On Jul 9, 2007, at 5:27 PM, Stephen Fisher wrote:
The current action taken by the configure script when the user
specifies
--with-ssl but gnutls is not found
This is confusing as hell.
First of all, "--with-ssl" really means "--with-ssl's--lcrypto-
library" - it doesn't cause us to link with -libssl, it causes us to
link with -lcrypto, which is presumed to be the OpenSSL crypto library
(or, at least, one that's close enough).
The reason why we ask about that is that, at least according to the
folks at the FSF, one of the licenses for OpenSSL is incompatible with
the GPL (both v2 and v3):
http://www.fsf.org/licensing/licenses/
(search for "OpenSSL license").
At least one of the reasons why we might need -lcrypto is that we use
NetSNMP to get information about particular SNMP variable bindings.
We don't need all the functionality of NetSNMP, we just need the
ability to read MIB files and find out what type a particular variable
is - but, unfortunately, as some of the unused functionality of
NetSNMP might require routines from -lcrypto, depending on how NetSNMP
was built, you might have to link with -lcrypto in order to get
NetSNMP. I don't know whether we use any -lcrypto routines elsewhere.
Should we make the configure script stop when it can't enable --with-
ssl
because gnutls is missing?
No. As indicated, "--with-ssl" doesn't ask for GNU TLS, it just asks
for a -lcrypto that is the OpenSSL one or a compatible one. (In
particular, it looks for a -lcrypto with a routine named EVP_md5().)
I didn't catch the message as it flew by and
saw SSL yes so I didn't realize it needed gnuTLS (I just figured it
could do it with openssl instead).
What is the "it" in "it needed gnuTLS"? The SSL decryption?
We might be able to use -libssl for that, or we might only need -
lcrypto; I don't know which, if any, of those are the case.
