summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStelios Fragkakis <52996999+stelfrag@users.noreply.github.com>2024-05-17 18:58:08 +0300
committerGitHub <noreply@github.com>2024-05-17 18:58:08 +0300
commita124de491a4fc06219a505a331ed1fa703232033 (patch)
treeb08e0b1c95bddb0c548bad0e7b1b5383ad687a26
parentf3e0205be0243d8055b8e7da9dd2fe073f2e213d (diff)
Revert "Support to WolfSSL (Step 1) (#17516)"revert-17516-use_wolfssl
This reverts commit 8d9c464de3f79f2e92fe6c46894ad2e09dd8f4d5.
Diffstat
-rw-r--r--CMakeLists.txt74
-rw-r--r--packaging/cmake/config.cmake.h.in1
-rw-r--r--src/aclk/aclk.c2
-rw-r--r--src/aclk/mqtt_websockets/mqtt_wss_client.c8
-rw-r--r--src/aclk/mqtt_websockets/mqtt_wss_client.h5
-rw-r--r--src/aclk/mqtt_websockets/ws_client.c5
-rw-r--r--src/claim/claim.c2
-rw-r--r--src/daemon/buildinfo.c13
-rw-r--r--src/daemon/commands.c7
-rw-r--r--src/database/contexts/api_v2.c6
-rw-r--r--src/database/contexts/worker.c2
-rw-r--r--src/database/engine/rrdengine.h6
-rw-r--r--src/database/rrdfunctions-inflight.c4
-rw-r--r--src/database/rrdhost.c2
-rw-r--r--src/libnetdata/libnetdata.h3
-rw-r--r--src/libnetdata/socket/README.md8
-rw-r--r--src/libnetdata/socket/security.c53
-rw-r--r--src/libnetdata/socket/security.h19
-rw-r--r--src/libnetdata/ssl/ssl.h43
-rw-r--r--src/streaming/receiver.c4
-rw-r--r--src/streaming/sender.c4
-rw-r--r--src/web/api/web_api_v1.c4
22 files changed, 65 insertions, 210 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 214f96c3b0..36f7ab7cab 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -126,13 +126,9 @@ set(CONFIG_H ${CONFIG_H_DIR}/config.h)
option(DEFAULT_FEATURE_STATE "Specify the default state for most optional features" True)
mark_as_advanced(DEFAULT_FEATURE_STATE)
-# ssl
-option(ENABLE_WOLFSSL "Compile netdata using WolfSSL." False)
-cmake_dependent_option(ENABLE_OPENSSL "Compile netdata using OpenSSL." True "NOT ENABLE_WOLFSSL" False)
-
# High-level features
-cmake_dependent_option(ENABLE_ACLK "Enable Netdata Cloud support (ACLK)" ${DEFAULT_FEATURE_STATE} "NOT ENABLE_WOLFSSL" False)
-cmake_dependent_option(ENABLE_CLOUD "Enable Netdata Cloud by default at runtime" ${DEFAULT_FEATURE_STATE} "NOT ENABLE_WOLFSSL" False)
+option(ENABLE_ACLK "Enable Netdata Cloud support (ACLK)" ${DEFAULT_FEATURE_STATE})
+option(ENABLE_CLOUD "Enable Netdata Cloud by default at runtime" ${DEFAULT_FEATURE_STATE})
option(ENABLE_ML "Enable machine learning features" ${DEFAULT_FEATURE_STATE})
option(ENABLE_DBENGINE "Enable dbengine metrics storage" True)
@@ -147,7 +143,7 @@ mark_as_advanced(ENABLE_LEGACY_EBPF_PROGRAMS)
option(ENABLE_PLUGIN_FREEIPMI "Enable IPMI monitoring" ${DEFAULT_FEATURE_STATE})
option(ENABLE_PLUGIN_GO "Enable metric collectors written in Go" ${DEFAULT_FEATURE_STATE})
option(ENABLE_PLUGIN_LOCAL_LISTENERS "Enable local listening socket tracking (including service auto-discovery support)" ${DEFAULT_FEATURE_STATE})
-cmake_dependent_option(ENABLE_PLUGIN_LOGS_MANAGEMENT "Enable log collection and monitoring based on Fluent Bit" ${DEFAULT_FEATURE_STATE} "NOT ENABLE_WOLFSSL" False)
