Revert "Support to WolfSSL (Step 1)" (#17697)

Revert "Support to WolfSSL (Step 1) (#17516)"

This reverts commit 8d9c464de3f79f2e92fe6c46894ad2e09dd8f4d5.

CMakeLists.txt

@@ -126,13 +126,9 @@ set(CONFIG_H ${CONFIG_H_DIR}/config.h)
 option(DEFAULT_FEATURE_STATE "Specify the default state for most optional features" True)
 mark_as_advanced(DEFAULT_FEATURE_STATE)
 
-# ssl
-option(ENABLE_WOLFSSL "Compile netdata using WolfSSL." False)
-cmake_dependent_option(ENABLE_OPENSSL "Compile netdata using OpenSSL." True "NOT ENABLE_WOLFSSL" False)
-
 # High-level features
-cmake_dependent_option(ENABLE_ACLK "Enable Netdata Cloud support (ACLK)" ${DEFAULT_FEATURE_STATE} "NOT ENABLE_WOLFSSL" False)
-cmake_dependent_option(ENABLE_CLOUD "Enable Netdata Cloud by default at runtime" ${DEFAULT_FEATURE_STATE} "NOT ENABLE_WOLFSSL" False)
+option(ENABLE_ACLK "Enable Netdata Cloud support (ACLK)" ${DEFAULT_FEATURE_STATE})
+option(ENABLE_CLOUD "Enable Netdata Cloud by default at runtime" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_ML "Enable machine learning features" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_DBENGINE "Enable dbengine metrics storage" True)
 
@@ -147,7 +143,7 @@ mark_as_advanced(ENABLE_LEGACY_EBPF_PROGRAMS)
 option(ENABLE_PLUGIN_FREEIPMI "Enable IPMI monitoring" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_PLUGIN_GO "Enable metric collectors written in Go" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_PLUGIN_LOCAL_LISTENERS "Enable local listening socket tracking (including service auto-discovery support)" ${DEFAULT_FEATURE_STATE})
-cmake_dependent_option(ENABLE_PLUGIN_LOGS_MANAGEMENT "Enable log collection and monitoring based on Fluent Bit" ${DEFAULT_FEATURE_STATE} "NOT ENABLE_WOLFSSL" False)
+option(ENABLE_PLUGIN_LOGS_MANAGEMENT "Enable log collection and monitoring based on Fluent Bit" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_PLUGIN_NETWORK_VIEWER "Enable network viewer functionality" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_PLUGIN_NFACCT "Enable Linux NFACCT metric collection" ${DEFAULT_FEATURE_STATE})
 option(ENABLE_PLUGIN_PERF "Enable Linux performance counter monitoring" ${DEFAULT_FEATURE_STATE})
@@ -171,8 +167,7 @@ mark_as_advanced(ENABLE_LOGS_MANAGEMENT_TESTS)
 # Experimental features
 option(ENABLE_WEBRTC "Enable WebRTC dashboard communications (experimental)" False)
 mark_as_advanced(ENABLE_WEBRTC)
-
-cmake_dependent_option(ENABLE_H2O "Enable H2O web server (experimental)" True "NOT ENABLE_WOLFSSL" False)
+option(ENABLE_H2O "Enable H2O web server (experimental)" True)
 mark_as_advanced(ENABLE_H2O)
 
 # Other optional functionality
@@ -185,21 +180,6 @@ mark_as_advanced(BUILD_FOR_PACKAGING)
 cmake_dependent_option(FORCE_LEGACY_LIBBPF "Force usage of libbpf 0.0.9 instead of the latest version." False "ENABLE_PLUGIN_EBPF" False)
 mark_as_advanced(FORCE_LEGACY_LIBBPF)
 
-include(CheckFunctionExists)
-
-if(ENABLE_WOLFSSL)
-        pkg_check_modules(WOLFSSL wolfssl)
-
-        list(APPEND CMAKE_REQUIRED_LIBRARIES wolfssl)
-        check_function_exists(wolfSSL_set_alpn_protos HAVE_WOLFSSL_SET_ALPN_PROTOS)
-        if(NOT HAVE_WOLFSSL_SET_ALPN_PROTOS)
-            message(FATAL_ERROR "Your WolfSSL library has not been compiled with the OPENSSL_EXTRA flag, which is necessary to create symbols for the OpenSSL API that Netdata uses.")
-        endif()
-else()
-        # openssl/crypto
-        pkg_check_modules(OPENSSL openssl)
-endif()
-
 if(ENABLE_ACLK OR ENABLE_EXPORTER_PROMETHEUS_REMOTE_WRITE)
         set(NEED_PROTOBUF True)
 else()
@@ -308,6 +288,11 @@ endif()
 # Libm
 #
 
+# checks link with cmake required libs
+cmake_policy(SET CMP0075 NEW)
+
+include(CheckFunctionExists)
+
 check_function_exists(log10 HAVE_LOG10)
 if(NOT HAVE_LOG10)
         unset(HAVE_LOG10 CACHE)
@@ -561,7 +546,11 @@ if(FREEBSD OR MACOS)
         set(HAVE_BUILTIN_ATOMICS True)
 endif()
 
-if(NOT OPENSSL_FOUND AND ENABLE_OPENSSL)
+# openssl/crypto
+set(ENABLE_OPENSSL True)
+pkg_check_modules(OPENSSL openssl)
+
+if(NOT OPENSSL_FOUND)
         if(MACOS)
                 execute_process(COMMAND
                                 brew --prefix --installed openssl
@@ -581,7 +570,7 @@ if(NOT OPENSSL_FOUND AND ENABLE_OPENSSL)
         endif()
 endif()
 
-if(NOT MACOS AND ENABLE_OPENSSL)
+if(NOT MACOS)
         pkg_check_modules(CRYPTO libcrypto)
 endif()
 
@@ -703,7 +692,6 @@ set(LIBNETDATA_FILES
         src/libnetdata/required_dummies.h
         src/libnetdata/socket/security.c
         src/libnetdata/socket/security.h
-        src/libnetdata/ssl/ssl.h
         src/libnetdata/simple_pattern/simple_pattern.c
         src/libnetdata/simple_pattern/simple_pattern.h
         src/libnetdata/socket/socket.c
@@ -1430,7 +1418,7 @@ set(NETDATA_FILES
         ${WEB_PLUGIN_FILES}
         ${CLAIM_PLUGIN_FILES}
         ${SPAWN_PLUGIN_FILES}
-        "$<$<BOOL:${ENABLE_OPENSSL}>:${ACLK_ALWAYS_BUILD}>"
+        ${ACLK_ALWAYS_BUILD}
         ${PROFILE_PLUGIN_FILES}
 )
 
@@ -1725,26 +1713,15 @@ target_include_directories(libnetdata BEFORE PUBLIC ${LIBUV_INCLUDE_DIRS})
 target_compile_options(libnetdata PUBLIC ${LIBUV_CFLAGS_OTHER})
 target_link_libraries(libnetdata PUBLIC ${LIBUV_LDFLAGS})
 
-if (ENABLE_OPENSSL)
-        message(STATUS "Compiling Netdata with OpenSSL")
-        # crypto
-        target_include_directories(libnetdata BEFORE PUBLIC ${CRYPTO_INCLUDE_DIRS})
-        target_compile_options(libnetdata PUBLIC ${CRYPTO_CFLAGS_OTHER})
-        target_link_libraries(libnetdata PUBLIC ${CRYPTO_LDFLAGS})
+# crypto
+target_include_directories(libnetdata BEFORE PUBLIC ${CRYPTO_INCLUDE_DIRS})
+target_compile_options(libnetdata PUBLIC ${CRYPTO_CFLAGS_OTHER})
+target_link_libraries(libnetdata PUBLIC ${CRYPTO_LDFLAGS})
 
-        # openssl
-        target_include_directories(libnetdata BEFORE PUBLIC ${OPENSSL_INCLUDE_DIRS})
-        target_compile_options(libnetdata PUBLIC ${OPENSSL_CFLAGS_OTHER})
-        target_link_libraries(libnetdata PUBLIC ${OPENSSL_LDFLAGS})
-endif()
-
-if (ENABLE_WOLFSSL)
-        message(STATUS "Compiling Netdata with WolfSSL")
-
-        target_include_directories(libnetdata BEFORE PUBLIC ${WOLFSSL_INCLUDE_DIRS})
-        target_compile_options(libnetdata PUBLIC ${WOLFSSL_CFLAGS_OTHER})
-        target_link_libraries(libnetdata PUBLIC ${WOLFSSL_LDFLAGS})
-endif()
+# openssl
+target_include_directories(libnetdata BEFORE PUBLIC ${OPENSSL_INCLUDE_DIRS})
+target_compile_options(libnetdata PUBLIC ${OPENSSL_CFLAGS_OTHER})
+target_link_libraries(libnetdata PUBLIC ${OPENSSL_LDFLAGS})
 
