When support for nettle was added in 64f328c787, I overlooked
the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS
if the check succeeded, if a custom success code block was present.
(The previous version of the check had an empty block for
successful checks, adding the lib to LIBS implicitly.)
Therefore, explicitly add either nettle or gcrypt to LIBS, after
deciding which one to use. Even if they can be linked in
transitively, it is safer to actually link explicitly to them.
This fixes building with gnutls with linkers that don't allow
linking transitively, such as for windows.
Allow, at configure time, the production of versioned symbols. The
symbols will look like "CURL_<FLAVOUR>_<VERSION> <SYMBOL>", where
<FLAVOUR> represents the SSL flavour (e.g. OPENSSL, GNUTLS, NSS, ...),
<VERSION> is the major SONAME version and <SYMBOL> is the actual symbol
name. If no SSL library is enabled the symbols will be just
"CURL_<VERSION> <SYMBOL>".
If no SSLv2 was detected in OpenSSL by configure, then we enforce the
OPENSSL_NO_SSL2 define as it seems some people report it not being
defined properly in the OpenSSL headers.
configure.ac:1349: error: possibly undefined macro: PKG_CONFIG_LIBDIR
Obviously this is not a problem with pkg-config 0.26 but older versions
seem to show this.
Fix suggested by: Kamil Dudka
Reported by: Guenter
Bug: http://curl.haxx.se/mail/lib-2011-11/0298.html
Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb
Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb
Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED
Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE
Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE
Static function wb_ntlm_close renamed to ntlm_wb_cleanup
Static function wb_ntlm_initiate renamed to ntlm_wb_init
Static function wb_ntlm_response renamed to ntlm_wb_response
Feature string literal NTLM_SSO renamed to NTLM_WB.
Preprocessor symbol USE_NTLM_SSO renamed to WINBIND_NTLM_AUTH_ENABLED.
curl's 'long' option 'ntlm-sso' renamed to 'ntlm-wb'.
Fix some comments to make clear that this is actually a NTLM delegation.
IRIX 6.5.24 gcc 3.3 autobuilds fail unittests library compilation due to a
problem related with OpenSSL headers and library versions not matching.
All AIX autobuilds fails unit tests linking against unittests library due to
unittests library being built with no symbols or members. Libtool ?
Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE
for Samba's winbind daemon ntlm_auth helper code implementation and filename.
Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature
availability implementation independent.
For test harness, prefix NTLM_AUTH environment vars with CURL_
Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
"test -e" is POSIX but clearly was not supported by the SunOS sh
version, -f is supported and should be a decent equivalent
Bug: http://curl.haxx.se/bug/view.cgi?id=3371574
cross-compilation of unit tests static library/programs fails when
libcurl shared library is also built. This might be due to a libtool or
automake issue. In this case we disable unit tests.
Now use gai_strerror() to get proper error messages when getaddrinfo()
has failed. Detect the function in configure.
Code based on work and suggestions by Jeff Pohlmeyer and Guenter Knauf
The script didn't properly add the -lssh2 link option when it enabled
libssh2 linking where pkg-config isn't found.
Reported by: Saqib Ali
Bug: http://curl.haxx.se/mail/lib-2011-04/0054.html
configure.ac: Test harness libhostname library will not be built for Windows.
runtests.pl: LD_PRELOAD mechanism will not be used to load libhostname
library on operating systems which lack LD_PRELOAD support.
Added axTLS to autotool files and glue code to misc other files.
axtls.h maps SSL API functions, but may change.
axtls.c is just a stub file and will definitely change.
If --librtmp was specified but pkg-config could not find the librtmp
file, we would have undefined symbols when linking curl.
We prevent this error by disabling this case as suggested on the mailing
list.
Instead of reopening the downloaded file, fsetxattr uses the (already
open) file descriptor to attach extended attributes. This makes the
procedure more robust against errors caused by moved or deleted files.
setxattr is a glibc call to set extended attributes, so configure now
checks for it and the code is adapted to only build when the
functionality is present.
In libssh2 1.2.8, libssh2_session_handshake() replaces
libssh2_session_startup() to fix the previous portability problem with
the socket type that was too small for win64 and thus easily could cause
crashes and more.
... for example when LDAP is not compiled.
Fixed the logic to match the rest of the options' message that is we
update the default message only if the option is not disabled after the
different checks.
Reported by: Guenter Knauf
librtmp is often statically linked and using sub dependencies like
OpenSSL, so we need to make sure we can actually link with it properly
before enabling it. Otherwise we easily end up trying to link with a
RTMP lib that fails.
1 - libcurl assumes that there are gcrypt functions available when
GnuTLS is.
2 - GnuTLS can be built to use libnettle instead as crypto library,
which breaks assumption (1)
This change makes configure make sure that if GnuTLS is requested and
detected, it also makes sure that gcrypt is present or it errors
out. This is mostly a way to make the user more aware of this flaw, the
correct fix would be to detect which crypto layer that is in use and
adapt our code to use that instead of blindly assuming gcrypt.
Reported by: Michal Gorny
Bug: http://curl.haxx.se/bug/view.cgi?id=3071038
libssh2 1.2.6 and later handle >32bit file sizes properly even on 32bit
architectures and we make sure to use that ability.
