Makes the option more explicit.
Closes #6887
macosx-version-min: 10.8
- name: OpenSSL metalink
install: nghttp2 openssl libmetalink
- configure: --enable-debug --with-ssl=/usr/local/opt/openssl --with-libmetalink
+ configure: --enable-debug --with-openssl=/usr/local/opt/openssl --with-libmetalink
macosx-version-min: 10.9
- name: LibreSSL metalink
install: nghttp2 libressl libmetalink
- configure: --enable-debug --with-ssl=/usr/local/opt/libressl --with-libmetalink
+ configure: --enable-debug --with-openssl=/usr/local/opt/libressl --with-libmetalink
macosx-version-min: 10.9
- name: torture
install: nghttp2 openssl
- libbrotli-dev
- libzstd-dev
- env:
- - T=novalgrind BORINGSSL=yes C="--with-ssl=$HOME/boringssl" LD_LIBRARY_PATH=/home/travis/boringssl/lib:/usr/local/lib
+ - T=novalgrind BORINGSSL=yes C="--with-openssl=$HOME/boringssl" LD_LIBRARY_PATH=/home/travis/boringssl/lib:/usr/local/lib
- OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8"
before_install:
- eval "$(gimme stable)"; gimme --list # Install latest Go (for boringssl)
- env:
- - T=novalgrind QUICHE="yes" C="--with-ssl=$HOME/quiche/deps/boringssl/src --with-quiche=$HOME/quiche/target/release" LD_LIBRARY_PATH=$HOME/quiche/target/release:/usr/local/lib
+ - T=novalgrind QUICHE="yes" C="--with-openssl=$HOME/quiche/deps/boringssl/src --with-quiche=$HOME/quiche/target/release" LD_LIBRARY_PATH=$HOME/quiche/target/release:/usr/local/lib
- OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8"
addons:
apt:
- libbrotli-dev
- libzstd-dev
- env:
- - T=novalgrind LIBRESSL=yes C="--with-ssl=$HOME/libressl" LD_LIBRARY_PATH=/home/travis/libressl/lib:/usr/local/lib
+ - T=novalgrind LIBRESSL=yes C="--with-openssl=$HOME/libressl" LD_LIBRARY_PATH=/home/travis/libressl/lib:/usr/local/lib
- OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8"
- env:
- - T=novalgrind NGTCP2=yes C="--with-ssl=$HOME/ngbuild --with-ngtcp2=$HOME/ngbuild --with-nghttp3=$HOME/ngbuild" NOTESTS=
+ - T=novalgrind NGTCP2=yes C="--with-openssl=$HOME/ngbuild --with-ngtcp2=$HOME/ngbuild --with-nghttp3=$HOME/ngbuild" NOTESTS=
- OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8"
addons:
apt:
- libbrotli-dev
- libzstd-dev
- env:
- - T=debug OPENSSL3="yes" C="--with-ssl=$HOME/openssl3" LD_LIBRARY_PATH=/home/travis/openssl3/lib:/usr/local/lib TFLAGS="https ftps"
+ - T=debug OPENSSL3="yes" C="--with-openssl=$HOME/openssl3" LD_LIBRARY_PATH=/home/travis/openssl3/lib:/usr/local/lib TFLAGS="https ftps"
- OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8"
addons:
apt:
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
make
ssl:
- ./configure --with-ssl
+ ./configure --with-openssl
make
mingw32:
make
cygwin-ssl:
- ./configure --with-ssl
+ ./configure --with-openssl
make
amiga:
dnl
dnl initialize all the info variables
- curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )"
+ curl_ssl_msg="no (--with-{openssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )"
curl_ssh_msg="no (--with-{libssh,libssh2})"
curl_zlib_msg="no (--with-zlib)"
curl_brotli_msg="no (--with-brotli)"
dnl Default to no CA bundle
ca="no"
AC_ARG_WITH(ssl,dnl
-AS_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option])
-AS_HELP_STRING([--without-ssl], [disable OpenSSL]),
+AS_HELP_STRING([--with-ssl=PATH],[old version of --with-openssl])
+AS_HELP_STRING([--without-ssl], [old version of --without-openssl]),
+ OPT_SSL=$withval)
+
+AC_ARG_WITH(openssl,dnl
+AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option])
+AS_HELP_STRING([--without-openssl], [disable OpenSSL]),
OPT_SSL=$withval)
if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
case "$OPT_SSL" in
yes)
- dnl --with-ssl (without path) used
+ dnl --with-openssl (without path) used
PKGTEST="yes"
PREFIX_OPENSSL=/usr/local/ssl
LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
;;
off)
- dnl no --with-ssl option given, just check default places
+ dnl no --with-openssl option given, just check default places
PKGTEST="yes"
PREFIX_OPENSSL=
;;
*)
- dnl check the given --with-ssl spot
+ dnl check the given --with-openssl spot
PKGTEST="no"
PREFIX_OPENSSL=$OPT_SSL
AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
PKGTEST="yes"
elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
- AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-ssl prefix!])
+ AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
fi
dnl in case pkg-config comes up empty, use what we got
- dnl via --with-ssl
+ dnl via --with-openssl
LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
if test "$PREFIX_OPENSSL" != "/usr" ; then
SSL_LDFLAGS="-L$LIB_OPENSSL"
dnl use the values pkg-config reported. This is here
dnl instead of below with CPPFLAGS and LDFLAGS because we only
dnl learn about this via pkg-config. If we only have
- dnl the argument to --with-ssl we don't know what
+ dnl the argument to --with-openssl we don't know what
dnl additional libs may be necessary. Hope that we
dnl don't need any.
LIBS="$SSL_LIBS $LIBS"
# only set this if pkg-config wasn't used
CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
fi
- # Linking previously failed, try extra paths from --with-ssl or pkg-config.
- # Use a different function name to avoid reusing the earlier cached result.
+ # Linking previously failed, try extra paths from --with-openssl or
+ # pkg-config. Use a different function name to avoid reusing the earlier
+ # cached result.
AC_CHECK_LIB(crypto, HMAC_Init_ex,[
HAVECRYPTO="yes"
LIBS="-lcrypto $LIBS"], [
test "$OPENSSL_ENABLED" != "1"; then
AC_MSG_NOTICE([OPT_SSL: $OPT_SSL])
AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
- AC_MSG_ERROR([--with-ssl was given but OpenSSL could not be detected])
+ AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
fi
dnl **********************************************************************
in
x)
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
- AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this.])
+ AC_MSG_WARN([Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl, --with-bearssl or --with-rustls to address this.])
;;
x1)
# one SSL backend is enabled
% git clone https://github.com/curl/curl
% cd curl
% ./buildconf
- % LDFLAGS="-Wl,-rpath,<somewhere1>/lib" ./configure --with-ssl=<somewhere1> --with-nghttp3=<somewhere2> --with-ngtcp2=<somewhere3>
+ % LDFLAGS="-Wl,-rpath,<somewhere1>/lib" ./configure --with-openssl=<somewhere1> --with-nghttp3=<somewhere2> --with-ngtcp2=<somewhere3>
% make
## Build with GnuTLS
% git clone https://github.com/curl/curl
% cd curl
% ./buildconf
- % ./configure --without-ssl --with-gnutls=<somewhere1> --with-nghttp3=<somewhere2> --with-ngtcp2=<somewhere3>
+ % ./configure --without-openssl --with-gnutls=<somewhere1> --with-nghttp3=<somewhere2> --with-ngtcp2=<somewhere3>
% make
# quiche version
% git clone https://github.com/curl/curl
% cd curl
% ./buildconf
- % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-ssl=$PWD/../quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release
+ % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release
% make
## Run
path for your compiler/linker, you don't need to do anything special. If you
have OpenSSL installed in `/usr/local/ssl`, you can run configure like:
- ./configure --with-ssl
+ ./configure --with-openssl
If you have OpenSSL installed somewhere else (for example, `/opt/OpenSSL`) and
you have pkg-config installed, set the pkg-config path first, like this:
- env PKG_CONFIG_PATH=/opt/OpenSSL/lib/pkgconfig ./configure --with-ssl
+ env PKG_CONFIG_PATH=/opt/OpenSSL/lib/pkgconfig ./configure --with-openssl
Without pkg-config installed, use this:
- ./configure --with-ssl=/opt/OpenSSL
+ ./configure --with-openssl=/opt/OpenSSL
If you insist on forcing a build without SSL support, even though you may
have OpenSSL installed in your system, you can run configure like this:
- ./configure --without-ssl
+ ./configure --without-openssl
If you have OpenSSL installed, but with the libraries in one place and the
header files somewhere else, you have to set the `LDFLAGS` and `CPPFLAGS`
linker doesn't find them (which usually causes configure failures), you can
provide this option to gcc to set a hard-coded path to the run-time linker:
- LDFLAGS=-Wl,-R/usr/local/ssl/lib ./configure --with-ssl
+ LDFLAGS=-Wl,-R/usr/local/ssl/lib ./configure --with-openssl
## More Options
The default OpenSSL configure check will also detect and use BoringSSL or
libressl.
