[openssl-users] Configure with both options "no-comp" and "zlib"
Axel Luttgens
axel.luttgens at skynet.be
Sat Jan 30 16:34:18 UTC 2016
Hello,
According to this thread:
http://openssl.6102.n7.nabble.com/config-and-no-zlib-td42924.html
it would make sense to execute Configure with both "no-comp" and "zlib" options.
If I understand correctly, this would avoid to have the openssl library to use compression for SSL/TLS by default while still having compression available for command line tools.
However, using both options leads to a failure here (please see details for openssl-1.0.2f at the end of this message).
So, first of all, does it really make sense to configure with both options? Or am I just plain wrong with my understanding of, for example, the INSTALL file, the comments at the beginning of Configure, the reasonings in above thread?
Otherwise, perhaps am I missing an important step in my configure/build attempts?
TIA,
Axel
Configuring for darwin64-x86_64-cc
no-comp [option] OPENSSL_NO_COMP (skip dir)
no-gmp [default] OPENSSL_NO_GMP (skip dir)
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
no-md2 [default] OPENSSL_NO_MD2 (skip dir)
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
no-sctp [default] OPENSSL_NO_SCTP (skip dir)
no-shared [default]
no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)
no-store [experimental] OPENSSL_NO_STORE (skip dir)
no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
no-zlib-dynamic [default]
[…]
cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o cms_cd.o cms_cd.c
cms_cd.c:131:20: warning: implicit declaration of function 'BIO_f_zlib' is invalid in C99
[-Wimplicit-function-declaration]
return BIO_new(BIO_f_zlib());
^
[…]
cc -DMONOLITH -I.. -I../include -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o enc.o enc.c
enc.c:468:28: warning: implicit declaration of function 'BIO_f_zlib' is invalid in C99
[-Wimplicit-function-declaration]
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
^
[…]
Undefined symbols for architecture x86_64:
"_BIO_f_zlib", referenced from:
_enc_main in enc.o
_cms_CompressedData_init_bio in libcrypto.a(cms_cd.o)
ld: symbol(s) not found for architecture x86_64
[…]
And indeed, file openssl.conf is built with:
# define OPENSSL_NO_COMP
Moreover, both files cms_cd.c and enc.c have:
#ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
#endif
so that the definition of BIO_f_zlib() can’t be found.
And it appears that "comp" is removed from the SDIRS variable.
Playing very dangerously, that is:
manually adding comp to SDIRS
replacing
#ifndef OPENSSL_NO_COMP
with
#if defined ZLIB || not defined OPENSSL_NO_COMP
it seems that make succeeds.
Dangerously, because I just don’t know what I am doing, what side-effects I am very likely introducing. ;-)
More information about the openssl-users
mailing list