Reported by: Mikael Johansson
Bug: http://curl.haxx.se/mail/lib-2010-08/0052.html
The curl-config now features a --built-shared command line option that
will output 'yes' or 'no' depending if the build process was asked to
build shared library/libraries or not.
It is primarily made to offer more details to the test suite to know
what kind of stunts it can expect to work.
This passes -Werror to gcc when building curl and libcurl,
allowing easy dection of compile warnings.
Signed-off-by: Ben Greear <greearb@candelatech.com>
configure checks for grep, egrep, sed and ar and set the variables GREP,
EGREP, SED and AR accordingly. We now let already set variables override
the internal choices to let users make decisions when they know the
right choice already. This is a regression as our configure script used
to allow this back before commit 0b57c475 (up to 7.18.2).
Reported by: "kdekker"
Bug: http://curl.haxx.se/bug/view.cgi?id=3028318
When configured with '--without-ssl --with-nss', NTLM authentication
now uses NSS crypto library for MD5 and DES. For MD4 we have a local
implementation in that case. More details are available at
https://bugzilla.redhat.com/603783
In order to get it working, curl_global_init() must be called with
CURL_GLOBAL_SSL or CURL_GLOBAL_ALL. That's necessary because NSS needs
to be initialized globally and we do so only when the NSS library is
actually required by protocol. The mentioned call of curl_global_init()
is responsible for creating of the initialization mutex.
There was also slightly changed the NSS initialization scenario, in
particular, loading of the NSS PEM module. It used to be loaded always
right after the NSS library was initialized. Now the library is
initialized as soon as any SSL or NTLM is required, while the PEM module
is prevented from being loaded until the SSL is actually required.
Enable OpenLDAP support for cygwin builds. This support was disabled back
in 2008 due to incompatibilities between OpenSSL and OpenLDAP headers.
cygwin's OpenSSL 0.9.8l and OpenLDAP 2.3.43 versions on cygwin 1.5.25
allow building an OpenLDAP enabled libcurl supporting back to Windows 95.
Remove non-functional CURL_LDAP_HYBRID code and references.
makes the LDAP code much cleaner, nicer and in general being a
better libcurl citizen. If a new enough OpenLDAP version is
detect, the new and shiny lib/openldap.c code is then used
instead of the old cruft
Code by Howard, minor cleanups by Daniel.
"The BSD version of PolarSSL was made for migratory purposes only and is not
maintained. The GPL version of PolarSSL is actually the only actively
developed version, so I would be very reluctant to use the BSD version." /
Paul Bakker, PolarSSL hacker.
Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>
This is Hoi-Ho Chan's patch with some minor fixes by me. There
are some potential issues in this, but none worse than we can
sort out on the list and over time.
On some ancient distributions such as RHEL-3, <gssapi/gssapi_krb5.h> needs
to be processed after <gssapi/gssapi.h>, but does not include it itself.
This patch checks for <gssapi/gssapi.h> first and then includes it
in the test for <gssapi/gssapi_krb5.h>, resolving the problem.
Without the patch, <gssapi/gssapi_krb5.h> is "present but cannot be
compiled".
ran into some issues with the GSSAPI tests in configure.ac. The tests first
try to determine the include dirs and libs and set CPPFLAGS and LIBS
accordingly. It then checks for the headers and finally sets LIBS a second
time, causing the libs to be included twice. The first setting of LIBS seems
redundant and should be left out, since the first part is otherwise just
about finding headers.
My second issue is that 'krb5-config --libs gssapi' on Darwin is less than
useless and returns junk that, while it happens to work with gcc, causes
clang to choke. For example, --libs returns $CFLAGS along with the libs,
which is really retarded. Simply setting 'LIBS="$LIBS -lgssapi_krb5
-lresolv"' on Darwin is sufficient.
being properly detected under certain circumstances. It had been caused by
strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config
distinguishes among empty and non-existent environment variable in that case.
for use by non-configure systems. As intended, configure would overwrite the
distributed one when doing in-tree builds. But VPATH builds would end having
two curlbuild.h files, one in the source tree and another in the build tree.
--with-nss is set but not "yes".
I think we can still improve that to check for pkg-config in that path etc,
but at least this patch brings back the same functionality we had before.
statically linking since libssh2 needs the SSL library link flags to be
set up already to satisfy its dependencies. This wouldn't be necessary
if the libssh2 configure check was changed to use pkg-config since the
--static flag would add the dependencies automatically.
when cross-compiling. The key to success is then you properly setup
PKG_CONFIG_PATH before invoking configure.
I also improved how NSS is detected by trying nss-config if pkg-config isn't
present, and as a last resort just use the lib name and force the user to
setup the LIBS/LDFLAGS/CFLAGS etc properly. The previous last resort would
add a range of various libs that would almost never be quite correct.
to detect gnutls build options with pkg-config only and not libgnutls-config
anymore since GnuTLS has stopped distributing that tool. If an explicit path
is given to configure, we will instead guess on how to link and use that
lib. I did not use the patch from the bug report.
by Daniel Black, I've now added magic to the configure script that makes it
use pkg-config to detect gnutls details as well if the existing method
(using libgnutls-config) fails. While doing this, I cleaned up and unified
the pkg-config usage when detecting openssl and nss as well.