[stunnel-users] [BUG] SSL directory scan breaks cross-compilation

Michal Trojnara Michal.Trojnara at mirt.net
Mon Nov 3 12:40:54 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Spencer wrote:

> the concept of searching for a library directory is completely
> broken. if just adding -lssl -lcrypto to LDFLAGS doesnt find the
> openssl libraries at link time, the user's compiler toolchain is
> wrongly set up, and its not the job of a package to work around
> that by searching through a number of directories. it's the user's
> job to fix his toolchain by supplying the right -L paths in case
> he's got his library installed in a non-standard location.

So is the concept of installing headers by default in
/usr/local/ssl/include rather than /usr/local/include...

> also, there's pkg-config (which supports crosscompilation via a
> PKG_CONFIG_SYSROOT_DIR env var) in case a library needs elaborate
> CFLAGS.

Do you suggest that stunnel should also require pkg-config as a
building prerequisite?

> the libtool turns -lssl into /lib/libssl.so, because it's on old
> version of libtool that doesnt respect the --with-sysroot configure
> flag.
> 
> since this didnt happen with 5.02, it looks strongly as if the
> latest release was created on a different box with a way older
> autoconf and libtoolize installed than 5.02.

Thank you.  I'll make sure the next release is built with a newer libtool.

> another issue is that -I/usr/kerberos/include is passed to the
> build. this is another hardcoded and wrong path somewhere in the
> buildsystem which would break my build in case i had kerberos
> installed on my box. in that case it would pull in host headers
> rather than headers from my x-compile sysroot. fortunately i don't
> have it.

Your other headers would also need to include a kerberos header, and
your your OS would need to have RedHat-specific /usr/kerberos/include,
right?  I doubt it to be a real risk, so I implemented the simplest
possible workaround (vide: KISS principle).

What about changing -I/usr/kerberos/include to -I=/usr/kerberos/include
(i.e. relative to sysroot)?

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRXacYACgkQ/NU+nXTHMtGMSwCggZvMh+WvSveAVZ0M91afYPuo
4J8AnRPc71C+TagkAUBxMHyRZWUX8rPy
=WUQu
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list