Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error out if SSL not found/usable, when given `--with-ssl=...`? #3824

Closed
ihnorton opened this issue May 1, 2019 · 3 comments

Comments

@ihnorton
Copy link

commented May 1, 2019

I did this

Remove my ssl libraries:

rm /path/to/prefix/lib/*ssl*

then configure:

configure --prefix=/path/to/prefix --enable-optimize --enable-shared=no --disable-ldap --with-pic=yes --with-ssl=/path/to/prefix

I expected the following

configure should error out because --with-ssl was supplied, but no SSL can be found, as confirmed in config.log:

configure:25513: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
configure:25515: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.

There is some logic in configure.ac which seems intended to handle this case, but it is nested 1-2 levels too deep inside other if statements:

curl/configure.ac

Lines 1821 to 1824 in 55734f3

if test X"$OPT_SSL" != Xoff &&
test "$OPENSSL_ENABLED" != "1"; then
AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
fi

curl/libcurl version

curl-7.64.1.tar.gz

operating system

linux, GCC 4.8.2


patch

The following patch raises the error I expect, however, I've written ~0 M4 so not sure about the implications. Happy to submit a PR if this is useful:

diff --git a/configure.ac b/configure.ac
index 00fef9489..c548a96e4 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1817,11 +1817,6 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
     if test X"$OPENSSL_ENABLED" != X"1"; then
        LIBS="$CLEANLIBS"
     fi
-
-    if test X"$OPT_SSL" != Xoff &&
-       test "$OPENSSL_ENABLED" != "1"; then
-      AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
-    fi
   fi

   if test X"$OPENSSL_ENABLED" = X"1"; then
@@ -1889,6 +1884,11 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
   test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
 fi

+if test X"$with_ssl" != Xno &&
+  test "$OPENSSL_ENABLED" != "1"; then
+  AC_MSG_ERROR([--with-ssl was given but test for SSL failed])
+fi
+
 dnl **********************************************************************
 dnl Check for the random seed preferences
 dnl **********************************************************************
@ihnorton ihnorton changed the title Error out if `config --with-ssl=...` not found/usable? Error out if SSL not found/usable, when given `--with-ssl=...`? May 1, 2019
@bagder bagder added the build label May 2, 2019
bagder added a commit that referenced this issue May 2, 2019
If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.

Suggested-by: Isaiah Norton
Fixes #3824
@bagder

This comment has been minimized.

Copy link
Member

commented May 4, 2019

It should be noticed that the script does verify that the given prefix (if one is provided) includes the correct header file. And also, my attempts in landing a patch (see #3830) similar to mentioned here has failed so far...

@ihnorton

This comment has been minimized.

Copy link
Author

commented May 4, 2019

Yes, this is simplified example. My original issue was due to the “-ldl -lpthread” link order issue, which caused OpenSSL detection to silently fail during the feature checks.

Thanks for submitting the fix (failures look like transient issue?)

@bagder

This comment has been minimized.

Copy link
Member

commented May 11, 2019

No, the "fix" clearly fails on some builds so it's not adequate.

bagder added a commit that referenced this issue May 12, 2019
If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.

Suggested-by: Isaiah Norton
Fixes #3824
@bagder bagder closed this in c60042f May 14, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Aug 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.