+option(ENABLE_PLUGIN_LOGS_MANAGEMENT "Enable log collection and monitoring based on Fluent Bit" ${DEFAULT_FEATURE_STATE})
option(ENABLE_PLUGIN_NETWORK_VIEWER "Enable network viewer functionality" ${DEFAULT_FEATURE_STATE})
option(ENABLE_PLUGIN_NFACCT "Enable Linux NFACCT metric collection" ${DEFAULT_FEATURE_STATE})
option(ENABLE_PLUGIN_PERF "Enable Linux performance counter monitoring" ${DEFAULT_FEATURE_STATE})
@@ -171,8 +167,7 @@ mark_as_advanced(ENABLE_LOGS_MANAGEMENT_TESTS)
# Experimental features
option(ENABLE_WEBRTC "Enable WebRTC dashboard communications (experimental)" False)
mark_as_advanced(ENABLE_WEBRTC)
-
-cmake_dependent_option(ENABLE_H2O "Enable H2O web server (experimental)" True "NOT ENABLE_WOLFSSL" False)
+option(ENABLE_H2O "Enable H2O web server (experimental)" True)
mark_as_advanced(ENABLE_H2O)
# Other optional functionality
@@ -185,21 +180,6 @@ mark_as_advanced(BUILD_FOR_PACKAGING)
cmake_dependent_option(FORCE_LEGACY_LIBBPF "Force usage of libbpf 0.0.9 instead of the latest version." False "ENABLE_PLUGIN_EBPF" False)
mark_as_advanced(FORCE_LEGACY_LIBBPF)
-include(CheckFunctionExists)
-
-if(ENABLE_WOLFSSL)
- pkg_check_modules(WOLFSSL wolfssl)
-
- list(APPEND CMAKE_REQUIRED_LIBRARIES wolfssl)
- check_function_exists(wolfSSL_set_alpn_protos HAVE_WOLFSSL_SET_ALPN_PROTOS)
- if(NOT HAVE_WOLFSSL_SET_ALPN_PROTOS)
- message(FATAL_ERROR "Your WolfSSL library has not been compiled with the OPENSSL_EXTRA flag, which is necessary to create symbols for the OpenSSL API that Netdata uses.")
- endif()
-else()
- # openssl/crypto
- pkg_check_modules(OPENSSL openssl)
-endif()
-
if(ENABLE_ACLK OR ENABLE_EXPORTER_PROMETHEUS_REMOTE_WRITE)
set(NEED_PROTOBUF True)
else()
@@ -308,6 +288,11 @@ endif()
# Libm
#
+# checks link with cmake required libs
+cmake_policy(SET CMP0075 NEW)
+
+include(CheckFunctionExists)
+
check_function_exists(log10 HAVE_LOG10)
if(NOT HAVE_LOG10)
unset(HAVE_LOG10 CACHE)
@@ -561,7 +546,11 @@ if(FREEBSD OR MACOS)
set(HAVE_BUILTIN_ATOMICS True)
endif()
-if(NOT OPENSSL_FOUND AND ENABLE_OPENSSL)
+# openssl/crypto
+set(ENABLE_OPENSSL True)
+pkg_check_modules(OPENSSL openssl)
+
+if(NOT OPENSSL_FOUND)
if(MACOS)
execute_process(COMMAND
brew --prefix --installed openssl
@@ -581,7 +570,7 @@ if(NOT OPENSSL_FOUND AND ENABLE_OPENSSL)
endif()
endif()
-if(NOT MACOS AND ENABLE_OPENSSL)
+if(NOT MACOS)
pkg_check_modules(CRYPTO libcrypto)
endif()
@@ -703,7 +692,6 @@ set(LIBNETDATA_FILES
src/libnetdata/required_dummies.h
src/libnetdata/socket/security.c
src/libnetdata/socket/security.h
- src/libnetdata/ssl/ssl.h
src/libnetdata/simple_pattern/simple_pattern.c
src/libnetdata/simple_pattern/simple_pattern.h
src/libnetdata/socket/socket.c
@@ -1430,7 +1418,7 @@ set(NETDATA_FILES
${WEB_PLUGIN_FILES}
${CLAIM_PLUGIN_FILES}
${SPAWN_PLUGIN_FILES}
- "$<$<BOOL:${ENABLE_OPENSSL}>:${ACLK_ALWAYS_BUILD}>"
+ ${ACLK_ALWAYS_BUILD}
${PROFILE_PLUGIN_FILES}
)
@@ -1725,26 +1713,15 @@ target_include_directories(libnetdata BEFORE PUBLIC ${LIBUV_INCLUDE_DIRS})
target_compile_options(libnetdata PUBLIC ${LIBUV_CFLAGS_OTHER})
