Skip to content
Commit 9cdd3bc7 authored by Hal Murray's avatar Hal Murray
Browse files

Fixup libcrypto check area so it checks for headers 

The idea was to explicit check for the required headers in order to
give a saner error message if they were missing.  That didn't happen
if pkg-config worked.
parent 19bd4641
Show whitespace changes
Inline Side-by-side
  • Matt Selsky @selsky ·
    Owner

    @hal.murray when did pkg-config work, but headers were still missing?

  • Hal Murray @hal.murray ·
    Maintainer

    @hal.murray when did pkg-config work, but headers were still missing?

    I have a very old system. It's too old to build ntpsec, but I have forgotten why. I wanted to know, so I tried it, expecting a sensible error message. It has an old OpenSSH that is missing openssl/cmac.h, and the check didn't work so it died with a missing include while trying to compile libntp/authkeys.c

    [ 2/93] Compiling libntp/authkeys.c In file included from ../../libntp/authkeys.c:15: ../../include/ntp_auth.h:8:26: error: openssl/cmac.h: No such file or directory

    We could add the ifdefs to avoid needing cmac.h, but nobody has complained since I added that code a month or three ago. There is an RFC in the pipeline deprecating the old stuff in favor of CMAC so that's a step in the wrong direction that I'd like to avoid.

    It's possible that no system that we support is old enough that it has an OpenSSL without cmac.h and we should just remove that chunk of code and/or add checking for cmac.h to the main checking place.

  • Gary E. Miller 💬 @garyedmundsmiller ·
    Maintainer

    I grabbed a copy of openssl git: https://github.com/openssl/openssl.git

    include/cmac.h dates to: Date: Sun Feb 7 18:01:07 2010 +0000

    Commit: 8c968e0355151e1e5033b6793b61320ff400c88a

    There is a movement to kill off SSL, TLS 1.1 and TLS 1.2, I'd be happy enough to draw the line of ntpsec support to sometime after Feb 2010.

  • Hal Murray @hal.murray ·
    Maintainer

    Gary said:

    There is a movement to kill off SSL, TLS 1.1 and TLS 1.2, I'd be happy enough to draw the line of ntpsec support to sometime after Feb 2010.

    Seems reasonable to me.

    The question is what should we do in wscript?

    Should we remove the checking since it is mostly useless? All it does is give a sensible error message in a very obscure case at the cost of 5 lines of clutter in the output from configure and a bit of code in wscript.

    Plan B would be to find a simpler way way to do the same sort of test. Just checking for cmac.h would catch the case of OpenSSL being installed without the -devel.

0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment