without-brotli --with-ssl=$(shell pwd)/../../libssl/openssl/ && CC=${CC} CXX=${CXX} ${MAKE} @@ -128,8 +151,8 @@ curl/curl/lib/.libs/libcurl.a: libssl/openssl/libssl.a ifeq ($(SYS_KERN),Darwin) cd curl/curl && patch configure < ../configure.patch endif - cd curl/curl && ./configure --disable-debug --disable-ftp --disable-ldap --disable-ldaps --disable-rtsp --disable-proxy --disable-dict --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-manual --disable-ipv6 --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-nghttp2 --without-libidn2 --without-libssh2 --without-brotli --without-librtmp --without-libpsl --without-zstd --with-ssl=$(shell pwd)/libssl/openssl/ --enable-shared=yes - cd curl/curl && LD_LIBRARY_PATH=$(shell pwd)/libssl/openssl CFLAGS=-fPIC CC=${CC} CXX=${CXX} ${MAKE} + cd curl/curl && CPPFLAGS="-I$(SSL_IDIR)" LDFLAGS="$(LIB_SSL_PATH) $(LIB_CRYPTO_PATH)" ./configure --disable-debug --disable-ftp --disable-ldap --disable-ldaps --disable-rtsp --disable-proxy --disable-dict --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-manual --disable-ipv6 --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-nghttp2 --without-libidn2 --without-libssh2 --without-brotli --without-librtmp --without-libpsl --without-zstd --with-ssl --enable-shared=yes + cd curl/curl && CFLAGS=-fPIC CC=${CC} CXX=${CXX} ${MAKE} curl: curl/curl/lib/.libs/libcurl.a @@ -194,11 +217,11 @@ jemalloc/jemalloc/lib/libjemalloc.a: jemalloc: jemalloc/jemalloc/lib/libjemalloc.a -mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: libssl/openssl/libssl.a +mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: cd mariadb-client-library && rm -rf mariadb-connector-c-*/ || true cd mariadb-client-library && tar -zxf mariadb-connector-c-3.3.8-src.tar.gz cd mariadb-client-library/mariadb_client && patch -p0 < ../plugin_auth_CMakeLists.txt.patch - cd mariadb-client-library/mariadb_client && cmake . -Wno-dev -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENSSL_ROOT_DIR=$(shell pwd)/libssl/openssl/ -DOPENSSL_LIBRARIES=$(shell pwd)/libssl/openssl/ -DICONV_LIBRARIES=$(brew --prefix libiconv)/lib -DICONV_INCLUDE=$(brew --prefix libiconv)/include . + cd mariadb-client-library/mariadb_client && cmake . -Wno-dev -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENSSL_ROOT_DIR=$(SSL_IDIR) -DOPENSSL_LIBRARIES=$(SSL_LDIR) -DICONV_LIBRARIES=$(brew --prefix libiconv)/lib -DICONV_INCLUDE=$(brew --prefix libiconv)/include . ifeq ($(PROXYDEBUG),1) cd mariadb-client-library/mariadb_client && patch -p0 < ../ma_context.h.patch else ifeq ($(USEVALGRIND),1) @@ -305,30 +328,30 @@ pcre/pcre/.libs/libpcre.a: pcre: pcre/pcre/.libs/libpcre.a -postgresql/postgresql/src/interfaces/libpq/libpq.a : libssl/openssl/libssl.a +postgresql/postgresql/src/interfaces/libpq/libpq.a : cd postgresql && rm -rf postgresql-*/ || true cd postgresql && tar -zxf postgresql-*.tar.gz cd postgresql/postgresql && patch -p0 < ../get_result_from_pgconn.patch cd postgresql/postgresql && patch -p0 < ../handle_row_data.patch #cd postgresql/postgresql && LD_LIBRARY_PATH="$(shell pwd)/libssl/openssl" ./configure --with-ssl=openssl --with-includes="$(shell pwd)/libssl/openssl/include/" --with-libraries="$(shell pwd)/libssl/openssl/" --without-readline --enable-debug CFLAGS="-ggdb -O0 -fno-omit-frame-pointer" CPPFLAGS="-g -O0" - cd postgresql/postgresql && LD_LIBRARY_PATH="$(shell pwd)/libssl/openssl" ./configure --with-ssl=openssl --with-includes="$(shell pwd)/libssl/openssl/include/" --with-libraries="$(shell pwd)/libssl/openssl/" --without-readline + cd postgresql/postgresql && LD_LIBRARY_PATH="$(SSL_LDIR)" ./configure --with-ssl=openssl --with-includes="$(SSL_IDIR)" --with-libraries="$(SSL_LDIR)" --without-readline cd postgresql/postgresql/src/interfaces/libpq && CC=${CC} CXX=${CXX} ${MAKE} MAKELEVEL=0 #cd postgresql/postgresql && CC=${CC} CXX=${CXX} ${MAKE} -f src/interfaces/libpq/Makefile all postgresql: postgresql/postgresql/src/interfaces/libpq/libpq.a -libusual/libusual/.libs/libusual.a: libssl/openssl/libssl.a +libusual/libusual/.libs/libusual.a: cd libusual && rm -rf libusual-*/ || true cd libusual && tar -zxf libusual-*.tar.gz cd libusual/libusual && ./autogen.sh - cd libusual/libusual && ./configure --with-openssl="$(shell pwd)/libssl/openssl/" --disable-shared + cd libusual/libusual && CPPFLAGS="-I$(SSL_IDIR)" LDFLAGS="$(LIB_SSL_PATH) $(LIB_CRYPTO_PATH)" ./configure --with-openssl="$(SSL_LDIR)" --disable-shared cd libusual/libusual && CC=${CC} CXX=${CXX} ${MAKE} libusual: libusual/libusual/.libs/libusual.a -libscram/lib/libscram.a: libssl/openssl/libssl.a postgresql/postgresql/src/interfaces/libpq/libpq.a +libscram/lib/libscram.a:postgresql/postgresql/src/interfaces/libpq/libpq.a cd libscram && rm -rf lib/* || true - cd libscram && CC=${CC} CXX=${CXX} ${MAKE} LIBOPENSSL_DIR="$(shell pwd)/libssl/openssl" POSTGRESQL_DIR="$(shell pwd)/postgresql/postgresql/" + cd libscram && CC=${CC} CXX=${CXX} ${MAKE} LIBOPENSSL_DIR="$(SSL_IDIR)" POSTGRESQL_DIR="$(shell pwd)/postgresql/postgresql/" libscram: libscram/lib/libscram.a @@ -356,7 +379,6 @@ cleanall: cd libmicrohttpd && rm -rf libmicrohttpd-*/ || true cd curl && rm -rf curl-*/ || true cd libev && rm -rf libev-*/ || true - cd libssl && rm -rf openssl-openssl-*/ openssl-3*/ || true cd libconfig && rm -rf libconfig-*/ || true cd prometheus-cpp && rm -rf prometheus-cpp-*/ || true cd cityhash && rm -rf cityhash-*/ || true diff --git a/deps/libssl/README.md b/deps/libssl/README.md index eab127418..5443316e1 100644 --- a/deps/libssl/README.md +++ b/deps/libssl/README.md @@ -16,3 +16,5 @@ Do not upgrade without extensive testing. See note about `struct bio_st` in MySQL_Data_Stream.cpp . Run `verify-bio_st-match.sh` to confirm compatibility. + +In ProxySQL 3.0.1, OpenSSL was changed from being statically linked to dynamically linked. \ No newline at end of file diff --git a/deps/libssl/a_time.c-multiplication-overflow.patch b/deps/libssl/a_time.c-multiplication-overflow.patch deleted file mode 100644 index 9dbae8092..000000000 --- a/deps/libssl/a_time.c-multiplication-overflow.patch +++ /dev/null @@ -1,9 +0,0 @@ -@@ -248,7 +248,7 @@ - } - o++; - } -- if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign)) -+ if (offset && !OPENSSL_gmtime_adj(&tmp, 0, (long) offset * offsign)) - goto err; - } else { - /* not Z, or not +/- in non-strict mode */ diff --git a/deps/libssl/curve448.c-multiplication-overflow.patch b/deps/libssl/curve448.c-multiplication-overflow.patch deleted file mode 100644 index 732b8e1b5..000000000 --- a/deps/libssl/curve448.c-multiplication-overflow.patch +++ /dev/null @@ -1,9 +0,0 @@ -@@ -588,7 +588,7 @@ - assert(position >= 0); - if (odd & (1 << (table_bits + 1))) - delta -= (1 << (table_bits + 1)); -- current -= delta * (1 << pos); -+ current -= (long) delta * (1 << pos); - control[position].power = pos + 16 * (w - 1); - control[position].addend = delta; - position--; diff --git a/deps/libssl/openssl b/deps/libssl/openssl deleted file mode 120000 index 4ca124e1d..000000000 --- a/deps/libssl/openssl +++ /dev/null @@ -1 +0,0 @@ -openssl-3.3.1 \ No newline at end of file diff --git a/deps/libssl/openssl-3.3.1.tar.gz b/deps/libssl/openssl-3.3.1.tar.gz deleted file mode 100644 index 832a70224..000000000 Binary files a/deps/libssl/openssl-3.3.1.tar.gz and /dev/null differ diff --git a/deps/libssl/verify-bio_st-match.sh b/deps/libssl/verify-bio_st-match.sh deleted file mode 100755 index 137f6cfee..000000000 --- a/deps/libssl/verify-bio_st-match.