target_link_libraries(libnetdata PUBLIC ${LIBUV_LDFLAGS})
-if (ENABLE_OPENSSL)
- message(STATUS "Compiling Netdata with OpenSSL")
- # crypto
- target_include_directories(libnetdata BEFORE PUBLIC ${CRYPTO_INCLUDE_DIRS})
- target_compile_options(libnetdata PUBLIC ${CRYPTO_CFLAGS_OTHER})
- target_link_libraries(libnetdata PUBLIC ${CRYPTO_LDFLAGS})
+# crypto
+target_include_directories(libnetdata BEFORE PUBLIC ${CRYPTO_INCLUDE_DIRS})
+target_compile_options(libnetdata PUBLIC ${CRYPTO_CFLAGS_OTHER})
+target_link_libraries(libnetdata PUBLIC ${CRYPTO_LDFLAGS})
- # openssl
- target_include_directories(libnetdata BEFORE PUBLIC ${OPENSSL_INCLUDE_DIRS})
- target_compile_options(libnetdata PUBLIC ${OPENSSL_CFLAGS_OTHER})
- target_link_libraries(libnetdata PUBLIC ${OPENSSL_LDFLAGS})
-endif()
-
-if (ENABLE_WOLFSSL)
- message(STATUS "Compiling Netdata with WolfSSL")
-
- target_include_directories(libnetdata BEFORE PUBLIC ${WOLFSSL_INCLUDE_DIRS})
- target_compile_options(libnetdata PUBLIC ${WOLFSSL_CFLAGS_OTHER})
- target_link_libraries(libnetdata PUBLIC ${WOLFSSL_LDFLAGS})
-endif()
+# openssl
+target_include_directories(libnetdata BEFORE PUBLIC ${OPENSSL_INCLUDE_DIRS})
+target_compile_options(libnetdata PUBLIC ${OPENSSL_CFLAGS_OTHER})
+target_link_libraries(libnetdata PUBLIC ${OPENSSL_LDFLAGS})
# mnl
if(NOT MACOS)
@@ -1772,8 +1749,7 @@ if(ENABLE_MQTTWEBSOCKETS)
target_compile_options(mqttwebsockets PUBLIC -DMQTT_WSS_CUSTOM_ALLOC
-DRBUF_CUSTOM_MALLOC
- -DMQTT_WSS_CPUSTATS
- )
+ -DMQTT_WSS_CPUSTATS)
target_include_directories(mqttwebsockets PUBLIC ${CMAKE_SOURCE_DIR}/aclk/helpers
${CMAKE_SOURCE_DIR}/src/web/server/h2o/libh2o/include)
diff --git a/packaging/cmake/config.cmake.h.in b/packaging/cmake/config.cmake.h.in
index 4455ed123e..79c72b7f8c 100644
--- a/packaging/cmake/config.cmake.h.in
+++ b/packaging/cmake/config.cmake.h.in
@@ -105,7 +105,6 @@
// enabled features
#cmakedefine ENABLE_OPENSSL
-#cmakedefine ENABLE_WOLFSSL
#cmakedefine ENABLE_CLOUD
#cmakedefine ENABLE_ACLK
#cmakedefine ENABLE_ML
diff --git a/src/aclk/aclk.c b/src/aclk/aclk.c
index 33f458e3f7..991745491c 100644
--- a/src/aclk/aclk.c
+++ b/src/aclk/aclk.c
@@ -62,9 +62,7 @@ struct aclk_shared_state aclk_shared_state = {
};
#ifdef MQTT_WSS_DEBUG
-#if defined(ENABLE_OPENSSL)
#include <openssl/ssl.h>
-#endif
#define DEFAULT_SSKEYLOGFILE_NAME "SSLKEYLOGFILE"
const char *ssl_log_filename = NULL;
FILE *ssl_log_file = NULL;
diff --git a/src/aclk/mqtt_websockets/mqtt_wss_client.c b/src/aclk/mqtt_websockets/mqtt_wss_client.c
index 908b0711f2..a2aef80ceb 100644
--- a/src/aclk/mqtt_websockets/mqtt_wss_client.c
+++ b/src/aclk/mqtt_websockets/mqtt_wss_client.c
@@ -23,25 +23,17 @@
#include <netinet/tcp.h> //TCP_NODELAY
#include <netdb.h>
-#ifdef ENABLE_OPENSSL
#include <openssl/err.h>
#include <openssl/ssl.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/err.h>
-#include <wolfssl/openssl/ssl.h>
-#endif
#define PIPE_READ_END 0
#define PIPE_WRITE_END 1
#define POLLFD_SOCKET 0
#define POLLFD_PIPE 1
-#if defined(ENABLE_OPENSSL)