 # mnl
 if(NOT MACOS)
@@ -1772,8 +1749,7 @@ if(ENABLE_MQTTWEBSOCKETS)
 
         target_compile_options(mqttwebsockets PUBLIC -DMQTT_WSS_CUSTOM_ALLOC
                                                      -DRBUF_CUSTOM_MALLOC
-                                                     -DMQTT_WSS_CPUSTATS
-                )
+                                                     -DMQTT_WSS_CPUSTATS)
 
         target_include_directories(mqttwebsockets PUBLIC ${CMAKE_SOURCE_DIR}/aclk/helpers
                                                          ${CMAKE_SOURCE_DIR}/src/web/server/h2o/libh2o/include)

packaging/cmake/config.cmake.h.in

@@ -105,7 +105,6 @@
 // enabled features
 
 #cmakedefine ENABLE_OPENSSL
-#cmakedefine ENABLE_WOLFSSL
 #cmakedefine ENABLE_CLOUD
 #cmakedefine ENABLE_ACLK
 #cmakedefine ENABLE_ML

src/aclk/aclk.c

@@ -62,9 +62,7 @@ struct aclk_shared_state aclk_shared_state = {
 };
 
 #ifdef MQTT_WSS_DEBUG
-#if defined(ENABLE_OPENSSL)
 #include <openssl/ssl.h>
-#endif
 #define DEFAULT_SSKEYLOGFILE_NAME "SSLKEYLOGFILE"
 const char *ssl_log_filename = NULL;
 FILE *ssl_log_file = NULL;

src/aclk/mqtt_websockets/mqtt_wss_client.c

@@ -23,25 +23,17 @@
 #include <netinet/tcp.h> //TCP_NODELAY
 #include <netdb.h>
 
-#ifdef ENABLE_OPENSSL
 #include <openssl/err.h>
 #include <openssl/ssl.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/err.h>
-#include <wolfssl/openssl/ssl.h>
-#endif
 
 #define PIPE_READ_END  0
 #define PIPE_WRITE_END 1
 #define POLLFD_SOCKET  0
 #define POLLFD_PIPE    1
 
-#if defined(ENABLE_OPENSSL)
 #if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110) && (SSLEAY_VERSION_NUMBER >= OPENSSL_VERSION_097)
 #include <openssl/conf.h>
 #endif
-#endif //ENABLE_OPENSSL
 
 //TODO MQTT_PUBLISH_RETAIN should not be needed anymore
 #define MQTT_PUBLISH_RETAIN 0x01

src/aclk/mqtt_websockets/mqtt_wss_client.h

@@ -155,12 +155,7 @@ struct mqtt_wss_stats {
 struct mqtt_wss_stats mqtt_wss_get_stats(mqtt_wss_client client);
 
 #ifdef MQTT_WSS_DEBUG
-#ifdef ENABLE_OPENSSL
 #include <openssl/ssl.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/ssl.h>
-#endif
 void mqtt_wss_set_SSL_CTX_keylog_cb(mqtt_wss_client client, void (*ssl_ctx_keylog_cb)(const SSL *ssl, const char *line));
 #endif
 

src/aclk/mqtt_websockets/ws_client.c

@@ -17,12 +17,7 @@
 #include <errno.h>
 #include <ctype.h>
 
-#ifdef ENABLE_OPENSSL
 #include <openssl/evp.h>
-#elif defined(ENABLE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/evp.h>
-#endif
 
 #include "ws_client.h"
 #include "common_internal.h"

src/claim/claim.c

@@ -52,7 +52,7 @@ CLAIM_AGENT_RESPONSE claim_agent(const char *claiming_arguments, bool force, con
         return CLAIM_AGENT_CLOUD_DISABLED;
     }
 
