aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2010-09-20 23:05:23 +0200
committerDaniel Stenberg <daniel@haxx.se>2010-09-20 23:19:07 +0200
commitf3df524b625c1492a9d72ec5d36cb08471296e47 (patch)
tree94332bc4eb0c0042d214c1b24f6f12147f46cfe4
parentc47148f14213505b964d1fa928e3603143423e00 (diff)
configure: check for gcrypt if using GnuTLS
1 - libcurl assumes that there are gcrypt functions available when GnuTLS is. 2 - GnuTLS can be built to use libnettle instead as crypto library, which breaks assumption (1) This change makes configure make sure that if GnuTLS is requested and detected, it also makes sure that gcrypt is present or it errors out. This is mostly a way to make the user more aware of this flaw, the correct fix would be to detect which crypto layer that is in use and adapt our code to use that instead of blindly assuming gcrypt. Reported by: Michal Gorny Bug: http://curl.haxx.se/bug/view.cgi?id=3071038
-rw-r--r--configure.ac14
1 files changed, 14 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index ada471814..eaf57f9d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1734,6 +1734,20 @@ if test "$OPENSSL_ENABLED" != "1"; then
fi dnl OPENSSL != 1
+dnl ---
+dnl If GnuTLS is enabled, we MUST verify that it uses libgcrypt since
+dnl curl code relies on that but recent GnuTLS versions can in fact build
+dnl with different crypto libraries which curl right now cannot handle
+dnl ---
+
+if test "$GNUTLS_ENABLED" = "1"; then
+ AC_CHECK_LIB(gcrypt,
+ gcry_control, ,
+ [
+ AC_MSG_ERROR([need GnuTLS built with gcrypt to function with GnuTLS])
+ ])
+fi
+
dnl ----------------------------------------------------
dnl check for PolarSSL
dnl ----------------------------------------------------