MINIFICPP-2784 Fixing OpenSSL cmake#2168
Open
martinzink wants to merge 3 commits intoapache:mainfrom
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR tightens bundled OpenSSL handling across MiNiFi C++'s third-party CMake integrations so nested builds are less likely to mix bundled libraries with incompatible system headers.
Changes:
- Add stricter bundled OpenSSL/crypto discovery helpers and update AWS CRT patches to use them.
- Refactor several bundled dependency integrations (curl, libssh2, CivetWeb, Kubernetes client, Paho MQTT, AWS SDK, libarchive) to rely more on explicit target linking and propagated dependency roots.
- Make a few supporting cleanup changes in extensions/tests, including
ENABLE_ALLgating fixes and a smallAgentInformationserialization refactor.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
thirdparty/aws-sdk-cpp/s2n.patch |
Patches s2n to use the repo’s OpenSSL finder and target names. |
thirdparty/aws-sdk-cpp/aws-c-cal.patch |
Patches aws-c-cal to use strict OpenSSL/crypto lookup hooks. |
libminifi/src/core/state/nodes/AgentInformation.cpp |
Minor local refactor when serializing allowable property values. |
extensions/libarchive/CMakeLists.txt |
Makes libarchive extension honor ENABLE_ALL. |
extensions/civetweb/CMakeLists.txt |
Makes civetweb extension honor ENABLE_ALL. |
extensions/aws/tests/PutKinesisStreamTests.cpp |
Adds GCC-only warning suppression around AWS test mock code. |
extensions/aws/tests/CMakeLists.txt |
Links AWS test executables directly against additional SDK targets. |
extensions/aws/CMakeLists.txt |
Marks AWS SDK include dirs as SYSTEM interface includes. |
cmake/ssl/FindOpenSSL.cmake |
Replaces the dummy bundled OpenSSL finder with a stricter path-based one. |
cmake/ssl/FindCrypto.cmake |
Adds a strict bundled crypto finder for nested CMake builds. |
cmake/PahoMqttC.cmake |
Switches Paho OpenSSL dependency wiring from add_dependencies to linking. |
cmake/libssh2/sys/FindLibSSH2.cmake |
Reworks libssh2 finder to use strict root-based lookup. |
cmake/KubernetesClientC.cmake |
Explicitly finds OpenSSL and links websockets to curl/OpenSSL. |
cmake/curl/dummy/FindCURL.cmake |
Removes the old dummy bundled curl finder. |
cmake/CivetWeb.cmake |
Explicitly finds OpenSSL, disables server executable, and links OpenSSL targets. |
cmake/BundledOpenSSL.cmake |
Publishes OPENSSL_ROOT_DIR for downstream strict finders. |
cmake/BundledLibSSH2.cmake |
Migrates bundled libssh2 build from ExternalProject to FetchContent. |
cmake/BundledLibcURL.cmake |
Migrates bundled curl build to FetchContent and updates exported variables. |
cmake/BundledLibArchive.cmake |
Passes curl/OpenSSL root hints into bundled libarchive’s nested build. |
cmake/BundledAwsSdkCpp.cmake |
Expands AWS SDK patching and propagates strict dependency paths into the nested build. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
martinzink
force-pushed
the
openssl_streamlined_smashed
branch
from
f604d84 to
7f24b3f
Compare
lordgamez
reviewed
May 4, 2026
…etchLibSSH2.cmake
lordgamez
approved these changes
May 5, 2026
fgerlits
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://issues.apache.org/jira/browse/MINIFICPP-2784
The bundled openssl was not strict enough and sometimes it used the system headers while building, this caused build errors on systems where the openssl headers were not compatible with our bundled version. (e.g. arch linux, trixie, etc)
This also fixes the currently failing CI jobs namely
Thank you for submitting a contribution to Apache NiFi - MiNiFi C++.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with MINIFICPP-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically main)?
Is your initial contribution a single, squashed commit?
For code changes:
For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible.