Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error out if SSL not found/usable, when given `--with-ssl=...`? #3824

Closed
ihnorton opened this issue May 1, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@ihnorton
Copy link

commented May 1, 2019

I did this

Remove my ssl libraries:

rm /path/to/prefix/lib/*ssl*

then configure:

configure --prefix=/path/to/prefix --enable-optimize --enable-shared=no --disable-ldap --with-pic=yes --with-ssl=/path/to/prefix

I expected the following

configure should error out because --with-ssl was supplied, but no SSL can be found, as confirmed in config.log:

configure:25513: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
configure:25515: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.

There is some logic in configure.ac which seems intended to handle this case, but it is nested 1-2 levels too deep inside other if statements:

curl/configure.ac

Lines 1821 to 1824 in 55734f3

if test X"$OPT_SSL" != Xoff &&
test "$OPENSSL_ENABLED" != "1"; then
AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
fi

curl/libcurl version

curl-7.64.1.tar.gz

operating system

linux, GCC 4.8.2


patch

The following patch raises the error I expect, however, I've written ~0 M4 so not sure about the implications. Happy to submit a PR if this is useful:

diff --git a/configure.ac b/configure.ac
index 00fef9489..c548a96e4 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1817,11 +1817,6 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
     if test X"$OPENSSL_ENABLED" != X"1"; then
        LIBS="$CLEANLIBS"
     fi
-
-    if test X"$OPT_SSL" != Xoff &&
-       test "$OPENSSL_ENABLED" != "1"; then
-      AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
-    fi
   fi

   if test X"$OPENSSL_ENABLED" = X"1"; then
@@ -1889,6 +1884,11 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
   test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
 fi

+if test X"$with_ssl" != Xno &&
+  test "$OPENSSL_ENABLED" != "1"; then
+  AC_MSG_ERROR([--with-ssl was given but test for SSL failed])
+fi
+
 dnl **********************************************************************
 dnl Check for the random seed preferences
 dnl **********************************************************************

@ihnorton ihnorton changed the title Error out if `config --with-ssl=...` not found/usable? Error out if SSL not found/usable, when given `--with-ssl=...`? May 1, 2019

@bagder bagder added the build label May 2, 2019

bagder added a commit that referenced this issue May 2, 2019

configure: error out if OpenSSL wasn't detected when asked for
If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.

Suggested-by: Isaiah Norton
Fixes #3824
@bagder

This comment has been minimized.

Copy link
Member

commented May 4, 2019

It should be noticed that the script does verify that the given prefix (if one is provided) includes the correct header file. And also, my attempts in landing a patch (see #3830) similar to mentioned here has failed so far...

@ihnorton

This comment has been minimized.

Copy link
Author

commented May 4, 2019

Yes, this is simplified example. My original issue was due to the “-ldl -lpthread” link order issue, which caused OpenSSL detection to silently fail during the feature checks.

Thanks for submitting the fix (failures look like transient issue?)

@bagder

This comment has been minimized.

Copy link
Member

commented May 11, 2019

No, the "fix" clearly fails on some builds so it's not adequate.

bagder added a commit that referenced this issue May 12, 2019

configure: error out if OpenSSL wasn't detected when asked for
If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.

Suggested-by: Isaiah Norton
Fixes #3824

@bagder bagder closed this in c60042f May 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.