-#if defined(ENABLE_CLOUD) && defined(ENABLE_ACLK)
+#ifndef DISABLE_CLOUD
     int exit_code;
     pid_t command_pid;
     char command_exec_buffer[CLAIMING_COMMAND_LENGTH + 1];

src/daemon/buildinfo.c

@@ -69,7 +69,7 @@ typedef enum __attribute__((packed)) {
     BIB_LIB_ZLIB,
     BIB_LIB_BROTLI,
     BIB_LIB_PROTOBUF,
-    BIB_LIB_SSL,
+    BIB_LIB_OPENSSL,
     BIB_LIB_LIBDATACHANNEL,
     BIB_LIB_JSONC,
     BIB_LIB_LIBCAP,
@@ -650,17 +650,12 @@ static struct {
                 .json = "protobuf",
                 .value = NULL,
         },
-        [BIB_LIB_SSL] = {
+        [BIB_LIB_OPENSSL] = {
                 .category = BIC_LIBS,
                 .type = BIT_BOOLEAN,
                 .analytics = NULL,
-#if defined(ENABLE_OPENSSL)
                 .print = "OpenSSL (cryptography)",
                 .json = "openssl",
-#elif defined(ENABLE_WOLFSSL)
-                .print = "WolfSSL (cryptography)",
-                .json = "wolfssl",
-#endif
                 .value = NULL,
         },
         [BIB_LIB_LIBDATACHANNEL] = {
@@ -1167,8 +1162,8 @@ __attribute__((constructor)) void initialize_build_info(void) {
 #ifdef HAVE_LIBDATACHANNEL
     build_info_set_status(BIB_LIB_LIBDATACHANNEL, true);
 #endif
-#if defined(ENABLE_OPENSSL) || defined(ENABLE_WOLFSSL)
-    build_info_set_status(BIB_LIB_SSL, true);
+#ifdef ENABLE_OPENSSL
+    build_info_set_status(BIB_LIB_OPENSSL, true);
 #endif
 #ifdef ENABLE_JSONC
     build_info_set_status(BIB_LIB_JSONC, true);

src/daemon/commands.c

@@ -295,17 +295,10 @@ static cmd_status_t cmd_ping_execute(char *args, char **message)
 static cmd_status_t cmd_aclk_state(char *args, char **message)
 {
     netdata_log_info("COMMAND: Reopening aclk/cloud state.");
-#ifdef ENABLE_ACLK
     if (strstr(args, "json"))
         *message = aclk_state_json();
     else
         *message = aclk_state();
-#else
-    if (strstr(args, "json"))
-        *message = strdupz("{\"aclk-available\":false}");
-    else
-        *message = strdupz("ACLK Available: No");;
-#endif
 
     return CMD_STATUS_SUCCESS;
 }

src/database/contexts/api_v2.c

@@ -800,7 +800,6 @@ static void rrdhost_sender_to_json(BUFFER *wb, RRDHOST_STATUS *s, const char *ke
     buffer_json_object_close(wb); // streaming
 }
 
-#ifdef ENABLE_ACLK
 static void agent_capabilities_to_json(BUFFER *wb, RRDHOST *host, const char *key) {
     buffer_json_member_add_array(wb, key);
 
@@ -817,7 +816,6 @@ static void agent_capabilities_to_json(BUFFER *wb, RRDHOST *host, const char *ke
     buffer_json_array_close(wb);
     freez(capas);
 }
-#endif
 
 static inline void host_dyncfg_to_json_v2(BUFFER *wb, const char *key, RRDHOST_STATUS *s) {
     buffer_json_member_add_object(wb, key);
@@ -895,9 +893,7 @@ static void rrdcontext_to_json_v2_rrdhost(BUFFER *wb, RRDHOST *host, struct rrdc
             buffer_json_member_add_string(wb, "state", rrdhost_state_cloud_emulation(host) ? "reachable" : "stale");
 
             rrdhost_health_to_json_v2(wb, "health", &s);
-#ifdef ENABLE_ACLK
             agent_capabilities_to_json(wb, host, "capabilities");
-#endif
         }
 
         if (ctl->mode & (CONTEXTS_V2_NODE_INSTANCES)) {
@@ -941,9 +937,7 @@ static void rrdcontext_to_json_v2_rrdhost(BUFFER *wb, RRDHOST *host, struct rrdc
                 rrdhost_health_to_json_v2(wb, "health", &s);
 
                 host_functions2json(host, wb); // functions
-#ifdef ENABLE_ACLK
                 agent_capabilities_to_json(wb, host, "capabilities");
-#endif
 
                 host_dyncfg_to_json_v2(wb, "dyncfg", &s);
             }