support `SSL_set0_wbio()` for parity with OpenSSL and forks

Question

support `SSL_set0_wbio()` for parity with OpenSSL and forks

Closed this issue 8 months ago · 3 comments

vszakats commented 8 months ago

curl started using the OpenSSL function SSL_set0_wbio() in v7.88.0 (2023-02-15).

According to the commit message:
"for clear reference counting where available".

This function is available in OpenSSL/wolfSSL/BoringSSL/AWC-LC,
but not in LibreSSL (as of v3.8.2).

Would you be open to implement this in LibreSSL?

~~Untested patch~~ [deleted]

Answer 1 · 2023-11-08T02:53:47.000Z

On Tue, Nov 07, 2023 at 04:24:02PM -0800, Viktor Szakats wrote: curl [started using](curl/curl@f39472e) the OpenSSL function `SSL_set0_wbio()` in v7.88.0 (2023-02-15). According to the ChangeLog: "for clear reference counting where available".

There is a reason this function is not available. As you saw, something that looks like it is trivial to add, but the prerequisite for this to be correct is a lot of hairy internal plumbing similar to things explained in: https://boringssl-review.googlesource.com/8023 If you look at corresponding commits in OpenSSL you can see the many things that went wrong along the way.

Answer 2 · 2023-11-08T04:02:44.000Z

Thanks for the pointer. Assuming these issues were ironed out
in that patch, could that be applied to LibreSSL without having
to go through that pain once again?

Just realized this is a duplicate of #838.

Answer 3 · 2023-11-10T19:04:58.000Z

One open Issue is enough for this, closing.