When net-libs/mbedtls (formerly polarssl) is installed ant CURL_SSL is not set (well, it reported nss, but it wasn't set) links against mbedtls instead of nss. Reproducible: Always Steps to Reproduce: 1. install mbedtls 2. leave CURL_SSL unset 3. install net-misc/curl Actual Results: curl links against mbedtls Expected Results: curl links against whatever the default should be (mine said it should be nss ...) If I set CURL_SSL="openssl" it does build correctly. Snippet of ldd: libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007fcccd6b4000) libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007fcccd4a0000) libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007fcccd249000)
(In reply to Michael Cook from comment #0) > When net-libs/mbedtls (formerly polarssl) is installed ant CURL_SSL is not > set (well, it reported nss, but it wasn't set) links against mbedtls instead > of nss. > > I don't see how since the ebuild has REQUIRED_USE=" curl_ssl_winssl? ( elibc_Winnt ) threads? ( !adns ) ssl? ( ^^ ( curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_openssl curl_ssl_nss curl_ssl_polarssl curl_ssl_winssl ) )" which means that if you have USE=ssl then one and exactly one of CURL_SSL must be chosen. Can I see the output to the following `emerge --info curl`
(In reply to Anthony Basile from comment #1) > (In reply to Michael Cook from comment #0) > > When net-libs/mbedtls (formerly polarssl) is installed ant CURL_SSL is not > > set (well, it reported nss, but it wasn't set) links against mbedtls instead > > of nss. > > > > > > I don't see how since the ebuild has > > REQUIRED_USE=" > curl_ssl_winssl? ( elibc_Winnt ) > threads? ( !adns ) > ssl? ( > ^^ ( > curl_ssl_axtls > curl_ssl_gnutls > curl_ssl_libressl > curl_ssl_openssl > curl_ssl_nss > curl_ssl_polarssl > curl_ssl_winssl > ) > )" > > > which means that if you have USE=ssl then one and exactly one of CURL_SSL > must be chosen. Can I see the output to the following `emerge --info curl` eix/portage lead me to believe nss was selected (I didn't personally define it at all) but as ld shows, its not linked against nss.
(In reply to Michael Cook from comment #2) > > eix/portage lead me to believe nss was selected (I didn't personally define > it at all) but as ld shows, its not linked against nss. I need to see what eix/portage is saying and the output from `emerge --info curl`. I can't get a handle on what's going on from just your information above.
Created attachment 419148 [details] emerge --info curl I don't have CURL_SSL set in my make.conf, but it defaults to nss I guess. Despite this, when net-libs/mbedtls is installed (2.2.0) curl gets linked against mbedtls instead of nss. See: ldd /usr/bin/curl | grep libmbed libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007f75126f3000) libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007f75124df000) libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007f7512288000)
(In reply to Michael Cook from comment #4) > Created attachment 419148 [details] > emerge --info curl > > I don't have CURL_SSL set in my make.conf, but it defaults to nss I guess. > Despite this, when net-libs/mbedtls is installed (2.2.0) curl gets linked > against mbedtls instead of nss. See: > > ldd /usr/bin/curl | grep libmbed > libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007f75126f3000) > libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007f75124df000) > libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007f7512288000) okay there is some automagic going on which i thought was being avoided by the REQUIRED_USE. there are two things that need to be addressed: 1) why is CURL_SSL defaulting for you? i'll try this on a fresh stage3 but any clue you can give me will help 2) try setting CURL_SSL="nss" in your make.conf, rebuild curl and let me know what ldd gives. give me the full out put, not just grepped for libmbed. i intented to add mbedtls support to curl since it is the direction polar is going in, so now is the time to add that and fix this. thanks for catching this, its not something i would have caught on my own.
Looking into it, I'm pretty sure it's because it's not passing in --without-mbedtls to disable the mbedTLS detection. here is the ldd output with nss set in make.conf ldd /usr/bin/curl linux-vdso.so.1 (0x00007ffd71b84000) libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007f4735b11000) libz.so.1 => /lib64/libz.so.1 (0x00007f47358fb000) libc.so.6 => /lib64/libc.so.6 (0x00007f473555a000) libmbedtls.so.10 => /usr/lib64/libmbedtls.so.10 (0x00007f4735330000) libmbedx509.so.0 => /usr/lib64/libmbedx509.so.0 (0x00007f473511c000) libmbedcrypto.so.0 => /usr/lib64/libmbedcrypto.so.0 (0x00007f4734ec5000) liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x00007f4734cb5000) libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2 (0x00007f4734a69000) /lib64/ld-linux-x86-64.so.2 (0x00007f4735d6c000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f4734852000) libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x00007f47345da000) libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f4734187000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f4733f83000)
This was a typo on my part. No idea what I was thinking when I wrote this. So please test curl-7.46.0.ebuild again. In a bit, I'm going to have curl-7.46.0-r1.ebuild which will include proper mbedtls support. commit 04cab6d422386741890b15c4e6075c068a612396 Author: Anthony G. Basile <blueness@gentoo.org> Date: Tue Dec 15 14:22:30 2015 -0500 net-misc/curl: fix bug #567942. Package-Manager: portage-2.2.24 diff --git a/net-misc/curl/curl-7.46.0.ebuild b/net-misc/curl/curl-7.46.0.ebuild index e02f4fe..c6d37c9 100644 --- a/net-misc/curl/curl-7.46.0.ebuild +++ b/net-misc/curl/curl-7.46.0.ebuild @@ -200,7 +200,7 @@ multilib_src_configure() { --disable-versioned-symbols \ --without-cyassl \ --without-darwinssl \ - --with-mbedtls \ + --without-mbedtls \ $(use_with idn libidn) \ $(use_with kerberos gssapi "${EPREFIX}"/usr) \ $(use_with metalink libmetalink) \
if you want to test with mbedtls, you can try out 7.46.0-r1 which i just added. reopen this bug if there's still a problem with either 7.46.0 or 7.46.0-r1