From f3df524b625c1492a9d72ec5d36cb08471296e47 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 20 Sep 2010 23:05:23 +0200 Subject: [PATCH] configure: check for gcrypt if using GnuTLS 1 - libcurl assumes that there are gcrypt functions available when GnuTLS is. 2 - GnuTLS can be built to use libnettle instead as crypto library, which breaks assumption (1) This change makes configure make sure that if GnuTLS is requested and detected, it also makes sure that gcrypt is present or it errors out. This is mostly a way to make the user more aware of this flaw, the correct fix would be to detect which crypto layer that is in use and adapt our code to use that instead of blindly assuming gcrypt. Reported by: Michal Gorny Bug: http://curl.haxx.se/bug/view.cgi?id=3071038 --- configure.ac | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/configure.ac b/configure.ac index ada4718..eaf57f9 100644 --- a/configure.ac +++ b/configure.ac @@ -1734,6 +1734,20 @@ if test "$OPENSSL_ENABLED" != "1"; then fi dnl OPENSSL != 1 +dnl --- +dnl If GnuTLS is enabled, we MUST verify that it uses libgcrypt since +dnl curl code relies on that but recent GnuTLS versions can in fact build +dnl with different crypto libraries which curl right now cannot handle +dnl --- + +if test "$GNUTLS_ENABLED" = "1"; then + AC_CHECK_LIB(gcrypt, + gcry_control, , + [ + AC_MSG_ERROR([need GnuTLS built with gcrypt to function with GnuTLS]) + ]) +fi + dnl ---------------------------------------------------- dnl check for PolarSSL dnl ---------------------------------------------------- -- 2.7.4