#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110) && (SSLEAY_VERSION_NUMBER >= OPENSSL_VERSION_097)
#include <openssl/conf.h>
#endif
-#endif //ENABLE_OPENSSL
//TODO MQTT_PUBLISH_RETAIN should not be needed anymore
#define MQTT_PUBLISH_RETAIN 0x01
diff --git a/src/aclk/mqtt_websockets/mqtt_wss_client.h b/src/aclk/mqtt_websockets/mqtt_wss_client.h
index d1ad2dc875..4bdea4db9f 100644
--- a/src/aclk/mqtt_websockets/mqtt_wss_client.h
+++ b/src/aclk/mqtt_websockets/mqtt_wss_client.h
@@ -155,12 +155,7 @@ struct mqtt_wss_stats {
struct mqtt_wss_stats mqtt_wss_get_stats(mqtt_wss_client client);
#ifdef MQTT_WSS_DEBUG
-#ifdef ENABLE_OPENSSL
#include <openssl/ssl.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/ssl.h>
-#endif
void mqtt_wss_set_SSL_CTX_keylog_cb(mqtt_wss_client client, void (*ssl_ctx_keylog_cb)(const SSL *ssl, const char *line));
#endif
diff --git a/src/aclk/mqtt_websockets/ws_client.c b/src/aclk/mqtt_websockets/ws_client.c
index b3aebdc229..240e889caa 100644
--- a/src/aclk/mqtt_websockets/ws_client.c
+++ b/src/aclk/mqtt_websockets/ws_client.c
@@ -17,12 +17,7 @@
#include <errno.h>
#include <ctype.h>
-#ifdef ENABLE_OPENSSL
#include <openssl/evp.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/evp.h>
-#endif
#include "ws_client.h"
#include "common_internal.h"
diff --git a/src/claim/claim.c b/src/claim/claim.c
index de174215ee..5f4ec9a433 100644
--- a/src/claim/claim.c
+++ b/src/claim/claim.c
@@ -52,7 +52,7 @@ CLAIM_AGENT_RESPONSE claim_agent(const char *claiming_arguments, bool force, con
return CLAIM_AGENT_CLOUD_DISABLED;
}
-#if defined(ENABLE_CLOUD) && defined(ENABLE_ACLK)
+#ifndef DISABLE_CLOUD
int exit_code;
pid_t command_pid;
char command_exec_buffer[CLAIMING_COMMAND_LENGTH + 1];
diff --git a/src/daemon/buildinfo.c b/src/daemon/buildinfo.c
index b07734f1df..63b017e817 100644
--- a/src/daemon/buildinfo.c
+++ b/src/daemon/buildinfo.c
@@ -69,7 +69,7 @@ typedef enum __attribute__((packed)) {
BIB_LIB_ZLIB,
BIB_LIB_BROTLI,
BIB_LIB_PROTOBUF,
- BIB_LIB_SSL,
+ BIB_LIB_OPENSSL,
BIB_LIB_LIBDATACHANNEL,
BIB_LIB_JSONC,
BIB_LIB_LIBCAP,
@@ -650,17 +650,12 @@ static struct {
.json = "protobuf",
.value = NULL,
},
- [BIB_LIB_SSL] = {
+ [BIB_LIB_OPENSSL] = {
.category = BIC_LIBS,
.type = BIT_BOOLEAN,
.analytics = NULL,
-#if defined(ENABLE_OPENSSL)
.print = "OpenSSL (cryptography)",
.json = "openssl",
-#elif defined(ENABLE_WOLFSSL)
- .print = "WolfSSL (cryptography)",
- .json = "wolfssl",
-#endif
.value = NULL,
},
[BIB_LIB_LIBDATACHANNEL] = {
@@ -1167,8 +1162,8 @@ __attribute__((constructor)) void initialize_build_info(void) {
#ifdef HAVE_LIBDATACHANNEL
build_info_set_status(BIB_LIB_LIBDATACHANNEL, true);
#endif
-#if defined(ENABLE_OPENSSL) || defined(ENABLE_WOLFSSL)
- build_info_set_status(BIB_LIB_SSL, true);
+#ifdef ENABLE_OPENSSL
+ build_info_set_status(BIB_LIB_OPENSSL, true);
#endif
#ifdef ENABLE_JSONC
build_info_set_status(BIB_LIB_JSONC, true);
diff --git a/src/daemon/commands.c b/src/daemon/commands.c
index 6141e9803f..43123b2291 100644
--- a/src/daemon/commands.c
+++ b/src/daemon/commands.c
@@ -295,17 +295,10 @@ static cmd_status_t cmd_ping_execute(char *args, char **message)
static cmd_status_t cmd_aclk_state(char *args, char **message)
{
netdata_log_info("COMMAND: Reopening aclk/cloud state.");
-#ifdef ENABLE_ACLK
if (strstr(args, "json"))
*message = aclk_state_json();
else
*message = aclk_state();
-#else
- if (strstr(args, "json"))
- *message = strdupz("{\"aclk-available\":false}");
- else
- *message = strdupz("ACLK Available: No");;
-#endif
return CMD_STATUS_SUCCESS;
}
diff --git a/src/database/contexts/api_v2.c b/src/database/contexts/api_v2.c
index c02b5e4f31..a5c759d92f 100644
--- a/src/database/contexts/api_v2.c
+++ b/src/database/contexts/api_v2.c
@@ -800,7 +800,6 @@ static void rrdhost_sender_to_json(BUFFER *wb, RRDHOST_STATUS *s, const char *ke
buffer_json_object_close(wb); // streaming
}
-#ifdef ENABLE_ACLK
static void agent_capabilities_to_json(BUFFER *wb, RRDHOST *host, const char *key) {
buffer_json_member_add_array(wb, key);
@@ -817,7 +816,6 @@ static void agent_capabilities_to_json(BUFFER *wb, RRDHOST *host, const char *ke
buffer_json_array_close(wb);
freez(capas);
}
-#endif
static inline void host_dyncfg_to_json_v2(BUFFER *wb, const char *key, RRDHOST_STATUS *s) {
buffer_json_member_add_object(wb, key);
@@ -895,9 +893,7 @@ static void rrdcontext_to_json_v2_rrdhost(BUFFER *wb, RRDHOST *host, struct rrdc
buffer_json_member_add_string(wb, "state", rrdhost_state_cloud_emulation(host) ? "reachable" : "stale");
rrdhost_health_to_json_v2(wb, "health", &s);
-#ifdef ENABLE_ACLK
agent_capabilities_to_json(wb, host, "capabilities");
-#endif
}
if (ctl->mode & (CONTEXTS_V2_NODE_INSTANCES)) {
@@ -941,9 +937,7 @@ static void rrdcontext_to_json_v2_rrdhost(BUFFER *wb, RRDHOST *host, struct rrdc
rrdhost_health_to_json_v2(wb, "health", &s);
host_functions2json(host, wb); // functions
-#ifdef ENABLE_ACLK
agent_capabilities_to_json(wb, host, "capabilities");
-#endif
host_dyncfg_to_json_v2(wb, "dyncfg", &s);
}
diff --git a/src/database/contexts/worker.c b/src/database/contexts/worker.c
index 604bb7e30f..71af3c44df 100644
--- a/src/database/contexts/worker.c
+++ b/src/database/contexts/worker.c
@@ -959,11 +959,9 @@ static void rrdcontext_dequeue_from_hub_queue(RRDCONTEXT *rc) {
static void rrdcontext_dispatch_queued_contexts_to_hub(RRDHOST *host, usec_t now_ut) {
-#ifdef ENABLE_ACLK
// check if we have received a streaming command for this host
if(!rrdhost_flag_check(host, RRDHOST_FLAG_ACLK_STREAM_CONTEXTS) || !aclk_connected || !host->rrdctx.hub_queue)
return;
-#endif
// check if there are queued items to send
if(!dictionary_entries(host->rrdctx.hub_queue))
diff --git a/src/database/engine/rrdengine.h b/src/database/engine/rrdengine.h
index 6b94c41ac6..c594efe992 100644
--- a/src/database/engine/rrdengine.h
+++ b/src/database/engine/rrdengine.h
@@ -6,14 +6,8 @@
#include <fcntl.h>
#include <lz4.h>
#include <Judy.h>
-#ifdef ENABLE_OPENSSL
#include <openssl/sha.h>
#include <openssl/evp.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/sha.h>
-#include <wolfssl/openssl/evp.h>