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -# make sure we have correct cwd -pushd $(dirname $0) &>/dev/null -trap 'popd &>/dev/null' EXIT - -echo "checking for 'deps/libssl/openssl/crypto/bio/bio_local.h'" -if [[ ! -e './openssl/crypto/bio/bio_local.h' ]]; then - echo "extracting 'openssl-*.tar.gz'" - tar -zxf openssl-*.tar.gz -fi - -echo "extracting 'struct bio_st' from 'deps/libssl/openssl/crypto/bio/bio_local.h'" -DEPBIOST=$(cd ../../; cat ./deps/libssl/openssl/crypto/bio/bio_local.h | sed -n '/^struct bio_st {/,/}/p') - -echo "extracting 'struct bio_st' from 'lib/mysql_data_stream.cpp'" -LIBBIOST=$(cd ../../; cat ./lib/mysql_data_stream.cpp | sed '/^\/\*/,/*\//d' | sed -n '/^struct bio_st {/,/}/p') - -echo -n "Comparing ... " -if [[ "$LIBBIOST" =~ "$DEPBIOST" ]]; then - echo "PASS - bio_st is a match!" -else - echo "FAIL - bio_st does not match!" - echo - echo ">>> lib/mysql_data_stream.cpp" - echo "$LIBBIOST" - echo "===" - echo "$DEPBIOST" - echo "<<< deps/libssl/openssl/crypto/bio/bio_local.h" - exit 1 -fi diff --git a/lib/Makefile b/lib/Makefile index 504b766ee..0c2d605c3 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -47,8 +47,20 @@ COREDUMPER_IDIR := $(COREDUMPER_DIR)/include CURL_DIR := $(DEPS_PATH)/curl/curl CURL_IDIR := $(CURL_DIR)/include -SSL_DIR := $(DEPS_PATH)/libssl/openssl/ -SSL_IDIR := $(SSL_DIR)/include +DISTRO := $(shell lsb_release -si 2>/dev/null || grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"') + +ifeq ($(DISTRO), almalinux) + ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl3/*" 2>/dev/null | head -n 1) +else + ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) +endif + +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(shell dirname $(ssl_header_path))) + $(info Found yash OpenSSL headers at $(SSL_IDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif EV_DIR := $(DEPS_PATH)/libev/libev/ EV_IDIR := $(EV_DIR) diff --git a/lib/PgSQL_Data_Stream.cpp b/lib/PgSQL_Data_Stream.cpp index 740320fcc..9967878a4 100644 --- a/lib/PgSQL_Data_Stream.cpp +++ b/lib/PgSQL_Data_Stream.cpp @@ -11,61 +11,6 @@ #include "openssl/x509v3.h" -/* - -in libssl 1.1.0 -struct bio_st { - const BIO_METHOD *method; - long (*callback) (struct bio_st *, int, const char *, int, long, long); - char *cb_arg; - int init; - int shutdown; - int flags; - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; - struct bio_st *prev_bio; - int references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK *lock; -}; -*/ - -typedef int CRYPTO_REF_COUNT; - -/** - * @brief This is the 'bio_st' struct definition from libssl 3.0.0. NOTE: This is an internal struct from - * OpenSSL library, currently it's used for performing checks on the reads/writes performed on the BIO objects. - * It's extremely important to keep this struct up to date with each OpenSSL dependency update. - */ -struct bio_st { - OSSL_LIB_CTX* libctx; - const BIO_METHOD* method; - /* bio, mode, argp, argi, argl, ret */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 - BIO_callback_fn callback; -#endif - BIO_callback_fn_ex callback_ex; - char* cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void* ptr; - struct bio_st* next_bio; /* used by filter BIOs */ - struct bio_st* prev_bio; /* used by filter BIOs */ - CRYPTO_REF_COUNT references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK* lock; -}; - - #define RESULTSET_BUFLEN_DS_16K 16000 #define RESULTSET_BUFLEN_DS_1M 1000*1024 @@ -602,8 +547,8 @@ int PgSQL_Data_Stream::read_from_net() { //ssize_t n = read(fd, buf, sizeof(buf)); int n = recv(fd, buf, sizeof(buf), 0); //proxy_info("SSL recv of %d bytes\n", n); - proxy_debug(PROXY_DEBUG_NET, 7, "Session=%p: recv() read %d bytes. num_write: %lu , num_read: %lu\n", sess, n, rbio_ssl->num_write, rbio_ssl->num_read); - if (n > 0 || rbio_ssl->num_write > rbio_ssl->num_read) { + proxy_debug(PROXY_DEBUG_NET, 7, "Session=%p: recv() read %d bytes. num_write: %lu , num_read: %lu\n", sess, n, BIO_number_written(rbio_ssl), BIO_number_read(rbio_ssl)); + if (n > 0 || BIO_number_written(rbio_ssl) > BIO_number_read(rbio_ssl)) { //on_read_cb(buf, (size_t)n); char buf2[MY_SSL_BUFFER]; @@ -728,7 +673,7 @@ int PgSQL_Data_Stream::write_to_net() { if (encrypted == false) { return 0; } - if (ssl_write_len == 0 && wbio_ssl->num_write == wbio_ssl->num_read) { + if (ssl_write_len == 0 && BIO_number_written(wbio_ssl) == BIO_number_read(wbio_ssl)) { return 0; } } @@ -738,7 +683,7 @@ int PgSQL_Data_Stream::write_to_net() { bytes_io = SSL_write(ssl, queue_r_ptr(queueOUT), s); //proxy_info("Used SSL_write to write %d bytes\n", bytes_io); proxy_debug(PROXY_DEBUG_NET, 7, "Session=%p, Datastream=%p: SSL_write() wrote %d bytes . queueOUT before: %u\n", sess, this, bytes_io, queue_data(queueOUT)); - if (ssl_write_len || wbio_ssl->num_write > wbio_ssl->num_read) { + if (ssl_write_len || BIO_number_written(wbio_ssl) > BIO_number_read(wbio_ssl)) { //proxy_info("ssl_write_len = %d , num_write = %d , num_read = %d\n", ssl_write_len , wbio_ssl->num_write , wbio_ssl->num_read); char buf[MY_SSL_BUFFER]; do { @@ -861,7 +806,7 @@ void PgSQL_Data_Stream::set_pollout() { _pollfd->events |= POLLOUT; } if (encrypted) { - if (ssl_write_len || wbio_ssl->num_write > wbio_ssl->num_read) { + if (ssl_write_len || BIO_number_written(wbio_ssl) > BIO_number_read(wbio_ssl)) { _pollfd->events |= POLLOUT; } else { @@ -966,7 +911,7 @@ int PgSQL_Data_Stream::write_to_net_poll() { } if (call_write_to_net == false) { if (encrypted) { - if (ssl_write_len || wbio_ssl->num_write > wbio_ssl->num_read) { + if (ssl_write_len || BIO_number_written(wbio_ssl) > BIO_number_read(wbio_ssl)) { call_write_to_net = true; } } @@ -1362,7 +1307,7 @@ void PgSQL_Data_Stream::destroy_MySQL_Connection_From_Pool(bool sq) { } bool PgSQL_Data_Stream::data_in_rbio() { - if (rbio_ssl->num_write > rbio_ssl->num_read) { + if (BIO_number_written(rbio_ssl) > BIO_number_read(rbio_ssl)) { return true; } return false; diff --git a/lib/mysql_data_stream.cpp b/lib/mysql_data_stream.cpp index 594bc617f..986541f77 100644 --- a/lib/mysql_data_stream.cpp +++ b/lib/mysql_data_stream.cpp @@ -14,93 +14,6 @@ using json = nlohmann::json; #include "openssl/x509v3.h" - -/** - * @brief This is the 'bio_st' struct definition from libssl. NOTE: This is an internal struct from - * OpenSSL library, currently it's used for performing checks on the reads/writes performed on the BIO objects. - * It's extremely important to keep this struct up to date with each OpenSSL dependency update. - */ -typedef int CRYPTO_REF_COUNT; - -#if (OPENSSL_VERSION_NUMBER & 0xFFFF0000) == 0x10100000 -#pragma message "libssl 1.1.x detected" -struct bio_st { - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ - BIO_callback_fn callback; - BIO_callback_fn_ex callback_ex; - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - CRYPTO_REF_COUNT references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK *lock; -}; - -#elif (OPENSSL_VERSION_NUMBER & 0xFFFF0000) == 0x30000000 || (OPENSSL_VERSION_NUMBER & 0xFFFF0000) == 0x30100000 -#pragma message "libssl 3.0.x / 3.1.x detected" -struct bio_st { - OSSL_LIB_CTX *libctx; - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 - BIO_callback_fn callback; -#endif - BIO_callback_fn_ex callback_ex; - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - CRYPTO_REF_COUNT references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK *lock; -}; - -#elif (OPENSSL_VERSION_NUMBER & 0xFFFF0000) == 0x30200000 || (OPENSSL_VERSION_NUMBER & 0xFFFF0000) == 0x30300000 -#pragma message "libssl 3.2.x / 3.3.x detected" -struct bio_st { - OSSL_LIB_CTX *libctx; - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 - BIO_callback_fn callback; -#endif - BIO_callback_fn_ex callback_ex; - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - CRYPTO_REF_COUNT references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; -}; - -#else -#error "libssl version not supported: OPENSSL_VERSION_NUMBER = " ##OPENSSL_VERSION_NUMBER -#endif - - #define RESULTSET_BUFLEN_DS_16K 16000 #define RESULTSET_BUFLEN_DS_1M 1000*1024 @@ -606,9 +519,9 @@ int MySQL_Data_Stream::read_from_net() { } char buf[MY_SSL_BUFFER]; int ssl_recv_bytes = recv(fd, buf, sizeof(buf), 0); - proxy_debug(PROXY_DEBUG_NET, 7, "Session=%p: recv() read %d bytes. num_write: %lu , num_read: %lu\n", sess, ssl_recv_bytes, rbio_ssl->num_write , rbio_ssl->num_read); + proxy_debug(PROXY_DEBUG_NET, 7, "Session=%p: recv() read %d bytes. num_write: %lu , num_read: %lu\n", sess, ssl_recv_bytes, BIO_number_written(rbio_ssl) , BIO_number_read(rbio_ssl)); - if (ssl_recv_bytes > 0 || rbio_ssl->num_write > rbio_ssl->num_read) { + if (ssl_recv_bytes > 0 || BIO_number_written(rbio_ssl) > BIO_number_read(rbio_ssl)) { char buf2[MY_SSL_BUFFER]; int n2; enum sslstatus status; @@ -731,7 +644,7 @@ int MySQL_Data_Stream::write_to_net() { if (encrypted == false) { return 0; } - if (ssl_write_len == 0 && wbio_ssl->num_write == wbio_ssl->num_read) { + if (ssl_write_len == 0 && BIO_number_written(wbio_ssl) == BIO_number_read(wbio_ssl)) { return 0; } } @@ -741,7 +654,7 @@ int MySQL_Data_Stream::write_to_net() { bytes_io = SSL_write (ssl, queue_r_ptr(queueOUT), s); //proxy_info("Used SSL_write to write %d bytes\n", bytes_io); proxy_debug(PROXY_DEBUG_NET, 7, "Session=%p, Datastream=%p: SSL_write() wrote %d bytes . queueOUT before: %u\n", sess, this, bytes_io, queue_data(queueOUT)); - if (ssl_write_len || wbio_ssl->num_write > wbio_ssl->num_read) { + if (ssl_write_len || BIO_number_written(wbio_ssl) > BIO_number_read(wbio_ssl)) { //proxy_info("ssl_write_len = %d , num_write = %d , num_read = %d\n", ssl_write_len , wbio_ssl->num_write , wbio_ssl->num_read); char buf[MY_SSL_BUFFER]; do { @@ -857,7 +770,7 @@ void MySQL_Data_Stream::set_pollout() { _pollfd->events |= POLLOUT; } if (encrypted) { - if (ssl_write_len || wbio_ssl->num_write > wbio_ssl->num_read) { + if (ssl_write_len || BIO_number_written(wbio_ssl) > BIO_number_read(wbio_ssl)) { _pollfd->events |= POLLOUT; } else { if (!SSL_is_init_finished(ssl)) { @@ -955,7 +868,7 @@ int MySQL_Data_Stream::write_to_net_poll() { } if (call_write_to_net == false) { if (encrypted) { - if (ssl_write_len || wbio_ssl->num_write > wbio_ssl->num_read) { + if (ssl_write_len || BIO_number_written(wbio_ssl) > BIO_number_read(wbio_ssl)) { call_write_to_net = true; } } @@ -1629,7 +1542,7 @@ void MySQL_Data_Stream::destroy_MySQL_Connection_From_Pool(bool sq) { } bool MySQL_Data_Stream::data_in_rbio() { - if (rbio_ssl->num_write > rbio_ssl->num_read) { + if (BIO_number_written(rbio_ssl) > BIO_number_read(rbio_ssl)) { return true; } return false; diff --git a/src/Makefile b/src/Makefile index ee7b9f50f..4da9e31e6 100644 --- a/src/Makefile +++ b/src/Makefile @@ -81,9 +81,28 @@ CURL_PATH := $(DEPS_PATH)/curl/curl CURL_IDIR := $(CURL_PATH)/include CURL_LDIR := $(CURL_PATH)/lib/.libs -SSL_PATH := $(DEPS_PATH)/libssl/openssl/ -SSL_IDIR := $(SSL_PATH)/include -SSL_LDIR := $(SSL_PATH) +DISTRO := $(shell lsb_release -si 2>/dev/null || grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"') + +ifeq ($(DISTRO), almalinux) + ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl3/*" 2>/dev/null | head -n 1) + LIB_SSL_PATH := $(shell find /usr /usr/local /opt -name "libssl.so.3" 2>/dev/null | head -n 1) + LIB_CRYPTO_PATH := $(shell find /usr /usr/local /opt -name "libcrypto.so.3" 2>/dev/null | head -n 1) + SSL_LDIR := $(dir $(LIB_SSL_PATH)) +else + ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) + LIB_SSL_PATH := $(shell find /usr /usr/local /opt -name "libssl.so" 2>/dev/null | head -n 1) + LIB_CRYPTO_PATH := $(shell find /usr /usr/local /opt -name "libcrypto.so" 2>/dev/null | head -n 1) + SSL_LDIR := $(dir $(LIB_SSL_PATH)) +endif + +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(shell dirname $(ssl_header_path))) + $(info Found OpenSSL headers at $(SSL_IDIR)) + $(info OpenSSL lib full path is $(LIB_SSL_PATH)) + $(info OpenSSL libs directory is $(SSL_LDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif EV_PATH := $(DEPS_PATH)/libev/libev/ EV_IDIR := $(EV_PATH) @@ -174,7 +193,7 @@ endif MYCXXFLAGS += $(IDIRS) $(OPTZ) $(DEBUG) $(PSQLCH) -DGITVERSION=\"$(GIT_VERSION)\" $(NOJEM) $(WGCOV) $(WASAN) -STATICMYLIBS := -Wl,-Bstatic -lconfig -lproxysql -ldaemon -lconfig++ -lre2 -lpcrecpp -lpcre -lmariadbclient -lhttpserver -lmicrohttpd -linjection -lcurl -lssl -lcrypto -lev -lscram -lusual -lpq -lpgcommon -lpgport +STATICMYLIBS := -Wl,-Bstatic -lconfig -lproxysql -ldaemon -lconfig++ -lre2 -lpcrecpp -lpcre -lmariadbclient -lhttpserver -lmicrohttpd -linjection -lcurl -lev -lscram -lusual -lpq -lpgcommon -lpgport ifneq ($(NOJEMALLOC),1) STATICMYLIBS += -ljemalloc endif @@ -182,7 +201,12 @@ ifeq ($(UNAME_S),Linux) STATICMYLIBS += -lcoredumper endif -MYLIBS := -Wl,--export-dynamic $(STATICMYLIBS) -Wl,-Bdynamic -lgnutls -lpthread -lm -lz -lrt -lprometheus-cpp-pull -lprometheus-cpp-core -luuid $(EXTRALINK) +ifeq ($(DISTRO), almalinux) + MYLIBS := -Wl,--export-dynamic $(STATICMYLIBS) -Wl,-Bdynamic -lgnutls -lpthread $(LIB_SSL_PATH) $(LIB_CRYPTO_PATH) -lm -lz -lrt -lprometheus-cpp-pull -lprometheus-cpp-core -luuid $(EXTRALINK) +else + MYLIBS := -Wl,--export-dynamic $(STATICMYLIBS) -Wl,-Bdynamic -lgnutls -lpthread -lssl -lcrypto -lm -lz -lrt -lprometheus-cpp-pull -lprometheus-cpp-core -luuid $(EXTRALINK) +endif + ifeq ($(UNAME_S),Darwin) MYLIBS :=-lre2 -lmariadbclient -lpq -lpthread -lm -lz -liconv -lgnutls -lprometheus-cpp-pull -lprometheus-cpp-core -luuid else @@ -215,8 +239,6 @@ ifeq ($(UNAME_S),Darwin) LIBPROXYSQLAR += $(LIBINJECTION_LDIR)/libinjection.a LIBPROXYSQLAR += $(EV_LDIR)/libev.a endif -LIBPROXYSQLAR += $(SSL_LDIR)/libssl.a -LIBPROXYSQLAR += $(SSL_LDIR)/libcrypto.a LIBPROXYSQLAR += $(CITYHASH_LDIR)/libcityhash.a ODIR := obj diff --git a/src/main.cpp b/src/main.cpp index 4a60035fe..f195bea15 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -338,6 +338,17 @@ static void init_locks(void) { } +static bool check_openssl_version() { + unsigned long version = OpenSSL_version_num(); + const unsigned long OPENSSL_3_0_0 = 0x30000000L; + + proxy_info("Using OpenSSL version: %s\n", OpenSSL_version(OPENSSL_VERSION)); + if (version < OPENSSL_3_0_0) { + proxy_error("%s\n", "ProxySQL server required openssl version 3.0.0 or above"); + return false; + } + return true; +} void ProxySQL_Main_init_SSL_module() { @@ -346,7 +357,6 @@ void ProxySQL_Main_init_SSL_module() { proxy_error("%s\n", SSL_alert_desc_string_long(rc)); } init_locks(); - proxy_info("Using OpenSSL version: %s\n", OpenSSL_version(OPENSSL_VERSION)); SSL_METHOD *ssl_method; OpenSSL_add_all_algorithms(); SSL_load_error_strings(); @@ -2289,6 +2299,9 @@ int main(int argc, const char * argv[]) { if (rc) { exit(EXIT_FAILURE); } } + if (check_openssl_version() == false) { + exit(EXIT_FAILURE); + } #ifdef DEBUG { diff --git a/test/Makefile b/test/Makefile index 9842ffd59..7b1ece3d9 100644 --- a/test/Makefile +++ b/test/Makefile @@ -43,8 +43,14 @@ MICROHTTPD_IDIR := $(MICROHTTPD_PATH)/src/include CURL_PATH := $(DEPS_PATH)/curl/curl CURL_IDIR := -I$(CURL_PATH)/include -SSL_PATH := $(DEPS_PATH)/libssl/openssl/ -SSL_IDIR := $(SSL_PATH)/include +ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) + +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(ssl_header_path)) + $(info Found OpenSSL headers at $(SSL_IDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif EV_PATH := $(DEPS_PATH)/libev/libev/ EV_IDIR := $(EV_PATH) diff --git a/test/deps/Makefile b/test/deps/Makefile index 90c2bcb34..0eabf53c1 100644 --- a/test/deps/Makefile +++ b/test/deps/Makefile @@ -20,7 +20,7 @@ mariadb-connector-c/mariadb-connector-c/libmariadb/libmariadbclient.a: cd mariadb-connector-c && tar -zxf mariadb-connector-c-*.tar.gz cd mariadb-connector-c/mariadb-connector-c && patch -p0 < ../CMakeLists.txt.patch cd mariadb-connector-c/mariadb-connector-c && patch -p0 < ../ConnectorName.cmake.patch - cd mariadb-connector-c/mariadb-connector-c && cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENSSL_ROOT_DIR=$(DEPS_PATH)/libssl/openssl/ + cd mariadb-connector-c/mariadb-connector-c && cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo cd mariadb-connector-c/mariadb-connector-c && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient mariadb_client: mariadb-connector-c/mariadb-connector-c/libmariadb/libmariadbclient.a @@ -32,7 +32,7 @@ mysql-connector-c/mysql-connector-c/libmysql/libmysqlclient.a: mysql-connector-c cd mysql-connector-c && rm -rf mysql-*/ || true cd mysql-connector-c && tar -zxf mysql-boost-5.7.