Skip to content

Commit

Permalink
configure: if asked to use TLS, fail if no TLS lib was detected
Browse files Browse the repository at this point in the history 
Previously the configure script would just warn about this fact and
continue with TLS disabled build which is not always helpful. TLS should
be explicitly disabled if that is what the user wants.

Closes #9367
  • Loading branch information
@bagder
bagder committed Aug 25, 2022
1 parent 70d010d commit 576e507
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions configure.ac
View file
Expand Up @@ -218,6 +218,8 @@ AS_HELP_STRING([--without-ssl], [build without any TLS library]),[
OPT_OPENSSL=$withval
if test X"$withval" != Xno; then
TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL"
else
SSL_DISABLED="D"
fi
])

Expand Down Expand Up @@ -1955,18 +1957,21 @@ if test "x$curl_cv_native_windows" = "xyes" &&
LIBS="-lbcrypt $LIBS"
fi

case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$BEARSSL_ENABLED$RUSTLS_ENABLED"
case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$BEARSSL_ENABLED$RUSTLS_ENABLED$SSL_DISABLED"
in
x)
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
AC_MSG_WARN([Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl or --with-rustls to address this.])
AC_MSG_ERROR([TLS not detected, you will not be able to use HTTPS, FTPS, NTLM and more.
Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl or --with-rustls to address this.])
;;
x1)
# one SSL backend is enabled
AC_SUBST(SSL_ENABLED)
SSL_ENABLED="1"
AC_MSG_NOTICE([built with one SSL backend])
;;
xD)
# explicitly built without TLS
;;
*)
# more than one SSL backend is enabled
AC_SUBST(SSL_ENABLED)
Expand Down

10 comments on commit 576e507

@mback2k
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something seems to be wrong here. The 3 msys2-based autotools builds on AppVeyor all use --with-schannel but fail with:

checking whether to enable Windows native SSL/TLS... no
checking whether to enable Secure Transport... no
checking whether to enable Amiga native SSL/TLS (AmiSSL v5)... no
configure: error: TLS not detected, you will not be able to use HTTPS, FTPS, NTLM and more.
Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl or --with-rustls to address this.

Example: https://ci.appveyor.com/project/curlorg/curl/builds/44579697/job/30mp02ugtv77fpm4#L229

@mback2k
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind, those 3 builds could have never used Schannel as they are msys2-native and not Win32-based.

@bagder
Copy link
Member Author

@bagder bagder commented on 576e507 Aug 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, then they rather proved that the change was good! 😄

@hydra3333
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello.
This commit breaks cross-compilation of curl (libcurl) under Mingw64 in Ubuntu with target Win10x64.
Cross-compiling with the previous commit of curl works fine.
Both rely on gnutls 3.7.7.

Logs attached.

Extract from config.log:

configure:26439: checking for gnutls_x509_crt_get_dn2 in -lgnutls
configure:26462: x86_64-w64-mingw32-gcc -o conftest.exe -O3 -fstack-protector-all -D_FORTIFY_SOURCE=2 -Werror-implicit-function-declaration -Wno-system-headers -O3 -fstack-protector-all -D_FORTIFY_SOURCE=2 -I/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/include -I/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/include   -O3  -fstack-protector-all  -D_FORTIFY_SOURCE=2   -L/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib -L/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib conftest.c -lgnutls  -lgnutls -lnettle -lhogweed -lgmp -lcrypt32 -lws2_32 -lintl -liconv -lssp -lwldap32 -lz -lws2_32  >&5
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x70): undefined reference to `NCryptFreeObject'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x145): undefined reference to `NCryptSignHash'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x191): undefined reference to `NCryptSignHash'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x467): undefined reference to `NCryptDecrypt'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x4b8): undefined reference to `NCryptDecrypt'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x170a): undefined reference to `NCryptFreeObject'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x1719): undefined reference to `NCryptFreeObject'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x1735): undefined reference to `NCryptOpenStorageProvider'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x188a): undefined reference to `NCryptOpenKey'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x18c6): undefined reference to `NCryptGetProperty'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x1a05): undefined reference to `NCryptFreeObject'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x2858): undefined reference to `NCryptDeleteKey'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x2862): undefined reference to `NCryptFreeObject'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x28c0): undefined reference to `NCryptDeleteKey'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(keys-win.o):keys-win.c:(.text+0x28ca): undefined reference to `NCryptFreeObject'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(sysrng-bcrypt.o):sysrng-bcrypt.:(.text+0x29): undefined reference to `BCryptGenRandom'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(sysrng-bcrypt.o):sysrng-bcrypt.:(.text+0xab): undefined reference to `BCryptOpenAlgorithmProvider'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libgnutls.a(sysrng-bcrypt.o):sysrng-bcrypt.:(.text+0x13d): undefined reference to `BCryptCloseAlgorithmProvider'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libhogweed.a(pkcs1-sec-decrypt.o): in function `_nettle_pkcs1_sec_decrypt':
/home/u/Desktop/_working/workdir/x86_64/nettle-3.8.1/pkcs1-sec-decrypt.c:82: undefined reference to `nettle_cnd_memcpy'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libhogweed.a(pkcs1-sec-decrypt.o): in function `_nettle_pkcs1_sec_decrypt_variable':
/home/u/Desktop/_working/workdir/x86_64/nettle-3.8.1/pkcs1-sec-decrypt.c:135: undefined reference to `nettle_cnd_memcpy'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/x86_64/nettle-3.8.1/pkcs1-sec-decrypt.c:143: undefined reference to `nettle_cnd_memcpy'
/home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/lib/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld: /home/u/Desktop/_working/workdir/toolchain/x86_64-w64-mingw32/x86_64-w64-mingw32/lib/libhogweed.a(ed448-shake256.o):ed448-shake256:(.rdata+0x28): undefined reference to `nettle_sha3_256_shake'
collect2: error: ld returned 1 exit status
configure:26462: $? = 1
configure: failed program was:

2_config.log
1_visible_log.txt

@bagder
Copy link
Member Author

@bagder bagder commented on 576e507 Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hydra3333 if you have an issue, then please submit an issue and not just a comment on a commit.

This particular change was in configure logic only, so it seems unlikely that this particular commit broke the build in the way you describe.

@hydra3333
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. Will create an issue.

@bagder I just re-tried and observe that the prior commit definitely cross-compiles fine whereas this commit definitely does not, with nothing else being changed.

@bagder
Copy link
Member Author

@bagder bagder commented on 576e507 Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, let's figure out why!

@bagder
Copy link
Member Author

@bagder bagder commented on 576e507 Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And you are sure your build previously simply didn't just build without TLS? Because your configure build fails to detect GnuTLS and this change didn't affect that detection, it only made the failure a fatal error.

@hydra3333
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @bagder yes I'm sure ... I think ... only on the basis of going back and forth with the same configure just a change in the commit used.

@bagder
Copy link
Member Author

@bagder bagder commented on 576e507 Sep 8, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please comment in the issue

Please sign in to comment.