-#endif
#include "daemon/common.h"
#include "../rrd.h"
#include "rrddiskprotocol.h"
diff --git a/src/database/rrdfunctions-inflight.c b/src/database/rrdfunctions-inflight.c
index 6b75d5fbd8..adb27b3e7d 100644
--- a/src/database/rrdfunctions-inflight.c
+++ b/src/database/rrdfunctions-inflight.c
@@ -438,7 +438,6 @@ int rrd_function_run(RRDHOST *host, BUFFER *result_wb, int timeout_s,
if(!http_access_user_has_enough_access_level_for_endpoint(user_access, rdcf->access)) {
-#ifdef ENABLE_ACLK
if(!aclk_connected)
code = rrd_call_function_error(result_wb,
"This Netdata must be connected to Netdata Cloud for Single-Sign-On (SSO) "
@@ -446,9 +445,6 @@ int rrd_function_run(RRDHOST *host, BUFFER *result_wb, int timeout_s,
HTTP_ACCESS_PERMISSION_DENIED_HTTP_CODE(user_access));
else if((rdcf->access & HTTP_ACCESS_SIGNED_ID) && !(user_access & HTTP_ACCESS_SIGNED_ID))
-#else
- if((rdcf->access & HTTP_ACCESS_SIGNED_ID) && !(user_access & HTTP_ACCESS_SIGNED_ID))
-#endif
code = rrd_call_function_error(result_wb,
"You need to be authenticated via Netdata Cloud Single-Sign-On (SSO) "
"to access this feature. Sign-in on this dashboard, "
diff --git a/src/database/rrdhost.c b/src/database/rrdhost.c
index 2f3b86fdcd..02e2d7da45 100644
--- a/src/database/rrdhost.c
+++ b/src/database/rrdhost.c
@@ -1384,9 +1384,7 @@ static void rrdhost_load_auto_labels(void) {
if (localhost->system_info->prebuilt_dist)
rrdlabels_add(labels, "_prebuilt_dist", localhost->system_info->prebuilt_dist, RRDLABEL_SRC_AUTO);
-#ifdef ENABLE_ACLK
add_aclk_host_labels();
-#endif
// The source should be CONF, but when it is set, these labels are exported by default ('send configured labels' in exporting.conf).
// Their export seems to break exporting to Graphite, see https://github.com/netdata/netdata/issues/14084.
diff --git a/src/libnetdata/libnetdata.h b/src/libnetdata/libnetdata.h
index a56d6d3acb..8781a85307 100644
--- a/src/libnetdata/libnetdata.h
+++ b/src/libnetdata/libnetdata.h
@@ -9,7 +9,7 @@ extern "C" {
#include "config.h"
-#if defined(ENABLE_OPENSSL) || defined(ENABLE_WOLFSSL)
+#ifdef ENABLE_OPENSSL
#define ENABLE_HTTPS 1
#endif
@@ -483,7 +483,6 @@ extern char *netdata_configured_host_prefix;
#include "popen/popen.h"
#include "simple_pattern/simple_pattern.h"
#ifdef ENABLE_HTTPS
-# include "ssl/ssl.h"
# include "socket/security.h"
#endif
#include "socket/socket.h"
diff --git a/src/libnetdata/socket/README.md b/src/libnetdata/socket/README.md
index 8ee4989dc7..b81cbb8dfb 100644
--- a/src/libnetdata/socket/README.md
+++ b/src/libnetdata/socket/README.md
@@ -6,11 +6,3 @@ learn_status: "Published"
learn_topic_type: "References"
learn_rel_path: "Developers/libnetdata"
-->
-
-# WolfSSL support
-
-Support for WolfSSL is currently in the experimental stage, as it does not yet offer all the features available in the
-OpenSSL library.
-
-When integrating with WolfSSL, it's essential to confirm that the version of WolfSSL being used has enabled support for
-the OpenSSL API during compilation. Failure to do so will result in compilation errors.