*.tar.gz cd mysql-connector-c && ln -fsT $$(ls -1d mysql-5.7.*/) mysql-connector-c - cd mysql-connector-c/mysql-connector-c && cmake . -DWITH_BOOST=./boost -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_CXX_FLAGS_RELWITHDEBINFO="-O0 -ggdb -DNDEBUG -fPIC" -DOPENSSL_ROOT_DIR=$(DEPS_PATH)/libssl/openssl + cd mysql-connector-c/mysql-connector-c && cmake . -DWITH_BOOST=./boost -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_CXX_FLAGS_RELWITHDEBINFO="-O0 -ggdb -DNDEBUG -fPIC" cd mysql-connector-c/mysql-connector-c && CC=${CC} CXX=${CXX} ${MAKE} mysqlclient mysql cd mysql-connector-c/mysql-connector-c && cp archive_output_directory/libmysqlclient.a libmysql/ @@ -47,7 +47,7 @@ mysql-connector-c-8.4.0/mysql-connector-c/libmysql/libmysqlclient.a: mysql-conne cd mysql-connector-c-8.4.0 && ln -fsT $$(ls -1d mysql-8.4.*/) mysql-connector-c cd mysql-connector-c-8.4.0/mysql-connector-c && cmake . -DFORCE_INSOURCE_BUILD=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo \ -DWITHOUT_SERVER=ON -DDOWNLOAD_BOOST=1 -DWITH_BOOST=./mysql-server/downloads/ -DWITH_UNIT_TESTS=OFF \ - -DCMAKE_CXX_FLAGS_RELWITHDEBINFO="-O0 -ggdb -DNDEBUG -fPIC" -DOPENSSL_ROOT_DIR=$(DEPS_PATH)/libssl/openssl + -DCMAKE_CXX_FLAGS_RELWITHDEBINFO="-O0 -ggdb -DNDEBUG -fPIC" cd mysql-connector-c-8.4.0/mysql-connector-c && CC=${CC} CXX=${CXX} ${MAKE} cd mysql-connector-c-8.4.0/mysql-connector-c && cp archive_output_directory/libmysqlclient.a libmysql/ diff --git a/test/tap/tap/Makefile b/test/tap/tap/Makefile index aa7fb3486..a39395352 100644 --- a/test/tap/tap/Makefile +++ b/test/tap/tap/Makefile @@ -92,27 +92,26 @@ default: all .PHONY: all all: libtap_mariadb.a libtap_mysql57.a libtap_mysql8.a \ - libtap.so libssl.so.3 libcrypto.so.3 libcpp_dotenv.so libre2.so + libtap.so libcpp_dotenv.so libre2.so debug: OPT := $(STDCPP) -O0 -DDEBUG -ggdb -Wl,--no-as-needed $(WASAN) debug: libtap_mariadb.a libtap_mysql57.a libtap_mysql8.a libtap.so - ### helper targets -command_line.o: command_line.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so libssl.so.3 libcrypto.so.3 libcpp_dotenv.so +command_line.o: command_line.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so -lssl -lcrypto libcpp_dotenv.so $(CXX) -fPIC -c command_line.cpp $(IDIRS) $(OPT) -utils_mariadb.o: utils.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so libssl.so.3 libcrypto.so.3 libcpp_dotenv.so +utils_mariadb.o: utils.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so -lssl -lcrypto libcpp_dotenv.so $(CXX) -fPIC -c utils.cpp $(IDIRS) -I$(MARIADB_IDIR) $(OPT) -o $@ -utils_mysql57.o: utils.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so libssl.so.3 libcrypto.so.3 libcpp_dotenv.so +utils_mysql57.o: utils.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so -lssl -lcrypto libcpp_dotenv.so $(CXX) -DDISABLE_WARNING_COUNT_LOGGING -fPIC -c utils.cpp $(IDIRS) -I$(TEST_MYSQL_IDIR) -I$(TEST_MYSQL_EDIR) $(OPT) -o $@ -utils_mysql8.o: utils.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so libssl.so.3 libcrypto.so.3 libcpp_dotenv.so +utils_mysql8.o: utils.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so -lssl -lcrypto libcpp_dotenv.so $(CXX) -DDISABLE_WARNING_COUNT_LOGGING -fPIC -c utils.cpp $(IDIRS) -I$(TEST_MYSQL8_IDIR) -I$(TEST_MYSQL_EDIR) $(OPT) -o $@ -tap.o: tap.