[20328] in Kerberos_V5_Development
Re: Building krb5 libs without openssl
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Dec 5 11:41:26 2021
To: Isaac Boukris <iboukris@gmail.com>,
"krbdev@mit.edu Dev List"
<krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <be9b04d4-ce23-234b-55de-57feaecd716b@mit.edu>
Date: Sun, 5 Dec 2021 11:40:32 -0500
MIME-Version: 1.0
In-Reply-To: <CAC-fF8QoG=vhHfFiyDg8eGL0WcWkGNV2fdfKqrJteH0QApiHhg@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 12/5/21 8:16 AM, Isaac Boukris wrote:
> The configure help isn't clear about '--with-tls-impl' alternatives,
> from the script it looks like 'no' is an option but even though it
> still compiles the files at 'lib/crypto/openssl' unless I comment it
> out from the Makefile.
I recently changed how the crypto build system works so that all source
files are built, but some of them generate empty objects. This improves
automatic dependency generation and allows the OpenSSL back end to
borrow from the builtin back end depending on the OpenSSL version. See
commit 7e8c41afc54db2ca75de5a1e2e440b034be8887b .
That's all controlled by the --with-crypto-impl option. The
--with-tls-impl option only applies to plugins/tls. There, notls.c and
openssl.c are both built regardless of configuration, but one of them
generates an empty object.
> This is the configure command I'm trying to make work:
> CFLAGS='-g -O0' ./configure --disable-pkinit --disable-rpath
> --disable-thread-support --disable-shared --enable-static
> --with-tls-impl=no --without-keyutils
This configuration builds for me, and appears not to link against OpenSSL.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