diff --git a/src/libnetdata/socket/security.c b/src/libnetdata/socket/security.c
index 7d7b193673..502998b79f 100644
--- a/src/libnetdata/socket/security.c
+++ b/src/libnetdata/socket/security.c
@@ -18,11 +18,7 @@ static SOCKET_PEERS netdata_ssl_peers(NETDATA_SSL *ssl) {
if(unlikely(!ssl->conn))
sock_fd = -1;
else
-#if defined(ENABLE_OPENSSL)
sock_fd = SSL_get_rfd(ssl->conn);
-#elif defined(ENABLE_WOLFSSL)
- sock_fd = SSL_get_fd(ssl->conn);
-#endif
return socket_peers(sock_fd);
}
@@ -363,11 +359,7 @@ static inline bool want_read_write_should_retry(NETDATA_SSL *ssl, int err) {
int ssl_errno = SSL_get_error(ssl->conn, err);
if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_WANT_WRITE) {
struct pollfd pfds[1] = { [0] = {
-#if defined(ENABLE_OPENSSL)
.fd = SSL_get_rfd(ssl->conn),
-#elif defined(ENABLE_WOLFSSL)
- .fd = SSL_get_fd(ssl->conn),
-#endif
.events = (short)(((ssl_errno == SSL_ERROR_WANT_READ ) ? POLLIN : 0) |
((ssl_errno == SSL_ERROR_WANT_WRITE) ? POLLOUT : 0)),
}};
@@ -445,13 +437,7 @@ bool netdata_ssl_accept(NETDATA_SSL *ssl) {
static void netdata_ssl_info_callback(const SSL *ssl, int where, int ret __maybe_unused) {
(void)ssl;
if (where & SSL_CB_ALERT) {
- netdata_log_debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s",
-#if defined(ENABLE_OPENSSL)
- SSL_alert_type_string(ret),
-#else
- NULL,
-#endif
- SSL_alert_desc_string_long(ret));
+ netdata_log_debug(D_WEB_CLIENT,"SSL INFO CALLBACK %s %s", SSL_alert_type_string(ret), SSL_alert_desc_string_long(ret));
}
}
@@ -462,7 +448,7 @@ static void netdata_ssl_info_callback(const SSL *ssl, int where, int ret __maybe
*/
void netdata_ssl_initialize_openssl() {
-#if defined(ENABLE_OPENSSL) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110)
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
# if (SSLEAY_VERSION_NUMBER >= OPENSSL_VERSION_097)
OPENSSL_config(NULL);
# endif
@@ -472,9 +458,11 @@ void netdata_ssl_initialize_openssl() {
SSL_library_init();
#else
+
if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) != 1) {
netdata_log_error("SSL library cannot be initialized.");
}
+
#endif
}
@@ -556,7 +544,7 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
static int netdata_id_context = 1;
//TO DO: Confirm the necessity to check return for other OPENSSL function
-#if defined(ENABLE_OPENSSL) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110)
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
ctx = SSL_CTX_new(SSLv23_server_method());
if (!ctx) {
netdata_log_error("Cannot create a new SSL context, netdata won't encrypt communication");
@@ -571,21 +559,14 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
return NULL;
}
- if (SSL_CTX_use_certificate_chain_file(ctx, netdata_ssl_security_cert) != 1) {
- goto end_ssl_server_ctx;
- }
+ SSL_CTX_use_certificate_chain_file(ctx, netdata_ssl_security_cert);
#endif
-#if defined(ENABLE_OPENSSL) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110)
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
#else
- if (SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION) != 1) {
- goto end_ssl_server_ctx;
- }
-
- if ( SSL_CTX_set_max_proto_version(ctx, netdata_ssl_select_tls_version(tls_version)) != 1) {
- goto end_ssl_server_ctx;
- }
+ SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+ SSL_CTX_set_max_proto_version(ctx, netdata_ssl_select_tls_version(tls_version));
if(tls_ciphers && strcmp(tls_ciphers, "none") != 0) {
if (!SSL_CTX_set_cipher_list(ctx, tls_ciphers)) {
@@ -597,13 +578,16 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
SSL_CTX_use_PrivateKey_file(ctx, netdata_ssl_security_key,SSL_FILETYPE_PEM);
if (!SSL_CTX_check_private_key(ctx)) {
- goto end_ssl_server_ctx;
+ ERR_error_string_n(ERR_get_error(),lerror,sizeof(lerror));
+ netdata_log_error("SSL cannot check the private key: %s",lerror);
+ SSL_CTX_free(ctx);
+ return NULL;
}
SSL_CTX_set_session_id_context(ctx,(void*)&netdata_id_context,(unsigned int)sizeof(netdata_id_context));
SSL_CTX_set_info_callback(ctx, netdata_ssl_info_callback);
-#if defined(ENABLE_OPENSSL) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_095)
+#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_095)
