On 08/03/2016 05:33 PM, Thomas Eriksson wrote: > On 08/03/2016 05:23 PM, Alice Wonder wrote: >> On 08/03/2016 05:20 PM, Alice Wonder wrote: >>> On 08/03/2016 05:11 PM, Alice Wonder wrote: >>>> I'm having a major frustration with curl. >>>> >>>> When building curl, if libssl.so.10 is present the curl binary WILL link >>>> against it. >>> >>> *snip* >>> >>> Go ahead and ldd on the CentOS curl binary and library - you will see >>> openssl linked even though the spec file has --disable-ssl and >>> --enable-nss >>> >>> It's clearly broken. >>> >> >> And building the CentOS curl package doesn't even BuildRequires the >> openssl-devel package. >> >> It's linking against a library it doesn't have the headers for. >> >> That's broken. > > I haven't looked at how curl is built, butit is likely that the build > links against some other package that is, in turn, built against > OpenSSL. > > You would not need the openssl-devel package to do that, only the > runtime libraries. > > It looks like that package could be libssh2... It's not libssh2 because I built libssh2 against LibreSSL and tested it with ldd and it doesn't use OpenSSL nor pull it in. And in trying to create a curl that doesn't link against anything TLS I put --disable-libssh2 into the configure. The curl library respects that configure switch when building, the curl binary does not - it links against it anyway (mock pulls it in for other things, pulling in the version I built against OpenSSL) I also built custom OpenSSH against LibreSSL (which required ripping out all the fips stuff) for the mock build too - it also isn't pulling in OpenSSL libs. Something in the curl build will always link the binary against OpenSSL if the openssl-lib package is present, and will always link the library against OpenSSL if any TLS option is enabled in the configure. This happens even openssl-devel is not installed in the mock build environment.