• csg
  • Member
  • Offline
  • From: Portland, Oregon
  • Registered: 2015-09-23
  • Posts: 7

Topic: [SOLVED] undefined reference to `wolfSSLv3_client_method'

I am building wolfSSL and libcurl for an embedded application on PowerPC.

My configure line for wolfSSL is

./configure \
--host=powerpc-linux \
--prefix=/opt/vendor/usr/local \
--enable-opensslextra \
--enable-aesgcm \
--enable-sha512 \
--enable-dh \
--enable-dsa \
--enable-ecc \
--enable-sni \
--enable-fastmath \
--enable-sessioncerts \
--enable-certgen \
--enable-testcert \
C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"

Since my compiler is ancient, I have to remove -Werror from the Makefile, but otherwise this seems to build OK.

curl configuration seems OK, and the libraries build fine. The problem comes when we try to link the curl command line utility:

libtool: link: powerpc-linux-gcc -Os -Wno-unused -Wno-shadow -Wno-missing-declarations -Wno-missing-prototypes -o .libs/curl curl-tool_binmode.o curl-tool_bname.o curl-tool_cb_dbg.o curl-tool_cb_hdr.o curl-tool_cb_prg.o curl-tool_cb_rea.o curl-tool_cb_see.o curl-tool_cb_wrt.o curl-tool_cfgable.o curl-tool_convert.o curl-tool_dirhie.o curl-tool_doswin.o curl-tool_easysrc.o curl-tool_formparse.o curl-tool_getparam.o curl-tool_getpass.o curl-tool_help.o curl-tool_helpers.o curl-tool_homedir.o curl-tool_hugehelp.o curl-tool_libinfo.o curl-tool_main.o curl-tool_metalink.o curl-tool_mfiles.o curl-tool_msgs.o curl-tool_operate.o curl-tool_operhlp.o curl-tool_panykey.o curl-tool_paramhlp.o curl-tool_parsecfg.o curl-tool_strdup.o curl-tool_setopt.o curl-tool_sleep.o curl-tool_urlglob.o curl-tool_util.o curl-tool_vms.o curl-tool_writeenv.o curl-tool_writeout.o curl-tool_xattr.o ../lib/curl-strtoofft.o ../lib/curl-rawstr.o ../lib/curl-nonblock.o ../lib/curl-warnless.o  -L/opt/sixnet/usr/local/lib ../lib/.libs/libcurl.so -lz -Wl,-rpath -Wl,/opt/sixnet/usr/local/lib
../lib/.libs/libcurl.so: undefined reference to `wolfSSLv3_client_method'
collect2: ld returned 1 exit status

What configure option do I need to provide wolfSSLv3_client_method in libwolfssl? I have no intention of using SSLv3, but curl wants it.

The end application will not use the curl command line tool, but I am having trouble with certificate bundle loading (the subject of an upcoming post) and I want the tool for troubleshooting.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 776

Re: [SOLVED] undefined reference to `wolfSSLv3_client_method'

Hi csg,

The configure option you are looking for is 

--enable-sslv3

We recently disabled this by default as it is vulnerable and a client could potentially
force a server to downgrade to SSL v3 as long as the server supports it and then use
known attacks against that SSL v3 connection.

I would instead suggest updating your curl version if possible (unless their newer versions no longer support Big Endian Architecture).

According to this Stack Exchange question http://unix.stackexchange.com/questions … v3-in-curl the gentleman notes that older versions of curl expect SSLv3 while in newer versions, they (like us) have disabled ssl v3 by default.

Begin Quote from Stack Exchange user ub3rst4r:

I contacted CloudFlare about this issue and they say its because cURL is trying to connect using SSLv3 and they disabled it because of the POODLE vulnerability. I'm able to connect with cURL v7.38.0 on FreeBSD 10 no problems, but not with cURL v7.29.0 on CentOS 6.5.

End Quote

Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • csg
  • Member
  • Offline
  • From: Portland, Oregon
  • Registered: 2015-09-23
  • Posts: 7

Re: [SOLVED] undefined reference to `wolfSSLv3_client_method'

Kaleb,

I am building the 7.44.0 tag from libcurl's git, so quite recent.

It may be true that curl does not use SSLv3 by default, but the abstraction layer supports SSLv3 so it is required at link time.

I solved the immediate problem by removing the SSLv3 case from libcurl's cyassl.c:

    //  case CURL_SSLVERSION_SSLv3:                                             
    //    req_method = SSLv3_client_method();                                   
    //    use_sni(FALSE);                                                       
    //    break;

Thanks for the quick reply!

Chris

Share