Need to define NATS_HAS_TLS with latest 3.10.0 #857
Comments
|
thanks for the report @thierryba. where are you building it? Trying it on ubuntu I don't get any issues: edit: also worked for me without tls i.e. |
|
@thierryba Can you please provide the host environment details? And to be clear, you are trying to build without the use of TLS? |
|
@levb in fact I am building with TLS support (I have openssl). But that macro is defined nowhere. So I need to define it myself tone able to build. |
|
Ah, gotcha, thx! |
|
Line 247 in 61c051f |
|
Yes exactly, so now I have to do the same in my code. Is this expected? |
|
@thierryba We use CMake to build the project. If you don't, it's fine, but you are responsible to add all required build/link commands to your build process. |
|
I do use cmake too. That's my point. But nothing in the build adding the definition mentioned above. So I have added add_definitions(-DNATS_HAS_TLS) to my own cmakelists.txt in order for my source to build while including nats.h. |
|
@thierryba I would think that if you build/install the NATS C client library, then you would not need to add that in your own project. This definition has been there for a very long time and there was no report of such issue, so I suspect that you are doing something that others usually don't. If you could detail a bit more how you are building your project and how you reference the NATS C client library? |
|
well I have myself been using and building nats.c for quite a few years. So something must have change in nats... Will investigate. |
Thanks! So you are saying that this is new to v3.10.0? I wasn't sure if it was an issue with that release only, or you happened to use that version for the first time, or had your own new project, etc... And @thierryba, any chance to post the part of the build that fails to see what is not building without adding the definition? |
|
commit c4565fc added this in src/nats.h: and this is new in 3.10 |
|
Right, that's not good. I know that someone wanted to add a TLS hostname callback and added an abstraction, but the rest of the team went for using SSL directly, which led to that. That may have been a bad choice. @levb, not sure what we want to do here... |
|
I did suggest to add those lines in |
|
@lev & @kozlovic how about something similar to what cURL is doing and accept a void callback? // remove #include <openssl/ssl.h>
typedef void (*NATS_SSL_cb)(void *ssl);
natsOptions_SetSSLVerificationCallback(natsOptions *opts, NATS_SSL_cb callback);diff --git a/src/conn.c b/src/conn.c
s = nats_setError(NATS_SSL_ERROR, "unable to set expected hostname '%s'", nc->tlsName);
}
- if (s == NATS_OK)
- SSL_set_verify(ssl, SSL_VERIFY_PEER, nc->opts->sslCtx->callback != NULL ? nc->opts->sslCtx->callback : _collectSSLErr);
+ if (s == NATS_OK) {
+ if (nc->opts->sslCtx->callback != NULL) {
+ nc->opts->sslCtx->callback(ssl);
+ }
+ else {
+ SSL_set_verify(ssl, SSL_VERIFY_PEER, _collectSSLErr);
+ }
+ }... then let the user make the appropriate SSL setup calls #include <openssl/ssl.h>
static void
_sslCtxCb(void *ssl)
{
SSL_set_verify((SSL *)ssl, SSL_VERIFY_PEER, _sslVerifyCallback);
}that way we won't have to depend on any openssl definitions. |
|
Right. As per #825 (comment). I only looked at at a cursory level, It seemed to me like too many notes, but it was not. The contributor very quickly turned it around with no abstractions, and it got LGTMed and merged. What do we do now?
|
|
I'm having error message : error: unknown type name ‘SSL_verify_cb’ Is this the same problem? My system is Fedora 41 |
|
implementation for proposal (1) is in #858 for consideration. |
Observed behavior
With the latest 3.10, I need to define NATS_HAS_TLS otherwise my program does not even build.
Expected behavior
it should be part of the config or clearly documented.
Server and client version
3.10.0 nats.c. The problem is at compile time.
Host environment
macOS 15, Xcode 16.2, cmake
Steps to reproduce
build nats with TLS support
try to compile a program that include nats/nats.h
The text was updated successfully, but these errors were encountered: