Error out if SSL not found/usable, when given `--with-ssl=...`?

[ihnorton]

I did this

Remove my ssl libraries:

rm /path/to/prefix/lib/*ssl*

then configure:

configure --prefix=/path/to/prefix --enable-optimize --enable-shared=no --disable-ldap --with-pic=yes --with-ssl=/path/to/prefix

I expected the following

configure should error out because --with-ssl was supplied, but no SSL can be found, as confirmed in config.log:

configure:25513: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
configure:25515: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.

There is some logic in configure.ac which seems intended to handle this case, but it is nested 1-2 levels too deep inside other if statements:

curl/configure.ac

Lines 1821 to 1824 in 55734f3

	if test X"$OPT_SSL" != Xoff &&
	test "$OPENSSL_ENABLED" != "1"; then
	AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
	fi

curl/libcurl version

curl-7.64.1.tar.gz

operating system

linux, GCC 4.8.2

---

patch

The following patch raises the error I expect, however, I've written ~0 M4 so not sure about the implications. Happy to submit a PR if this is useful:

diff --git a/configure.ac b/configure.ac
index 00fef9489..c548a96e4 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1817,11 +1817,6 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
     if test X"$OPENSSL_ENABLED" != X"1"; then
        LIBS="$CLEANLIBS"
     fi
-
-    if test X"$OPT_SSL" != Xoff &&
-       test "$OPENSSL_ENABLED" != "1"; then
-      AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
-    fi
   fi

   if test X"$OPENSSL_ENABLED" = X"1"; then
@@ -1889,6 +1884,11 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
   test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
 fi

+if test X"$with_ssl" != Xno &&
+  test "$OPENSSL_ENABLED" != "1"; then
+  AC_MSG_ERROR([--with-ssl was given but test for SSL failed])
+fi
+
 dnl **********************************************************************
 dnl Check for the random seed preferences
 dnl **********************************************************************

[bagder]

It should be noticed that the script does verify that the given prefix (if one is provided) includes the correct header file. And also, my attempts in landing a patch (see #3830) similar to mentioned here has failed so far...

[ihnorton]

Yes, this is simplified example. My original issue was due to the “-ldl -lpthread” link order issue, which caused OpenSSL detection to silently fail during the feature checks.

Thanks for submitting the fix (failures look like transient issue?)

[bagder]

No, the "fix" clearly fails on some builds so it's not adequate.