-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
configure: make the TLS library choice(s) explicit #6897
Conversation
why? this will break some builds and seems unnecessary |
Any kind of auto-detection have to use an order of detecting the libraries that makes us have to choose that order of preference. This way, we remove ourselves from making that decision. Without a change like this, we implicitly say that OpenSSL is to prefer, while I'm not sure that's a good leg to lean on forever. (I also wanted to remove the need for |
7a80beb
to
48d6bdd
Compare
@mback2k it'd be great if you could update your buildbots' configure invokes to use |
This change highlights an existing problem we didn't notice before: the three azure pipelines builds With this change, those configure runs instead return failure. Ie the problem exists since before this change, but now we see it better. @mback2k do you know what we can do to make openssl detected and used in those builds? |
The appveyor builds similarly build without TLS enabled (== fail to detect any). I'll try to enable schannel for those. |
efb48f5
to
5a2438b
Compare
configure no longer tries to find a TLS library by default, but all libraries are now equal: the user needs to explicitly ask what TLS library or libraries to use. If no TLS library is selected, configure will error out unless --without-ssl is explicitly used to request a built without TLS (as that is very rare these days). Removes: --with-winssl, --with-darwinssl and all --without-* options for TLS libraries. Closes #6897
c8c6552
to
0937c85
Compare
Done since yesterday evening.
No idea yet, but I will look into this over the weekend. |
configure no longer tries to find a TLS library by default, but all libraries are now equal: the user needs to explicitly ask what TLS library or libraries to use. If no TLS library is selected, configure will error out unless --without-ssl is explicitly used to request a built without TLS (as that is very rare these days). Removes: --with-winssl, --with-darwinssl and all --without-* options for TLS libraries. Closes #6897
0937c85
to
dad89ce
Compare
After checking the available packages for classic MinGW, I think there is no native OpenSSL package available. Just the msys1-environment specific msys-openssl package that won't work for native Windows builds and is most likely already present in the build environment due to being a dependency of other packages. So I guess we have 2 options now:
|
While option 2 basically restores the previous CI situation. Another option could be to build OpenSSL for these CI variants, but I don't think it's worth the effort. |
ok, let's switch off TLS in those builds for now |
configure no longer tries to find a TLS library by default, but all libraries are now equal: the user needs to explicitly ask what TLS library or libraries to use. If no TLS library is selected, configure will error out unless --without-ssl is explicitly used to request a built without TLS (as that is very rare these days). Removes: --with-winssl, --with-darwinssl and all --without-* options for TLS libraries. Closes #6897
dad89ce
to
9ecbd08
Compare
Fixes test 1165 when functions are moved from configure.ac to files in m4/
configure no longer tries to find a TLS library by default, but all libraries are now equal: the user needs to explicitly ask what TLS library or libraries to use. If no TLS library is selected, configure will error out unless --without-ssl is explicitly used to request a built without TLS (as that is very rare these days). Removes: --with-winssl, --with-darwinssl and all --without-* options for TLS libraries. Closes #6897
... and put those functions in separate m4 files per TLS library.
48490b2
to
997ed8e
Compare
- Related PR: curl/curl#6897 Co-authored-by: Brayan Henao <bhenao@vmware.com>
Contains fixes for the following vulnerabilities in 7.76.1: * CVE-2021-22897 * CVE-2021-22898 * CVE-2021-22901 Also explicitly use OpenSSL as the TLS library, which is necessary following the merge of curl/curl#6897.
Contains fixes for the following vulnerabilities in 7.76.1: * CVE-2021-22897 * CVE-2021-22898 * CVE-2021-22901 Also explicitly use OpenSSL as the TLS library, which is necessary following the merge of curl/curl#6897.
Contains fixes for the following vulnerabilities in 7.76.1: * CVE-2021-22897 * CVE-2021-22898 * CVE-2021-22901 Also explicitly use OpenSSL as the TLS library, which is necessary following the merge of curl/curl#6897.
It's actually a bit worse: it does not break builds. At least here, I was building Git for Windows' cURL package using |
Oh, you mean when you actually wanted schannel and OpenSSL ... I didn't think about case that's true! 😞 |
Not a big deal, but do you think there might be a way to error out upon unhandled |
It was similar for me: I had |
#7994 should fix the handling of |
With this, configure no longer tries to find a TLS library by default, but all libraries are now equal: the user needs to explicitly ask what TLS library or libraries to use.
If no TLS library is selected, configure will error out unless
--without-ssl
is explicitly used to request a build without TLS (as that is rare these days).Update: this also removes
--with-winssl
and--with-darwinssl
as they've been deprecated since 2019