[openssl-users] Configure with both options "no-comp" and "zlib"

Sat Jan 30 16:34:18 UTC 2016

Hello,

According to this thread:

	http://openssl.6102.n7.nabble.com/config-and-no-zlib-td42924.html

it would make sense to execute Configure with both "no-comp" and "zlib" options.

If I understand correctly, this would avoid to have the openssl library to use compression for SSL/TLS by default while still having compression available for command line tools.

However, using both options leads to a failure here (please see details for openssl-1.0.2f at the end of this message).

So, first of all, does it really make sense to configure with both options? Or am I just plain wrong with my understanding of, for example, the INSTALL file, the comments at the beginning of Configure, the reasonings in above thread?

Otherwise, perhaps am I missing an important step in my configure/build attempts?

TIA,
Axel

Configuring for darwin64-x86_64-cc
    no-comp         [option]   OPENSSL_NO_COMP (skip dir)
    no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
    no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
    no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
    no-libunbound   [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
    no-md2          [default]  OPENSSL_NO_MD2 (skip dir)
    no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
    no-rfc3779      [default]  OPENSSL_NO_RFC3779 (skip dir)
    no-sctp         [default]  OPENSSL_NO_SCTP (skip dir)
    no-shared       [default] 
    no-ssl-trace    [default]  OPENSSL_NO_SSL_TRACE (skip dir)
    no-ssl2         [option]   OPENSSL_NO_SSL2 (skip dir)
    no-store        [experimental] OPENSSL_NO_STORE (skip dir)
    no-unit-test    [default]  OPENSSL_NO_UNIT_TEST (skip dir)
    no-zlib-dynamic [default] 
[…]
cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o cms_cd.o cms_cd.c
cms_cd.c:131:20: warning: implicit declaration of function 'BIO_f_zlib' is invalid in C99
      [-Wimplicit-function-declaration]
    return BIO_new(BIO_f_zlib());
                   ^
[…]
cc -DMONOLITH -I.. -I../include  -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM   -c -o enc.o enc.c
enc.c:468:28: warning: implicit declaration of function 'BIO_f_zlib' is invalid in C99
      [-Wimplicit-function-declaration]
        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
                           ^
[…]
Undefined symbols for architecture x86_64:
  "_BIO_f_zlib", referenced from:
      _enc_main in enc.o
      _cms_CompressedData_init_bio in libcrypto.a(cms_cd.o)
ld: symbol(s) not found for architecture x86_64
[…]

And indeed, file openssl.conf is built with:
	# define OPENSSL_NO_COMP 
Moreover, both files cms_cd.c and enc.c have:
	#ifndef OPENSSL_NO_COMP
	# include <openssl/comp.h>
	#endif
so that the definition of BIO_f_zlib() can’t be found.
And it appears that "comp" is removed from the SDIRS variable.

Playing very dangerously, that is:
	manually adding comp to SDIRS
	replacing
		#ifndef OPENSSL_NO_COMP
	with
		#if defined ZLIB || not defined OPENSSL_NO_COMP
it seems that make succeeds.
Dangerously, because I just don’t know what I am doing, what side-effects I am very likely introducing. ;-)