Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 878751 - net-misc/curl-7.86.0-r1: configure: error: --without-ssl has been set together with an explicit option to use an ssl library
Summary: net-misc/curl-7.86.0-r1: configure: error: --without-ssl has been set togethe...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Anthony Basile
Depends on:
Blocks: CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916
  Show dependency tree
Reported: 2022-10-29 19:50 UTC by Emanuel Czirai
Modified: 2022-11-07 07:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Emanuel Czirai 2022-10-29 19:50:33 UTC
configure: error: --without-ssl has been set together with an explicit option to use an ssl library
(e.g. --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl, --with-rustls).
Since these are conflicting parameters, verify which is the desired one and drop the other.

this is seen in the /var/db/repos/gentoo/net-misc/curl/curl-7.86.0-r1.ebuild

multilib_src_configure() {
	# We make use of the fact that later flags override earlier ones
	# So start with all ssl providers off until proven otherwise
	# TODO: in the future, we may want to add wolfssl (
	local myconf=()

	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
	#myconf+=( --without-default-ssl-backend )
	if use ssl ; then
		if use gnutls || use curl_ssl_gnutls; then
			einfo "SSL provided by gnutls"
			myconf+=( --with-gnutls --with-nettle )

Reproducible: Always

net-misc/curl-7.85.0-r2::gentoo was built with the following:

USE="ftp http2 imap progress-meter ssl verify-sig zstd -adns -alt-svc -brotli -gnutls -gopher -hsts -idn -ipv6 -kerberos -ldap -mbedtls (-nghttp3) -nss -openssl -pop3 -quiche -rtmp -samba -smtp -ssh -sslv3 -static-libs -telnet -test -tftp" ABI_X86="(64) -32 (-x32)" CURL_SSL="nss -gnutls -mbedtls -openssl"

FEATURES="distlocks network-sandbox prelink-checksums ccache binpkg-multi-instance buildsyspkg parallel-fetch skiprocheck splitdebug assume-digests sandbox cgroup news binpkg-dostrip pid-sandbox buildpkg installsources binpkg-docompress userpriv fixlafiles force-mirror sfperms ipc-sandbox unknown-features-warn config-protect-if-modified unmerge-logs split-log usersandbox fakeroot suidctl merge-sync downgrade-backup ebuild-locks split-elog qa-unresolved-soname-deps getbinpkg preserve-libs buildpkg-live binpkg-logs strict multilib-strict"
Comment 1 Larry the Git Cow gentoo-dev 2022-11-07 05:16:01 UTC
The bug has been closed via the following commit(s):

commit 37258e9a9e3b5144df49a70e29c5fe11c9cd0898
Author:     Sam James <>
AuthorDate: 2022-11-07 05:15:04 +0000
Commit:     Sam James <>
CommitDate: 2022-11-07 05:15:04 +0000

    net-misc/curl: fix USE=-ssl build
    Signed-off-by: Sam James <>

 net-misc/curl/curl-7.86.0-r1.ebuild | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
Comment 2 Emanuel Czirai 2022-11-07 07:11:35 UTC
Thank you for fixing this, I've been doing emerge --exclude=curl  for a while :)

Just to be clear though, this happened with USE=ssl (too)
I only say this because the commit message says:  
net-misc/curl: fix USE=-ssl build