Unverified Commit 302d125b authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

axtls: removed 

As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
parent 7f4c3585

CMakeLists.txt

+1 −1
Original line number Diff line number Diff line
@@ -291,7 +291,7 @@ if(WIN32) 
endif()



# check SSL libraries

# TODO support GNUTLS, NSS, POLARSSL, AXTLS, CYASSL

# TODO support GNUTLS, NSS, POLARSSL, CYASSL



if(APPLE)

  option(CMAKE_USE_DARWINSSL "enable Apple OS native SSL/TLS" OFF)

configure.ac

+3 −65
Original line number Diff line number Diff line
@@ -158,7 +158,7 @@ AC_SUBST(PKGADD_VENDOR) 


dnl

dnl initialize all the info variables

    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl,mesalink} )"

    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,winssl,darwinssl,mesalink} )"

    curl_ssh_msg="no      (--with-libssh2)"

   curl_zlib_msg="no      (--with-zlib)"

 curl_brotli_msg="no      (--with-brotli)"
@@ -2631,70 +2631,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then 
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"

fi



OPT_AXTLS=off



AC_ARG_WITH(axtls,dnl

AC_HELP_STRING([--with-axtls=PATH],[Where to look for axTLS, PATH points to the axTLS installation prefix (default: /usr/local).  Ignored if another SSL engine is selected.])

AC_HELP_STRING([--without-axtls], [disable axTLS]),

  OPT_AXTLS=$withval)



if test -z "$ssl_backends" -o "x$OPT_AXTLS" != xno; then

  ssl_msg=

  if test X"$OPT_AXTLS" != Xno; then

    dnl backup the pre-axtls variables

    CLEANLDFLAGS="$LDFLAGS"

    CLEANCPPFLAGS="$CPPFLAGS"

    CLEANLIBS="$LIBS"



    case "$OPT_AXTLS" in

    yes)

      dnl --with-axtls (without path) used

      PREFIX_AXTLS=/usr/local

      LIB_AXTLS="$PREFIX_AXTLS/lib"

      LDFLAGS="$LDFLAGS -L$LIB_AXTLS"

      CPPFLAGS="$CPPFLAGS -I$PREFIX_AXTLS/include"

      ;;

    off)

      dnl no --with-axtls option given, just check default places

      PREFIX_AXTLS=

      ;;

    *)

      dnl check the given --with-axtls spot

      PREFIX_AXTLS=$OPT_AXTLS

      LIB_AXTLS="$PREFIX_AXTLS/lib"

      LDFLAGS="$LDFLAGS -L$LIB_AXTLS"

      CPPFLAGS="$CPPFLAGS -I$PREFIX_AXTLS/include"

      ;;

    esac



    AC_CHECK_LIB(axtls, ssl_version,[

      LIBS="-laxtls $LIBS"

      AC_DEFINE(USE_AXTLS, 1, [if axTLS is enabled])

      AC_SUBST(USE_AXTLS, [1])

      AXTLS_ENABLED=1

      check_for_ca_bundle=1

      USE_AXTLS="yes"

      ssl_msg="axTLS"

      test axtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes



      if test "x$cross_compiling" != "xyes"; then

        CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_AXTLS"

        export CURL_LIBRARY_PATH

        AC_MSG_NOTICE([Added $LIB_AXTLS to CURL_LIBRARY_PATH])

      fi

      ],[

      LDFLAGS="$CLEANLDFLAGS"

      CPPFLAGS="$CLEANCPPFLAGS"

      LIBS="$CLEANLIBS"

    ])

  fi

  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"

fi



case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED$MESALINK_ENABLED" in

case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED$MESALINK_ENABLED" in

x)

  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])

  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, --with-darwinssl, or --with-mesalink to address this.])

  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-winssl, --with-darwinssl, or --with-mesalink to address this.])

  ;;

x1)

  # one SSL backend is enabled
@@ -3122,8 +3062,6 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar 
          versioned_symbols_flavour="POLARSSL_"

        elif test "x$CYASSL_ENABLED" = "x1"; then

          versioned_symbols_flavour="CYASSL_"

        elif test "x$AXTLS_ENABLED" = "x1"; then

          versioned_symbols_flavour="AXTLS_"

        elif test "x$WINSSL_ENABLED" = "x1"; then

          versioned_symbols_flavour="WINSSL_"

        elif test "x$DARWINSSL_ENABLED" = "x1"; then

docs/DEPRECATE.md

+0 −26
Original line number Diff line number Diff line
@@ -5,32 +5,6 @@ email the curl-library mailing list as soon as possible and explain to us why 
this is a problem for you and how your use case can't be satisfied properly

using a work around.



## axTLS backend



Here are some complaints on axTLS.



 - home page without HTTPS

 - [doesn't support modern TLS features like SNI](https://github.com/dsheets/axtls/issues/2)

 - [lacks support for modern ciphers](https://github.com/micropython/micropython/issues/3198)

 - [doesn't allow for outside bug report submissions](https://sourceforge.net/p/axtls/bugs/)

 - there's virtually no discussion about it in its [forum](https://sourceforge.net/p/axtls/discussion/)

   nor [mailing list](https://sourceforge.net/p/axtls/mailman/axtls-general/)



Combined, this list hints that this is not a library and project we should

recommend to users.



### State



Since June 1st, 2018 (curl 7.61.0) axTLS support is disabled in code and

requires a small code change to build without errors. [See

PR](https://github.com/curl/curl/pull/2628)



### Removal



Remove all axTLS related code from curl on December 1st, exactly six months

after previously mentioned commit. To be shipped on December 26, 2018

(possibly called version 7.64.0)



## HTTP pipelining



HTTP pipelining is badly supported by curl in the sense that we have bugs and

docs/FAQ

+1 −1
Original line number Diff line number Diff line
@@ -447,7 +447,7 @@ FAQ 
  backends.



  curl can be built to use one of the following SSL alternatives: OpenSSL,

  GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),

  GnuTLS, yassl, NSS, PolarSSL, MesaLink, Secure Transport (native iOS/OS X),

  WinSSL (native Windows) or GSKit (native IBM i). They all have their pros

  and cons, and we try to maintain a comparison of them here:

  https://curl.haxx.se/docs/ssl-compared.html

docs/FEATURES

+2 −4
Original line number Diff line number Diff line
@@ -183,8 +183,7 @@ IMAPS (*1) 
FOOTNOTES

=========



  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native

       Windows), Secure Transport (native iOS/OS X) or GSKit (native IBM i)

  *1 = requires a TLS library

  *2 = requires OpenLDAP or WinLDAP

  *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or

       SSPI (native Windows)
@@ -197,8 +196,7 @@ FOOTNOTES 
  *8 = requires libssh2

  *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI

       (native Windows)

  *10 = requires any of the SSL libraries in (*1) above other than axTLS, which

        does not support SSLv3

  *10 = requires an SSL library that supports SSLv3

  *11 = requires libidn or Windows

  *12 = requires libz

  *13 = requires libmetalink, and either an Apple or Microsoft operating