Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Wolf SSL #14808

Closed
wants to merge 25 commits into from
Closed

Add support for Wolf SSL #14808

wants to merge 25 commits into from

Conversation

thiagoftsm
Copy link
Contributor

@thiagoftsm thiagoftsm commented Mar 27, 2023
edited

Summary

Fixes #6509

Test Plan
  1. Before to compile and test this branch, it is necessary to install wolfssl on your system. The default compilation of the library won't allow everything necessary to have ACLK debug messages and cloud, to fix this I compiled it using the following options:
# ./autogen.sh
# CFLAGS="-DOPENSSL_EXTRA -DHAVE_SECRET_CALLBACK -DWOLFSSL_TRUST_PEER_CERT" ./configure --prefix=/usr --enable-all --enable-static --enable-iopool --enable-secure-renegotiation --enable-sni
# make  CFLAGS="-DOPENSSL_EXTRA -DHAVE_SECRET_CALLBACK -DWOLFSSL_TRUST_PEER_CERT"
# make install
# ldconfig
Additional Information
For users: How does this change affect me?

@thiagoftsm thiagoftsm marked this pull request as draft March 27, 2023 00:21
@github-actions github-actions bot added area/aclk area/build Build system (autotools and cmake). area/database area/packaging Packaging and operating systems support labels Mar 27, 2023
@vkalintiris
Copy link
Contributor

@thiagoftsm I know this is a draft, but please consider exposing a common API for our ssl/hashing needs from a sub-component within libnetdata in order to avoid various ifdefs like these in the rest of the agent:

#if defined(OPENSSL_VERSION_NUMBER)
#include <openssl/sha.h>
#include <openssl/evp.h>
#elif defined(WOLFSSL_VERSION)
#include <wolfssl/openssl/sha.h>
#include <wolfssl/openssl/evp.h>
#endif

@thiagoftsm
Copy link
Contributor Author

@thiagoftsm I know this is a draft, but please consider exposing a common API for our ssl/hashing needs from a sub-component within libnetdata in order to avoid various ifdefs like these in the rest of the agent:

#if defined(OPENSSL_VERSION_NUMBER)
#include <openssl/sha.h>
#include <openssl/evp.h>
#elif defined(WOLFSSL_VERSION)
#include <wolfssl/openssl/sha.h>
#include <wolfssl/openssl/evp.h>
#endif

All right @vkalintiris ,

I will reorganize the code, I began to write like this to observe compatibility between libraries, but I agree with you.

Best regards!

@github-actions github-actions bot added area/collectors Everything related to data collection area/daemon collectors/freeipmi labels Mar 28, 2023
thiagoftsm added a commit to thiagoftsm/netdata that referenced this pull request Mar 30, 2023
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment)
489358b
thiagoftsm added a commit to thiagoftsm/netdata that referenced this pull request Mar 31, 2023
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment) again and also add m…
28f227a 
…issing headers
bykosy63t referenced this pull request Apr 1, 2023
@petecooper
tidy up the installer script usage message (#12171)
bbb546e
thiagoftsm added a commit to thiagoftsm/netdata that referenced this pull request Apr 2, 2023
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment)
0a4514d
thiagoftsm added a commit to thiagoftsm/netdata that referenced this pull request Apr 2, 2023
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment) again and also add m…
d6e96c5 
…issing headers
thiagoftsm added a commit to thiagoftsm/netdata that referenced this pull request Apr 10, 2023
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment)
93f6bf3
thiagoftsm added a commit to thiagoftsm/netdata that referenced this pull request Apr 10, 2023
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment) again and also add m…
3b07ebe 
…issing headers
@thiagoftsm thiagoftsm mentioned this pull request Apr 12, 2023
Closed
@thiagoftsm
wolfssl: Modify aclk/aclk.c to use specific header only when linked w…
40c8df1 
…ith OpenSSL
@thiagoftsm
wolfssl: Modify configure.ac to to use both libraries according new o…
a90ec33 
…ption --enable-wolfssl
@thiagoftsm
wolfssl: Add new option --enable-wolfssl in netdata-installer.sh
1f8d7f1
@thiagoftsm
wolfssl: Add Wolfssl headers in security.h
75478b9
@thiagoftsm
wolfssl: Add Wolfssl headers in rrdengine.h
e92a1eb
@thiagoftsm
wolfssl: Add Wolfssl headers in aclk/aclk.c
c9a85f2
@thiagoftsm
wolfssl: Rename function security_openssl_library to a more meaninful…
b765496 
… name and add Wolfssl init code
@thiagoftsm
wolfssl: Rename function security_initialize_openssl_client to a more…
234b923 
… meaninful name and add Wolfssl clientt code
@thiagoftsm
wolfssl: Rename function security_clean_ssl to a more meaninful name …
ff00f76 
…and add Wolfssl cleanup code
@thiagoftsm
wolfssl: Rename variable protocol_version to avoid conflict with WOLF…
0dc617e 
…_SSL
@thiagoftsm
wolfssl: Use only macros from our autoconf to avoid conflicts between…
d9c5018 
… libraries.
@thiagoftsm
wolfssl: Fix typo and debug message according to library linked.
4a8e842
@thiagoftsm
wolfssl: Modify configure.ac to compile kinesis with correct library
27fcd56
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment)
3bda843
@thiagoftsm
wolfssl: Address comment netdata#14808 (comment) again and also add m…
2c23550 
…issing headers
@thiagoftsm
wolfssl: Add headers used in dbengine. It looks like that some OpenSS…
fb94582 
…L versions do not have functions in previous headers already added.
@thiagoftsm
wolfssl: Modify configure.ac removing unecessary tests and conflicts.
3093a00
@thiagoftsm
wolfssl: Modify Makefile.am to compile future version of mqtt_websock…
101dffa 
…ets that we will bring next week.
@thiagoftsm
wolfssl: Rename function security_openssl_common_options and adjust m…
d0ae4b3 
…acros
@thiagoftsm
wolfssl: Modify security_initialize_ssl_client to use only one macro …
7b6ba92 
…trough code
@thiagoftsm
wolfssl: Rename function security_initialize_openssl_server.
6afb563
@ktsaou
Copy link
Member

ktsaou commented Jun 7, 2023

This needs to be implemented using the new SSL abstraction layer we implemented in #15113

@thiagoftsm
Copy link
Contributor Author

All right @ktsaou ,

I am waiting for the PR to merged for me to return here.
I will take a look in other PR today yet.

Best regards!

@thiagoftsm
Copy link
Contributor Author

Closing it, because we changed our submodules and it will be simpler for reviewers to start from scratch using our current structure.

@thiagoftsm thiagoftsm closed this Jan 17, 2024
@thiagoftsm thiagoftsm deleted the wolfssl branch January 17, 2024 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ferroin Ferroin Awaiting requested review from Ferroin Ferroin is a code owner

@tkatsoulas tkatsoulas Awaiting requested review from tkatsoulas

@vkalintiris vkalintiris Awaiting requested review from vkalintiris

@stelfrag stelfrag Awaiting requested review from stelfrag

@underhood underhood Awaiting requested review from underhood

Assignees
No one assigned
Labels
area/aclk area/build Build system (autotools and cmake). area/collectors Everything related to data collection area/daemon area/database area/packaging Packaging and operating systems support collectors/freeipmi
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for other TLS/SSL libraries than OpenSSL
3 participants
@thiagoftsm @vkalintiris @ktsaou