Discussion:
Having trouble building curl from source
David Hu via curl-users
2021-03-21 04:38:23 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello all,

I am experiencing build errors when building from GitHub source code as of 21 March 2021 05:38 GMT. The full build logs can be found at https://del.dog/moraicyneg.txt


It is impossible to paste in the email because they are TOO long.


Notice the lines 850 to 878 where the error occurred.

How do I solve this?

It would be really appreciated.

Thank you very much!
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKAAYFAmBWzbwAIQkQiEfETXXD2jgWIQQ0CoSNQzNoc9SPXa2IR8RN
dcPaOHE8AQDLFDtcMugFovmbs0b0S+NcuKcI8JNqfYEsFqEpgD16JAEAgCem
641VE/IXxilgspntxUJ9nLo0wp5E+B9kGKzn5A0=
=lCg3
-----END PGP SIGNATURE-----


-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Dan Fandrich via curl-users
2021-03-21 04:48:43 UTC
Permalink
Post by David Hu via curl-users
I am experiencing build errors when building from GitHub source code as of 21 March 2021 05:38 GMT. The full build logs can be found at https://del.dog/moraicyneg.txt
Try using PKG_CONFIG_PATH to the BoringSSL path instead of passing it in with
--with-ssl. Also, make sure you're pointing configure to the installed
location of the library, not the source location.
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette
Jeffrey Walton via curl-users
2021-03-21 08:44:33 UTC
Permalink
On Sun, Mar 21, 2021 at 12:46 AM David Hu via curl-users
Post by David Hu via curl-users
...
I am experiencing build errors when building from GitHub source code as of 21 March 2021 05:38 GMT. The full build logs can be found at https://del.dog/moraicyneg.txt
In addition to what Dan said, you may want to add the following to
your configure args:

ac_cv_func_RAND_egd=no
ac_cv_func_SSLv2_client_method=no
ac_cv_func_SSLv3_client_method=no

EDG has gone away in the latest versions of OpenSSL. I'm guessing
BoringSSL will eventually do the same.

There's no need for SSLv2 or SSLv3 nowadays. The last time I checked,
cURL lacked an option to disable them. The easiest way to disable them
is the configure variables.

Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-use
Daniel Stenberg via curl-users
2021-03-21 10:06:25 UTC
Permalink
There's no need for SSLv2 or SSLv3 nowadays. The last time I checked, cURL
lacked an option to disable them. The easiest way to disable them is the
configure variables.
No modern TLS library has those versions enabled/working (unless you went
overboard enabling them), and curl will adapt to that.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl
Jeffrey Walton via curl-users
2021-03-21 10:27:55 UTC
Permalink
Post by Daniel Stenberg via curl-users
There's no need for SSLv2 or SSLv3 nowadays. The last time I checked, cURL
lacked an option to disable them. The easiest way to disable them is the
configure variables.
No modern TLS library has those versions enabled/working (unless you went
overboard enabling them), and curl will adapt to that.
Solaris, OS X, and friends still have them.

Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiqu
Daniel Stenberg via curl-users
2021-03-21 10:30:57 UTC
Permalink
Post by Jeffrey Walton via curl-users
Post by Daniel Stenberg via curl-users
No modern TLS library has those versions enabled/working (unless you went
overboard enabling them), and curl will adapt to that.
Solaris, OS X, and friends still have them.
I don't think that contradicts what I said...
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Eti
Jeffrey Walton via curl-users
2021-03-21 10:41:52 UTC
Permalink
Post by Daniel Stenberg via curl-users
Post by Jeffrey Walton via curl-users
Post by Daniel Stenberg via curl-users
No modern TLS library has those versions enabled/working (unless you went
overboard enabling them), and curl will adapt to that.
Solaris, OS X, and friends still have them.
I don't think that contradicts what I said...
Then I don't understand what you said.

Are you saying cURL now disables EDG, SSLv2 and SSLv3?

Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiqu
Daniel Stenberg via curl-users
2021-03-21 10:46:24 UTC
Permalink
Post by Jeffrey Walton via curl-users
Are you saying cURL now disables EDG, SSLv2 and SSLv3?
I'm suggeseting that if you have those things enabled in your TLS library,
you're runnig something old and outdated and you should consider upgrading.

I would probably even claim it is irresponsible to have them enabled so curl
should probably disable them by default and insist on some extra option to
enabled them. But I don't think this is a widespread issue.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mai
Jeffrey Walton via curl-users
2021-03-21 11:18:50 UTC
Permalink
Post by Daniel Stenberg via curl-users
Post by Jeffrey Walton via curl-users
Are you saying cURL now disables EDG, SSLv2 and SSLv3?
I'm suggeseting that if you have those things enabled in your TLS library,
you're runnig something old and outdated and you should consider upgrading.
I would probably even claim it is irresponsible to have them enabled so curl
should probably disable them by default and insist on some extra option to
enabled them. But I don't think this is a widespread issue.
Be careful of setting policy, like always enable SSLv2 or SSLv3 if the
underlying ssl lib provides it. Or, always disable SSLv2 or SSLv3 even
if the underlying ssl lib provides it.

Giving users a choice with a sane default is a good idea. Like disable
SSLv2 and SSLv3 by default, and make a user do something special to
enable it.

As far as I know, cURL does not provide a --disable-sslv2 or
--disable-sslv3 option (or the enable options), so there's no way to
disable it without the configure ac_cv_func options. Or it did not in
the past.

Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.ha

Loading...