Kamil Dudka <[EMAIL PROTECTED]> writes: > On Sunday 07 September 2008 02:05:07 Kalle Olavi Niemitalo wrote: >> Because you don't consider the nss_compat_ossl support stable, >> I think the configure script should select it only if the user >> explicitly requests it or no other SSL library is available. > I consider nss_compat_ossl support stable, but it has not been tested by > users > yet. If it will be used by default, we can get more experiences from users to > declare it stable.
Perhaps your ELinks changes are stable. However, nss_compat_ossl
0.9.2 itself is not stable enough. Its SSL_library_init() calls
exit(1) with no error message at all if NSS_Init(certDir) fails.
That is just ridiculous; ELinks should still be able to access
non-SSL sites.
Please change the configure script to select nss_compat_ossl only
if explicitly requested by the user. ELinks should not use it by
default, even if no other SSL library is available. This can be
revisited after an improved version of nss_compat_ossl has been
released and the configure script can check the version.
Also, the configure script should remove NSS from CFLAGS and LIBS
again if it notices nss_compat_ossl has not been installed.
diff --git a/configure.in b/configure.in
index 06f66db..4c52802 100644
--- a/configure.in
+++ b/configure.in
@@ -982,7 +982,9 @@ if test "$with_nss_compat_ossl" != "no"; then
AC_CHECK_LIB(nss_compat_ossl, X509_free,, [with_nss_compat_ossl=no])
fi
-if test "$with_nss_compat_ossl" != "no"; then
+if test "$with_nss_compat_ossl" = "no"; then
+ EL_RESTORE_FLAGS
+else
LIBS="$LIBS -lnss_compat_ossl"
EL_CONFIG(CONFIG_NSS_COMPAT_OSSL, [nss_compat_ossl])
disable_openssl="yes"
Your patch added a NEWS entry into the section about ELinks 0.11.3,
which has already been released. I will move that to the right
place. Also, I would like to refer to the Fedora bugzilla:
* Fedora enhancement 346861: Add support for nss_compat_ossl library
(OpenSSL replacement).
unless you have something against this.
I had some trouble building nss_compat_ossl 0.9.2 on Debian:
- Here, the libnss3-dev package contains e.g. /usr/include/nss/ssl.h, and
pkg-config --cflags nss outputs "-I/usr/include/nss -I/usr/include/nspr",
but nss_compat_ossl-0.9.2/src/nss_compat_ossl.h does #include <nss3/ssl.h>.
As there is no actual nss3 directory, nor a symlink, this does not work.
- Likewise with #include <nspr4/nspr.h>.
- Similarly, we have /usr/lib/nss/libsoftokn3.so, but pkg-config --libs nss
does not output any -L options, so -lsoftokn3 in
nss_compat_ossl-0.9.2/src/Makefile.am doesn't find the library;
however, if I remove that -lsoftokn3, then nss_compat_ossl builds.
Browsing the source code, I noticed RAND_load_file() can get
stuck in a loop if I/O errors occur: fread() and feof() both
return 0. And RAND_write_file() should check for errors on
fwrite() and fclose(). I gave up on reviewing ssl.c because
I don't know NSPR and SSL well enough.
pgpr80pZBFGls.pgp
Description: PGP signature
_______________________________________________ elinks-dev mailing list elinks-dev@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-dev
