Subject: Re: crypto library checks [was: 1.8.0]

Re: crypto library checks [was: 1.8.0]

From: Peter Stuge <>
Date: Thu, 27 Oct 2016 00:35:42 +0000

Good stuff!

I'm back on axTLS after hunting bugs in other software for some time.

While reworking I found an issue..

Daniel Stenberg wrote:
> o configure: make the --with-* options override the OpenSSL default

Maybe it's related, but I don't think so..

Both --with-openssl and --with-libssl-prefix are fine,
does exactly the right thing there, but for libgcrypt and mbedtls the
following problems hold true:

* Neither --without-x nor --with-x=no makes configure skip the check
  and disregard a found library.

* --with-x=/path is prefered over --with-x-prefix=/path

The former is "accepted" by libssh2-specific code in acinclude.m4:
($use_libgcrypt gets set to the value of --with-libgcrypt=)

  if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
    LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
    CFLAGS="$CFLAGS -I$use_libgcrypt/include"

And this code comes before AC_LIB_HAVE_LINKFLAGS(), which is what
creates and parses the --with-x-prefix= options.

The AC_LIB_HAVE_LINKFLAGS() call is furthermore unconditional, which
is why --without-x still makes configure check for and accept x. I've
fixed that by putting the call inside of:

if test "$use_libgcrypt" != "no"; then

But it should be similar to what happens for OpenSSL and I'd also
like to remove the LDFLAGS and CFLAGS stuff; AC_LIB_HAVE_LINKFLAGS
already sets LTLIBGCRYPT and LTLIBMBEDTLS anyway.

Any objections?

Received on 2016-10-27