openssl/openssl for mobile

[cpsauer]

@njlr Is there any chance I could ask you to add mobile support (iphoneos and android) for openssl/openssl? Pretty please 🙏

I can hack it in (or prebuild) if necessary, but it looks like the BUCK file is pretty intricate and that you've changed it recently. If you'd be willing, I'd be hugely appreciative.

[njlr]

I can certainly give it a try!

[njlr]

Made some progress on iOS: https://github.com/buckaroo-pm/openssl/blob/ce8bbb85e4241eec41fa4e4b96f64919594b7695/BUCK

With this BUCK file openssl will work in the iPhone simulator (I assume it will also work on a real device, but I am unable to test right now). Android is next.

[cpsauer]

Thanks so much for working on this, @njlr !

As a heads: I tried swapping out my BUCK, but building errors out (even on desktop).
unable to read Makefile.org:No such file or directory
It's possible that you've changed the openssl source, too? But thought I should say in case it was helpful.

[njlr]

I am writing the new BUCK file against OpenSSL 1.1.1; the sources have changed slightly.

[njlr]

I managed to get Android working in an x86 emulator. Does this BUCK file work for you?

https://github.com/buckaroo-pm/openssl/blob/00757e702f128ef22312f9af19154cbf9dfefe5a/BUCK

[cpsauer]

Hey @njlr! Really appreciate your efforts on this. It seems to build the static library just fine, but something's broken with the includes. On the platforms I tried (mac, iOS), hen you try to use OpenSSL as a dep, it looks like some critical methods aren't included. See below for an example of build error when trying to use OpenSSL as part of boost::asio

Build failed: Command failed with exit code 1.
stderr: 
<omitted>
In file included from buckaroo/official/boost/asio/include/boost/asio/ssl.hpp:19:
In file included from buckaroo/official/boost/asio/include/boost/asio/ssl/context.hpp:29:
In file included from buckaroo/official/boost/asio/include/boost/asio/ssl/detail/openssl_init.hpp:100:
buckaroo/official/boost/asio/include/boost/asio/ssl/detail/impl/openssl_init.ipp:39:7: error: no member named 'SSL_library_init' in the global namespace
    ::SSL_library_init();
    ~~^
buckaroo/official/boost/asio/include/boost/asio/ssl/detail/impl/openssl_init.ipp:40:7: error: no member named 'SSL_load_error_strings' in the global namespace
    ::SSL_load_error_strings();        
    ~~^
buckaroo/official/boost/asio/include/boost/asio/ssl/detail/impl/openssl_init.ipp:41:7: error: no member named 'OpenSSL_add_all_algorithms' in the global namespace
    ::OpenSSL_add_all_algorithms();
    ~~^

[njlr]

Sure, I'll take a look.

First finding: boost/asio seems to support multiple versions of OpenSSL switched on a macro:

#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
    ::SSL_library_init();
    ::SSL_load_error_strings();        
    ::OpenSSL_add_all_algorithms();

    mutexes_.resize(::CRYPTO_num_locks());
    for (size_t i = 0; i < mutexes_.size(); ++i)
      mutexes_[i].reset(new boost::asio::detail::mutex);
    ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func);
#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
    ::CRYPTO_set_id_callback(&do_init::openssl_id_func);
#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)

#if !defined(SSL_OP_NO_COMPRESSION) \
  && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
    null_compression_methods_ = sk_SSL_COMP_new_null();
#endif // !defined(SSL_OP_NO_COMPRESSION)
       // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
}

https://github.com/boostorg/asio/blob/fbe86d86b1ac53e40444e5af03ca4a6c74c33bda/include/boost/asio/ssl/detail/impl/openssl_init.ipp#L39

This version is defined here: https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/include/openssl/opensslv.h#L42

So maybe we can try forcing a version like this: -DOPENSSL_VERSION_NUMBER="0x10102000L"

[njlr]

The BUCK file I posted above works for me on macOS. Perhaps you took the wrong version of the OpenSSL source-code?

I have made a small example that you can test here: https://github.com/njlr/openssl-boost-asio-test

[cpsauer]

Hey @njlr, your example works for me, but doesn't trip the error, which I think is real, unfortunately, if not the fault of OpenSSL (see below).

I'd originally downloaded your buckaroo/openssl at the same commit as your BUCK file when I got that error. Copying openssl in from your example and building against that in my project gives the same errors as before.

The issue, I think, is that boost 1.63 (the one used by buckaroo) doesn't support OpenSSl 1.1.1 correctly. OpenSSL 1.1 support had just been added in 1.62, and it looks like it had some problems until 1.64. It looks like among them was this problem we're facing, based on this commit.

[cpsauer]

So I resolved this by patching asio and websocketpp. Probably the best long term solution, though, is to upgrade buckaroo to the latest versions of each, since those latest versions support openssl 1.1.1, which is an LTS version.

[njlr]

Thanks for the info @cpsauer

First thing I'll do is update OpenSSL, since that BUCK file seems good now.

I'll take a look at updating Boost vs fixing an older version of OpenSSL. Ideally we would do both though.

[njlr]

I have updated 1.0.2k (1.0.211) with the mobile rules 600184a