- - GnuTLS: `--without-ssl --with-gnutls`.
- - wolfSSL: `--without-ssl --with-wolfssl`
- - NSS: `--without-ssl --with-nss`
- - mbedTLS: `--without-ssl --with-mbedtls`
- - schannel: `--without-ssl --with-schannel`
- - secure transport: `--without-ssl --with-secure-transport`
- - MesaLink: `--without-ssl --with-mesalink`
- - BearSSL: `--without-ssl --with-bearssl`
+ - GnuTLS: `--without-openssl --with-gnutls`.
+ - wolfSSL: `--without-openssl --with-wolfssl`
+ - NSS: `--without-openssl --with-nss`
+ - mbedTLS: `--without-openssl --with-mbedtls`
+ - schannel: `--without-openssl --with-schannel`
+ - secure transport: `--without-openssl --with-secure-transport`
+ - MesaLink: `--without-openssl --with-mesalink`
+ - BearSSL: `--without-openssl --with-bearssl`
# Windows
On modern Apple operating systems, curl can be built to use Apple's SSL/TLS
implementation, Secure Transport, instead of OpenSSL. To build with Secure
Transport for SSL/TLS, use the configure option `--with-secure-transport`
-or `--with-darwin-ssl`. (It is not necessary to use the option `--without-ssl`.)
+or `--with-darwin-ssl`. (It is not necessary to use the option `--without-openssl`.)
When Secure Transport is in use, the curl options `--cacert` and `--capath`
and their libcurl equivalents, will be ignored, because Secure Transport uses
`libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy `include/openssl` to
`$TOOLCHAIN/sysroot/usr/include`. Now you can build curl for Android using
OpenSSL like this:
-
- ./configure --host aarch64-linux-android --with-pic --disable-shared --with-ssl="$TOOLCHAIN/sysroot/usr"
+
+ ./configure --host aarch64-linux-android --with-pic --disable-shared --with-openssl="$TOOLCHAIN/sysroot/usr"
Note, however, that you must target at least Android M (API level 23) or `configure`
won't be able to detect OpenSSL since `stderr` (and the like) weren't defined
- `--enable-hidden-symbols` (eliminates unneeded symbols in the shared library)
- `--without-libidn` (disables support for the libidn DNS library)
- `--without-librtmp` (disables support for RTMP)
- - `--without-ssl` (disables support for SSL/TLS)
+ - `--without-openssl` (disables support for SSL/TLS)
- `--without-zlib` (disables support for on-the-fly decompression)
The GNU compiler and linker have a number of options that can reduce the
13.4 Cache/share OpenSSL contexts
13.5 Export session ids
13.6 Provide callback for cert verification
- 13.7 improve configure --with-ssl
+ 13.7 improve configure --with-openssl
13.8 Support DANE
13.9 TLS record padding
13.10 Support Authority Information Access certificate extension (AIA)
certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
it be? There's so much that could be done if it were!
-13.7 improve configure --with-ssl
+13.7 improve configure --with-openssl
- make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
- then NSS...
+ Consider making the configure script not guess which TLS library to use (as
+ it makes it harder to purposely select another library than the default).
+ Maybe require specific TLS library option(s) or an explicit no-TLS-at-all
+ option.
13.8 Support DANE
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
if (!$confopts) {
if ($infixed < 4) {
print "please enter your additional arguments to configure\n";
- print "examples: --with-ssl --enable-debug --enable-ipv6 --with-krb4\n";
+ print "examples: --with-openssl --enable-debug --enable-ipv6\n";
$confopts = <>;
chomp $confopts;
}
projects / thirdparty / curl.git / commitdiff
