[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-dev
Subject: httpd-trunk/2.2 SSL_TOOLKIT nightmare
From: "William A. Rowe, Jr." <wrowe () rowe-clan ! net>
Date: 2007-01-24 22:37:28
Message-ID: 45B7DFA8.6050002 () rowe-clan ! net
[Download RAW message or body]
I'd like to propose one of a few solutions that the pkgconfig crap has caused
when --with-ssl=/path/to/ssl specifies a nonstandard location.
After evaluating that path, we proceed to pull up the irrelevant settings from
some default pkgconfig/openssl.pc that has nothing to do with /path/to/ssl
that was specified.
In my case, this caused me to descend into krb5 hell on 32+64 architectures.
But the problem would be universal whereever the chosen openssl package has
little to do with some system-installed openssl.
One thought; drop the detection altogether when --with-ssl=/path offers an
explicit path. Since the (correctly associated) openssl.pc offers valuable
hints, I don't think that's the best solution.
My second solution follows. The issue is that PKG_CONFIG_PATH doesn't use
it's knowledge to discern a path/lib64/pkgconfig/ from path/lib/pkgconfig,
in fact you must add the actual pkgconfig path to the search order.
But here's my thought for only delving into path/lib/pkgconfig; if the user
has built a custom openssl with the defaults, they will have a lib/ path,
the openssl configuration itself never offers to add lib64/ AFAIK.
The patch below offers a 'fallback' to bland pkgconfig; I don't know if we
really want to do this in the case that a user explicitly offered a path?
Comments, and alternative suggestions please?
--- acinclude.m4 22 Jan 2007 16:31:11 -0000 1.1
+++ acinclude.m4 24 Jan 2007 22:20:09 -0000 1.2
@@ -334,14 +334,17 @@
ap_ssltk_inc=""
ap_ssltk_lib=""
ap_ssltk_type=""
+ ap_ssltk_pkgconfig=""
dnl Determine the SSL/TLS toolkit's base directory, if any
AC_MSG_CHECKING(for SSL/TLS toolkit base)
+ ap_ssltk_pkgconfig="$PKGCONFIG"
AC_ARG_WITH(sslc, APACHE_HELP_STRING(--with-sslc=DIR,RSA SSL-C SSL/TLS
toolkit), [
dnl If --with-sslc specifies a directory, we use that directory or fail
if test "x$withval" != "xyes" -a "x$withval" != "x"; then
dnl This ensures $withval is actually a directory and that it is absolute
ap_ssltk_base="`cd $withval ; pwd`"
+ ap_ssltk_pkgconfig="PKG_CONFIG_PATH=$ap_ssltk_base/lib/pkgconfig
$PKGCONFIG"
fi
ap_ssltk_type="sslc"
])
@@ -350,8 +353,21 @@
if test "x$withval" != "xyes" -a "x$withval" != "x"; then
dnl This ensures $withval is actually a directory and that it is absolute
ap_ssltk_base="`cd $withval ; pwd`"
+ ap_ssltk_pkgconfig="PKG_CONFIG_PATH=$ap_ssltk_base/lib/pkgconfig
$PKGCONFIG"
fi
])
+ if test -n "$PKGCONFIG"; then
+ eval "$ap_ssltk_pkgconfig openssl"
+ if test $? -ne 0; then
+ ap_ssltk_pkgconfig="$PKGCONFIG"
+ eval "$ap_ssltk_pkgconfig openssl"
+ if test $? -ne 0; then
+ ap_ssltk_pkgconfig=""
+ fi
+ fi
+ else
+ ap_ssltk_pkgconfig=""
+ fi
if test "x$ap_ssltk_base" = "x"; then
AC_MSG_RESULT(none)
else
@@ -386,12 +402,9 @@
])
dnl Look for additional, possibly missing headers
AC_CHECK_HEADERS(openssl/engine.h)
- if test -n "$PKGCONFIG"; then
- $PKGCONFIG openssl
- if test $? -eq 0; then
- ap_ssltk_inc="$ap_ssltk_inc `$PKGCONFIG --cflags-only-I openssl`"
- CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
- fi
+ if test -n "$ap_ssltk_pkgconfig"; then
+ ap_ssltk_inc="$ap_ssltk_inc `$ap_ssltk_pkgconfig --cflags-only-I
openssl`"
+ CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
fi
else
AC_MSG_RESULT([no OpenSSL headers found])
@@ -480,12 +493,9 @@
# Put SSL libraries in SSL_LIBS.
if test "$ap_ssltk_type" = "openssl"; then
APR_SETVAR(SSL_LIBS, [-lssl -lcrypto])
- if test -n "$PKGCONFIG"; then
- $PKGCONFIG openssl
- if test $? -eq 0; then
- ap_ssltk_libdep=`$PKGCONFIG --libs openssl`
- APR_ADDTO(SSL_LIBS, $ap_ssltk_libdep)
- fi
+ if test -n "$ap_ssltk_pkgconfig"; then
+ ap_ssltk_libdep=`$ap_ssltk_pkgconfig --libs openssl`
+ APR_ADDTO(SSL_LIBS, $ap_ssltk_libdep)
fi
else
APR_SETVAR(SSL_LIBS, [-lsslc])
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic