HTTPS/SSL support for linux


#1

Hi all,

Just a heads up that https/ssl support on Linux has now been added to JUCE. Currently, by default, HTTPS/SSL support will be disabled by the introjucer so that no additional dependencies are introduced to already existing JUCE projects. To enable it you will need to rebuild the newest Introjucer (from latest tip on github!) and click on the "juce_core" module in the "Config" tab and select "ENABLED" under "JUCE_USE_CURL" on the right hand side. If you use an old version of Introjucer then you will get linker errors!

Additionally, you will need to install the libcurl development files to use this feature. For example, on Ubuntu/Debian the following should work:

sudo apt-get install libcurl4-gnutls-dev

Note, that the users of your app do not need to install libcurl-dev development files (headers etc). All they need is libcurl which is installed by default on nearly all linux distributions.

Fabian


#2

Great news!

It will soon be done on other platforms, won't it? On OSX, it's nearly the same with Linux...

I hope JUCE will use libcurl to improve its URL class eventually, provides upload, download, ftp manage etc... cURL is a free, powerful library, I'm confused why JUCE didn't use it...

Recently, I wrote a FtpProcessor class, based on Dave96's dRowAudio cURL module, I changed and expanded a little bit, made it ftp manager functions (such as delete, rename, create, move remote file and dir...),  using the lastest x64 cURL static library. It works nice on Windows, OSX and Linux, haven't tested it on iOS. But, it's so difficult to compile and link the library on Android, I'm still struggling on it...


#3

https/ssl support already works on all other platforms ;-)


#4

oh, sorry, my fault. I thought it was a start point that juce begin to use curl to improve its URL class...


#5

Hi Fabian, you mention libcurl comes with almost all Linux distros, do you know if all of these are built with SSL capabilities? Years ago I had to build libcurl for static linkage but building it with SSL was a real pain due to all the complex dependencies.

I'm just wondering if we build this into our apps and only allow https connections to our server how likely it is to fail? I'm assuming not very?


#6

I seem to remember that statically linking to libcurl will disable https/SSL by default (not entirely sure though) and enabling this is highly discouraged. This is because libcurl comes with different SSL backends which will be dynamically linked in (for exmaple on Ubuntu it typically uses GNU TLS) and the backends should never be linked in statically - as for example - the root certificate storage is usually distribution dependant and details may change when vunerabilities have been discovered.

Therefore, as long as you link to libcurl dynamically, I would be very surprised if a distribution would not support https/SSL. You can check if your binary dynamically links to libcurl by running 'ldd' on it.

This could be a problem if you are linking your entire build as a static executable (using '-static' in the linking step) as then libcurl would also be pulled in statically (and SSL/https would likely be disabled). If this is a problem then I can make JUCE use dlopen etc. to load the dynamic library version of curl at runtime.


#7

Hi, is the linker option "-lcurl" added to LDFLAGS automatically when JUCE_USE_CURL is enabled?


#8

Yes, but only if you build the introjucer from the latest github tip yourself.