On 12/03/2013 06:28 PM, Pádraig Brady wrote: > On 12/03/2013 05:47 PM, Paul Eggert wrote: >> Perhaps I'm reading too much into the standards, but that's how >> --with-jpeg etc. behave in GNU Emacs 'configure'. > > Well I agree, that's how I expect --with options to work generally. > Making the existing gnulib --with options consistent in this regard > might be awkward due to backwards compat though. > > So to have --with-openssl[=yes] fail without libcrypto > we'd have something along the lines of:
I've installed the attached to have --with-openssl mandate the use of libcrypto. thanks, Pádraig.
>From 8209e72bf20d2b582384e91fde65df4f848a3a04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <[email protected]> Date: Tue, 3 Dec 2013 13:53:03 +0000 Subject: [PATCH] md5, sha1, sha256, sha512: support mandating use of openssl * m4/gl-openssl.m4 (gl_CRYPTO_CHECK): Adjust the --with-openssl description, to list the now 3 separate options. Also don't mention the default=no, since this is implicit given the option is described as --with-openssl rather than --without-openssl. If projects change the default they're free to document that. With --with-openssl[=yes] we now error out when the specified hash algorithm is not available in libcrypto. --- ChangeLog | 11 +++++++++++ m4/gl-openssl.m4 | 9 ++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3389905..50a16ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2013-12-03 Pádraig Brady <[email protected]> + + md5, sha1, sha256, sha512: support mandating use of openssl + * m4/gl-openssl.m4 (gl_crypto_check): Adjust the --with-openssl + description, to list the now 3 separate options. also don't + mention the default=no, since this is implicit given the option + is described as --with-openssl rather than --without-openssl. + If projects change the default they're free to document that. + with --with-openssl[=yes] we now error out when the specified + hash algorithm is not available in libcrypto. + 2013-12-03 Ivailo <[email protected]> test-xvasprintf: (trivial) fix to disable some -Wformat-security diags diff --git a/m4/gl-openssl.m4 b/m4/gl-openssl.m4 index f6c55b2..85bf85f 100644 --- a/m4/gl-openssl.m4 +++ b/m4/gl-openssl.m4 @@ -8,7 +8,8 @@ AC_DEFUN([gl_CRYPTO_CHECK], [ AC_ARG_WITH([openssl], [AS_HELP_STRING([--with-openssl], - [use libcrypto hash routines if available: default=no])], + [use libcrypto hash routines. Valid ARGs are: + 'yes', 'no', 'optional' => use if available])], [], [with_openssl=no]) @@ -26,8 +27,10 @@ AC_DEFUN([gl_CRYPTO_CHECK], [LIB_CRYPTO='-lcrypto' AC_DEFINE([HAVE_OPENSSL_$1],[1], [Define to 1 if libcrypto is used for $1])])]) - if test "x$with_openssl" = xyes; then - if test "x$LIB_CRYPTO" = x; then + if test "x$LIB_CRYPTO" = x; then + if test "x$with_openssl" = xyes; then + AC_MSG_ERROR([openssl development library not found for $1]) + else AC_MSG_WARN([openssl development library not found for $1]) fi fi -- 1.7.7.6
