On 08/03/2016 05:33 PM, Thomas Eriksson wrote:
On 08/03/2016 05:23 PM, Alice Wonder wrote:
On 08/03/2016 05:20 PM, Alice Wonder wrote:
On 08/03/2016 05:11 PM, Alice Wonder wrote:
I'm having a major frustration with curl.
When building curl, if libssl.so.10 is present the curl binary WILL link against it.
*snip*
Go ahead and ldd on the CentOS curl binary and library - you will see openssl linked even though the spec file has --disable-ssl and --enable-nss
It's clearly broken.
And building the CentOS curl package doesn't even BuildRequires the openssl-devel package.
It's linking against a library it doesn't have the headers for.
That's broken.
I haven't looked at how curl is built, butit is likely that the build links against some other package that is, in turn, built against OpenSSL.
You would not need the openssl-devel package to do that, only the runtime libraries.
It looks like that package could be libssh2...
It's not libssh2 because I built libssh2 against LibreSSL and tested it with ldd and it doesn't use OpenSSL nor pull it in.
And in trying to create a curl that doesn't link against anything TLS I put --disable-libssh2 into the configure.
The curl library respects that configure switch when building, the curl binary does not - it links against it anyway (mock pulls it in for other things, pulling in the version I built against OpenSSL)
I also built custom OpenSSH against LibreSSL (which required ripping out all the fips stuff) for the mock build too - it also isn't pulling in OpenSSL libs.
Something in the curl build will always link the binary against OpenSSL if the openssl-lib package is present, and will always link the library against OpenSSL if any TLS option is enabled in the configure.
This happens even openssl-devel is not installed in the mock build environment.