Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 567942 - net-misc/curl with CURL_SSL unset and net-libs/mbedtls installed links against mbedtls
Summary: net-misc/curl with CURL_SSL unset and net-libs/mbedtls installed links agains...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Anthony Basile
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-10 19:00 UTC by Michael Cook
Modified: 2015-12-15 20:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info curl (curl_info.txt,9.18 KB, text/plain)
2015-12-14 08:08 UTC, Michael Cook 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Cook 2015-12-10 19:00:00 UTC 
When net-libs/mbedtls (formerly polarssl) is installed ant CURL_SSL is not set (well, it reported nss, but it wasn't set) links against mbedtls instead of nss.


Reproducible: Always

Steps to Reproduce:
1. install mbedtls
2. leave CURL_SSL unset
3. install net-misc/curl
Actual Results:  
curl links against mbedtls

Expected Results:  
curl links against whatever the default should be (mine said it should be nss ...)

If I set CURL_SSL="openssl" it does build correctly.

Snippet of ldd:
	libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007fcccd6b4000)
	libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007fcccd4a0000)
	libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007fcccd249000)
Comment 1 Anthony Basile gentoo-dev 2015-12-13 21:19:23 UTC 
(In reply to Michael Cook from comment #0)
> When net-libs/mbedtls (formerly polarssl) is installed ant CURL_SSL is not
> set (well, it reported nss, but it wasn't set) links against mbedtls instead
> of nss.
> 
> 

I don't see how since the ebuild has

REQUIRED_USE="
    curl_ssl_winssl? ( elibc_Winnt )
    threads? ( !adns )
    ssl? (
        ^^ (
            curl_ssl_axtls
            curl_ssl_gnutls
            curl_ssl_libressl
            curl_ssl_openssl
            curl_ssl_nss
            curl_ssl_polarssl
            curl_ssl_winssl
        )
    )"


which means that if you have USE=ssl then one and exactly one of CURL_SSL must be chosen.  Can I see the output to the following `emerge --info curl`
Comment 2 Michael Cook 2015-12-13 21:23:25 UTC 
(In reply to Anthony Basile from comment #1)
> (In reply to Michael Cook from comment #0)
> > When net-libs/mbedtls (formerly polarssl) is installed ant CURL_SSL is not
> > set (well, it reported nss, but it wasn't set) links against mbedtls instead
> > of nss.
> > 
> > 
> 
> I don't see how since the ebuild has
> 
> REQUIRED_USE="
>     curl_ssl_winssl? ( elibc_Winnt )
>     threads? ( !adns )
>     ssl? (
>         ^^ (
>             curl_ssl_axtls
>             curl_ssl_gnutls
>             curl_ssl_libressl
>             curl_ssl_openssl
>             curl_ssl_nss
>             curl_ssl_polarssl
>             curl_ssl_winssl
>         )
>     )"
> 
> 
> which means that if you have USE=ssl then one and exactly one of CURL_SSL
> must be chosen.  Can I see the output to the following `emerge --info curl`

eix/portage lead me to believe nss was selected (I didn't personally define it at all) but as ld shows, its not linked against nss.
Comment 3 Anthony Basile gentoo-dev 2015-12-13 21:29:03 UTC 
(In reply to Michael Cook from comment #2)
> 
> eix/portage lead me to believe nss was selected (I didn't personally define
> it at all) but as ld shows, its not linked against nss.

I need to see what eix/portage is saying and the output from  `emerge --info curl`.  I can't get a handle on what's going on from just your information above.
Comment 4 Michael Cook 2015-12-14 08:08:33 UTC 
Created attachment 419148 [details]
emerge --info curl

I don't have CURL_SSL set in my make.conf, but it defaults to nss I guess. Despite this, when net-libs/mbedtls is installed (2.2.0) curl gets linked against mbedtls instead of nss. See:

ldd /usr/bin/curl | grep libmbed                        
	libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007f75126f3000)
	libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007f75124df000)
	libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007f7512288000)
Comment 5 Anthony Basile gentoo-dev 2015-12-14 09:40:06 UTC 
(In reply to Michael Cook from comment #4)
> Created attachment 419148 [details]
> emerge --info curl
> 
> I don't have CURL_SSL set in my make.conf, but it defaults to nss I guess.
> Despite this, when net-libs/mbedtls is installed (2.2.0) curl gets linked
> against mbedtls instead of nss. See:
> 
> ldd /usr/bin/curl | grep libmbed                        
> 	libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007f75126f3000)
> 	libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007f75124df000)
> 	libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007f7512288000)

okay there is some automagic going on which i thought was being avoided by the REQUIRED_USE.  there are two things that need to be addressed:

1) why is CURL_SSL defaulting for you? i'll try this on a fresh stage3 but any clue you can give me will help

2) try setting CURL_SSL="nss" in your make.conf, rebuild curl and let me know what ldd gives.  give me the full out put, not just grepped for libmbed.

i intented to add mbedtls support to curl since it is the direction polar is going in, so now is the time to add that and fix this.

thanks for catching this, its not something i would have caught on my own.
Comment 6 Michael Cook 2015-12-15 06:51:37 UTC 
Looking into it, I'm pretty sure it's because it's not passing in --without-mbedtls to disable the mbedTLS detection.

here is the ldd output with nss set in make.conf

ldd /usr/bin/curl
	linux-vdso.so.1 (0x00007ffd71b84000)
	libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007f4735b11000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f47358fb000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f473555a000)
	libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007f4735330000)
	libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007f473511c000)
	libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007f4734ec5000)
	liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x00007f4734cb5000)
	libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2 (0x00007f4734a69000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f4735d6c000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f4734852000)
	libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x00007f47345da000)
	libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f4734187000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f4733f83000)
Comment 7 Anthony Basile gentoo-dev 2015-12-15 19:24:12 UTC 
This was a typo on my part.  No idea what I was thinking when I wrote this.

So please test curl-7.46.0.ebuild again.  In a bit, I'm going to have curl-7.46.0-r1.ebuild which will include proper mbedtls support.

commit 04cab6d422386741890b15c4e6075c068a612396
Author: Anthony G. Basile <blueness@gentoo.org>
Date:   Tue Dec 15 14:22:30 2015 -0500

    net-misc/curl: fix bug #567942.
    
    Package-Manager: portage-2.2.24

diff --git a/net-misc/curl/curl-7.46.0.ebuild b/net-misc/curl/curl-7.46.0.ebuild
index e02f4fe..c6d37c9 100644
--- a/net-misc/curl/curl-7.46.0.ebuild
+++ b/net-misc/curl/curl-7.46.0.ebuild
@@ -200,7 +200,7 @@ multilib_src_configure() {
                --disable-versioned-symbols \
                --without-cyassl \
                --without-darwinssl \
-               --with-mbedtls \
+               --without-mbedtls \
                $(use_with idn libidn) \
                $(use_with kerberos gssapi "${EPREFIX}"/usr) \
                $(use_with metalink libmetalink) \
Comment 8 Anthony Basile gentoo-dev 2015-12-15 20:00:09 UTC 
if you want to test with mbedtls, you can try out 7.46.0-r1 which i just added.

reopen this bug if there's still a problem with either 7.46.0 or 7.46.0-r1