SSL_CTX_set_verify_depth(ctx,1);
#endif
netdata_log_debug(D_WEB_CLIENT,"SSL GLOBAL CONTEXT STARTED\n");
@@ -611,11 +595,6 @@ static SSL_CTX * netdata_ssl_create_server_ctx(unsigned long mode) {
SSL_CTX_set_mode(ctx, mode);
return ctx;
-end_ssl_server_ctx:
- ERR_error_string_n(ERR_get_error(), lerror, sizeof(lerror));
- netdata_log_error("SSL error: %s", lerror);
- SSL_CTX_free(ctx);
- return NULL;
}
/**
@@ -705,10 +684,8 @@ void netdata_ssl_cleanup()
netdata_ssl_exporting_ctx = NULL;
}
-#if defined(ENABLE_OPENSSL) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110)
+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
ERR_free_strings();
-#elif defined(ENABLE_WOLFSSL)
- wolfSSL_Cleanup();
#endif
}
diff --git a/src/libnetdata/socket/security.h b/src/libnetdata/socket/security.h
index a7e8a217e5..283d81db85 100644
--- a/src/libnetdata/socket/security.h
+++ b/src/libnetdata/socket/security.h
@@ -14,7 +14,24 @@ typedef enum __attribute__((packed)) {
# ifdef ENABLE_HTTPS
-#include "../ssl/ssl.h"
+#define OPENSSL_VERSION_095 0x00905100L
+#define OPENSSL_VERSION_097 0x0907000L
+#define OPENSSL_VERSION_110 0x10100000L
+#define OPENSSL_VERSION_111 0x10101000L
+#define OPENSSL_VERSION_300 0x30000000L
+
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+# if (SSLEAY_VERSION_NUMBER >= OPENSSL_VERSION_097) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110)
+# include <openssl/conf.h>
+# endif
+
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300
+#include <openssl/core_names.h>
+#include <openssl/decoder.h>
+#endif
typedef struct netdata_ssl {
SSL *conn; // SSL connection
diff --git a/src/libnetdata/ssl/ssl.h b/src/libnetdata/ssl/ssl.h
deleted file mode 100644
index e24d949a90..0000000000
--- a/src/libnetdata/ssl/ssl.h
+++ /dev/null
@@ -1,43 +0,0 @@
-#ifndef NETDATA_SSL_H
-#define NETDATA_SSL_H
-
-// External SSL libraries used with netdata
-
-#ifdef ENABLE_HTTPS
-
-#define OPENSSL_VERSION_095 0x00905100L
-#define OPENSSL_VERSION_097 0x0907000L
-#define OPENSSL_VERSION_110 0x10100000L
-#define OPENSSL_VERSION_111 0x10101000L
-#define OPENSSL_VERSION_300 0x30000000L
-
-#ifdef ENABLE_OPENSSL
-
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-# include <openssl/sha.h>
-# include <openssl/evp.h>
-# include <openssl/pem.h>
-# if (SSLEAY_VERSION_NUMBER >= OPENSSL_VERSION_097) && (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110)
-# include <openssl/conf.h>
-# endif
-
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300
-#include <openssl/core_names.h>
-#include <openssl/decoder.h>
-#endif
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/version.h>
-#include <wolfssl/ssl.h>
-#include <wolfssl/error-ssl.h>
-
-#include <wolfssl/openssl/ssl.h>
-#include <wolfssl/openssl/err.h>
-#include <wolfssl/openssl/sha.h>
-#include <wolfssl/openssl/evp.h>
-#endif // ENABLE_OPENSSL
-
-#endif // ENABLE_HTTPS
-
-#endif
diff --git a/src/streaming/receiver.c b/src/streaming/receiver.c
index 99a1e2ad34..2cbf247dc4 100644
--- a/src/streaming/receiver.c
+++ b/src/streaming/receiver.c
@@ -445,9 +445,7 @@ static bool rrdhost_set_receiver(RRDHOST *host, struct receiver_state *rpt) {
rrdpush_receiver_replication_reset(host);
rrdhost_flag_clear(rpt->host, RRDHOST_FLAG_RRDPUSH_RECEIVER_DISCONNECTED);
-#ifdef ENABLE_ACLK
aclk_queue_node_info(rpt->host, true);
-#endif
rrdpush_reset_destinations_postpone_time(host);
@@ -782,7 +780,7 @@ static void rrdpush_receive(struct receiver_state *rpt)
}
netdata_log_debug(D_STREAM, "Initial response to %s: %s", rpt->client_ip, initial_response);
-#if defined(ENABLE_H2O) && defined(ENABLE_OPENSSL)
+#ifdef ENABLE_H2O
if (is_h2o_rrdpush(rpt)) {
h2o_stream_write(rpt->h2o_ctx, initial_response, strlen(initial_response));
} else {
diff --git a/src/streaming/sender.c b/src/streaming/sender.c
index 0ae66db6b6..d4c3cc0009 100644
--- a/src/streaming/sender.c
+++ b/src/streaming/sender.c
@@ -634,7 +634,6 @@ static bool rrdpush_sender_connect_ssl(struct sender_state *s __maybe_unused) {
#endif
}
-#if defined(ENABLE_H2O) && defined(ENABLE_OPENSSL)
static int rrdpush_http_upgrade_prelude(RRDHOST *host, struct sender_state *s) {
char http[HTTP_HEADE