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so libssl.so.3 libcrypto.so.3 libcpp_dotenv.so +tap.o: tap.cpp cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a libcurl.so -lssl -lcrypto libcpp_dotenv.so $(CXX) -fPIC -c tap.cpp $(IDIRS) $(OPT) libtap_mariadb.a: tap.o command_line.o utils_mariadb.o cpp-dotenv/static/cpp-dotenv/libcpp_dotenv.a @@ -130,12 +129,6 @@ libtap.so: libtap_mariadb.a cpp-dotenv/dynamic/cpp-dotenv/libcpp_dotenv.so libre ### tap deps targets -libssl.so.3: $(DEPS_PATH)/libssl/openssl/libssl.so.3 - cp -a $(DEPS_PATH)/libssl/openssl/libssl.so* . - -libcrypto.so.3: $(DEPS_PATH)/libssl/openssl/libcrypto.so.3 - cp -a $(DEPS_PATH)/libssl/openssl/libcrypto.so* . - libcpp_dotenv.so: cpp-dotenv/dynamic/cpp-dotenv/libcpp_dotenv.so find cpp-dotenv/dynamic/cpp-dotenv/ -name '*.so' -exec cp -a {} . \; diff --git a/test/tap/tests/Makefile b/test/tap/tests/Makefile index 76fb0b23e..488659cc8 100644 --- a/test/tap/tests/Makefile +++ b/test/tap/tests/Makefile @@ -62,9 +62,23 @@ LIBINJECTION_DIR := $(DEPS_PATH)/libinjection/libinjection LIBINJECTION_IDIR := $(LIBINJECTION_DIR)/src LIBINJECTION_LDIR := $(LIBINJECTION_DIR)/src -SSL_DIR := $(DEPS_PATH)/libssl/openssl/ -SSL_IDIR := $(SSL_DIR)/include -SSL_LDIR := $(SSL_DIR) +libssl_path := $(shell find /usr /usr/local /opt -name "libssl.so" 2>/dev/null | head -n 1) + +ifneq ($(libssl_path),) + SSL_LDIR := $(dir $(libssl_path)) + $(info Found OpenSSL libs at $(SSL_LDIR)) +else + $(error Warning: OpenSSL library not found. exiting, please install openssl.) +endif + +ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) + +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(ssl_header_path)) + $(info Found OpenSSL headers at $(SSL_IDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif EV_DIR := $(DEPS_PATH)/libev/libev/ EV_IDIR := $(EV_DIR) diff --git a/test/tap/tests_with_deps/common_defs.Makefile b/test/tap/tests_with_deps/common_defs.Makefile index 41542d7a4..0ad21d3d7 100644 --- a/test/tap/tests_with_deps/common_defs.Makefile +++ b/test/tap/tests_with_deps/common_defs.Makefile @@ -44,9 +44,23 @@ LIBINJECTION_DIR=$(DEPS_PATH)/libinjection/libinjection LIBINJECTION_IDIR=$(LIBINJECTION_DIR)/src LIBINJECTION_LDIR=$(LIBINJECTION_DIR)/src -SSL_DIR=$(DEPS_PATH)/libssl/openssl/ -SSL_IDIR=$(SSL_DIR)/include -SSL_LDIR=$(SSL_DIR) +libssl_path := $(shell find /usr /usr/local /opt -name "libssl.so" 2>/dev/null | head -n 1) + +ifneq ($(libssl_path),) + SSL_LDIR := $(dir $(libssl_path)) + $(info Found OpenSSL libs at $(SSL_LDIR)) +else + $(error Warning: OpenSSL library not found. exiting, please install openssl.) +endif + +ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) + +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(ssl_header_path)) + $(info Found OpenSSL headers at $(SSL_IDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif EV_DIR=$(DEPS_PATH)/libev/libev/ EV_IDIR=$(EV_DIR) diff --git a/test/tap/tests_with_deps/deprecate_eof_support/Makefile b/test/tap/tests_with_deps/deprecate_eof_support/Makefile index 32db6d762..f259ebc3d 100644 --- a/test/tap/tests_with_deps/deprecate_eof_support/Makefile +++ b/test/tap/tests_with_deps/deprecate_eof_support/Makefile @@ -50,9 +50,23 @@ MICROHTTPD_DIR := $(DEPS_PATH)/libmicrohttpd/libmicrohttpd/src MICROHTTPD_IDIR := $(MICROHTTPD_DIR)/include MICROHTTPD_LDIR := $(MICROHTTPD_DIR)/microhttpd/.libs -SSL_DIR := $(DEPS_PATH)/libssl/openssl/ -SSL_IDIR := $(SSL_DIR)/include -SSL_LDIR := $(SSL_DIR) +libssl_path := $(shell find /usr /usr/local /opt -name "libssl.so" 2>/dev/null | head -n 1) + +ifneq ($(libssl_path),) + SSL_LDIR := $(dir $(libssl_path)) + $(info Found OpenSSL libs at $(SSL_LDIR)) +else + $(error Warning: OpenSSL library not found. exiting, please install openssl.) +endif + +ssl_header_path := $(shell find /usr /usr/local /opt -name "ssl.h" -path "*/openssl/*" 2>/dev/null | head -n 1) + +ifneq ($(ssl_header_path),) + SSL_IDIR := $(shell dirname $(ssl_header_path)) + $(info Found OpenSSL headers at $(SSL_IDIR)) +else + $(error Warning: OpenSSL headers not found. exiting, please install openssl.) +endif EV_DIR := $(DEPS_PATH)/libev/libev/ EV_IDIR := $(EV_DIR)