diff --git a/crt/CMakeLists.txt b/crt/CMakeLists.txt index a2aa142..2484781 100644 --- a/crt/CMakeLists.txt +++ b/crt/CMakeLists.txt @@ -29,10 +29,14 @@ include(CTest) # On Unix we use S2N for TLS and AWS-LC crypto. # (On Windows and Apple we use the default OS libraries) if(UNIX AND NOT APPLE) - set(DISABLE_GO ON CACHE BOOL "Build without using Go, we don't want the extra dependency") - set(DISABLE_PERL ON CACHE BOOL "Build without using Perl, we don't want the extra dependency") - set(BUILD_LIBSSL OFF CACHE BOOL "Don't need libssl, only need libcrypto") - add_subdirectory(aws-lc) + option(USE_OPENSSL "Set this if you want to use your system's OpenSSL compatible libcrypto" OFF) + + if(NOT USE_OPENSSL) + set(DISABLE_GO ON CACHE BOOL "Build without using Go, we don't want the extra dependency") + set(DISABLE_PERL ON CACHE BOOL "Build without using Perl, we don't want the extra dependency") + set(BUILD_LIBSSL OFF CACHE BOOL "Don't need libssl, only need libcrypto") + add_subdirectory(aws-lc) + endif() set(UNSAFE_TREAT_WARNINGS_AS_ERRORS OFF CACHE BOOL "") add_subdirectory(s2n) diff --git a/setup.py b/setup.py index e85948c..d7c6291 100644 --- a/setup.py +++ b/setup.py @@ -121,6 +121,10 @@ def get_cmake_path(): raise Exception("CMake must be installed to build from source.") +def using_system_libcrypto(): + return os.getenv('AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO') == '1' + + class AwsLib: def __init__(self, name, extra_cmake_args=[], libname=None): self.name = name @@ -132,8 +136,9 @@ class AwsLib: # They're built along with the extension. AWS_LIBS = [] if sys.platform != 'darwin' and sys.platform != 'win32': - # aws-lc produces libcrypto.a - AWS_LIBS.append(AwsLib('aws-lc', libname='crypto')) + if not using_system_libcrypto(): + # aws-lc produces libcrypto.a + AWS_LIBS.append(AwsLib('aws-lc', libname='crypto')) AWS_LIBS.append(AwsLib('s2n')) AWS_LIBS.append(AwsLib('aws-c-common')) AWS_LIBS.append(AwsLib('aws-c-sdkutils')) @@ -182,6 +187,9 @@ class awscrt_build_ext(setuptools.command.build_ext.build_ext): f'-DCMAKE_BUILD_TYPE={build_type}', ]) + if using_system_libcrypto(): + cmake_args.append('-DUSE_OPENSSL=ON') + if sys.platform == 'darwin': # build lib with same MACOSX_DEPLOYMENT_TARGET that python will ultimately # use to link everything together, otherwise there will be linker warnings. @@ -298,13 +306,13 @@ def awscrt_ext(): extra_link_args += ['-framework', 'Security'] else: # unix - # linker will prefer shared libraries over static if it can find both. - # force linker to choose static variant by using using "-l:libcrypto.a" syntax instead of just "-lcrypto". - libraries = [':lib{}.a'.format(x) for x in libraries] # OpenBSD doesn't have librt; functions are found in libc instead. if not sys.platform.startswith('openbsd'): libraries += ['rt'] + if using_system_libcrypto(): + libraries += ['crypto'] + # hide the symbols from libcrypto.a # this prevents weird crashes if an application also ends up using # libcrypto.so from the system's OpenSSL installation.