[Bug debuginfod/31620] New: debuginfod should not require ssl support from libcurl

[Bug debuginfod/31620] New: debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

            Bug ID: 31620
           Summary: debuginfod should not require ssl support from libcurl
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: debuginfod
          Assignee: unassigned at sourceware dot org
          Reporter: nolange79 at gmail dot com
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

I would like to be able to copy over gdb to an embedded system and then do some
post-mortem debug.
To that end I use a libcurl with just HTTP support, no SSL of any kind.

Unfortunately debuginfod_client.c requests "http,https,file" at [1], and
libcurl then throws an error.

I would like debuginfod only request https if available.


[1]
https://sourceware.org/git?p=elfutils.git;a=blob;f=debuginfod/debuginfod-client.c;h=0ee7db3d66380899fc628efda7f339db7b8d6b9c;hb=HEAD#l1373

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fche at redhat dot com

--- Comment #1 from Frank Ch. Eigler <fche at redhat dot com> ---
Okay, do you happen to know how debuginfod can find out whether libcurl
supports https?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #2 from nolange79 at gmail dot com ---
Should test for CURL_VERSION_SSL (since v7.10), from the docs [1]:

> curl_version_info can be used to get a list of all supported protocols in the current libcurl.

[1] - https://curl.se/libcurl/c/CURLOPT_PROTOCOLS_STR.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #3 from Frank Ch. Eigler <fche at redhat dot com> ---
like this?  can you test?


diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 0ee7db3d6638..a3468f534656 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1367,14 +1367,19 @@ debuginfod_query_server (debuginfod_client *c,
        }                                               \
       } while (0)

+      curl_version_info_data *d = curl_version_info(CURLVERSION_NOW);
+      
       /* Only allow http:// + https:// + file:// so we aren't being
         redirected to some unsupported protocol.  */
 #if CURL_AT_LEAST_VERSION(7, 85, 0)
       curl_easy_setopt_ck(data[i].handle, CURLOPT_PROTOCOLS_STR,
-                         "http,https,file");
+                          ((d && d->ssl_version) ?
+                           "http,https,file" : "http,file"));
 #else
       curl_easy_setopt_ck(data[i].handle, CURLOPT_PROTOCOLS,
-                         (CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FILE));
+                         (CURLPROTO_HTTP |
+                           ((d && d->ssl_version) ? CURLPROTO_HTTPS : 0) |
+                           CURLPROTO_FILE));
 #endif
       curl_easy_setopt_ck(data[i].handle, CURLOPT_URL, data[i].url);
       if (vfd >= 0)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #4 from nolange79 at gmail dot com ---
Created attachment 15454
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15454&action=edit
Test for https support in libcurl

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #5 from nolange79 at gmail dot com ---
Apparently the modern was is to iterate through the 'protocols' array.
I added a patch, please feet free to reformat to adhere to coding standards,
your tab/space mix is pretty wild there ;)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #6 from Frank Ch. Eigler <fche at redhat dot com> ---
Note that the "modern way" is not necessarily the desirable way.  If the old
way will keep working, I'd rather use that than a using a
version-conditionalized query.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #7 from nolange79 at gmail dot com ---
both methods are available since 7.10, so theres no version specific stuff
necessary. using flags is deprecated and if removed, then you are forced to
change or guard with version checks.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

nolange79 at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #15454|0                           |1
        is obsolete|                            |

--- Comment #8 from nolange79 at gmail dot com ---
Created attachment 15462
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15462&action=edit
Second version of the patch

This moves the check if https is supported into the function initializing
libcurl.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #9 from Frank Ch. Eigler <fche at redhat dot com> ---
This version looks okay to me too, FWIW, just a little bit more work.

I'd appreciate a pointer to any curl documentation that suggests
upcoming deprecation of the curl_version_info_data->ssl_version
field.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[nolange79 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

--- Comment #10 from nolange79 at gmail dot com ---
No, I was talking about testing the features field for CURL_VERSION_SSL, that
field is deprecated:

> features is a bit mask representing available features. It can have none, one or more bits set. The use of this field is deprecated

Going through the protocols should be the fitting method to test whether https
is supported. I guess practically it will always mean SSL available -> HTTPS
available.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug debuginfod/31620] debuginfod should not require ssl support from libcurl

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31620

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #11 from Frank Ch. Eigler <fche at redhat dot com> ---
commit 229aac471bb96035a4558db0dc74ff00d0aa08d1 (HEAD -> master, origin/main)
gpg: Signature made Mon 15 Apr 2024 11:49:43 AM EDT
gpg:                using RSA key 4DD136490411C0A42B28844F258B6EFA0F209D24
gpg: Good signature from "Frank Ch. Eigler <fche@elastic.org>" [ultimate]
Author: Norbert Lange <nolange79@gmail.com>
Date:   Fri Apr 12 22:03:08 2024 +0200

    PR31620: debuginfod-client.c: Test for https support in libcurl

    libcurl will fail if a protocol is requested that is not available.

    Signed-off-by: Norbert Lange <nolange79@gmail.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.