nmh-workers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nmh-workers] Configure, SSL, and SASL.

From: Lyndon Nerenberg
Subject: [Nmh-workers] Configure, SSL, and SASL.
Date: Wed, 12 Mar 2014 13:03:26 -0700 
On Mar 12, 2014, at 12:43 PM, Ken Hornstein <address@hidden> wrote:

> Right now the assumption is that if you've done --with-tls or
> --with-cyrus-sasl you've made the right adjustments to CPPFLAGS and/or
> LDFLAGS and we can kick an error.  Although ... fixing that so it tries
> to do those things and gracefully skips them if you can't make it work
> I don't think would be so hard.  The pieces are in place, it would just
> require a reshuffling.  Let me look at it.

For the openssl case, all you need to do is look for openssl/ssl.h in the 
default include path, and that -lssl -lcrypto can find SSL_library_init() in 
the default linker search path.  Then I would change --with-tls to override the 
base search path for the includes and libraries.  This is how most packages 
seem to handle it, and it works fine.  Although I would probably rename 
--with-tls to --with-openssl to better describe what it does.

As an example, on FreeBSD, the above defaults would find the OpenSSL 
implementation in the base OS.  Configuring with --with-openssl=/usr/local 
would find the optional version built from FreeBSD ports.

The Cyrus SASL stuff could be just as simple, although we might want to augment 
the search paths on a case-by-case basis.  E.g., on FreeBSD, SASL comes from 
ports, so you need to look for it in /usr/local (well, ${PORTSBASE:-/usr/local} 
...).

Given all the fuss over security on the net these days, we really should be 
defaulting this stuff to 'ON' whenever possible.

--lyndon

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

reply via email to
[Prev in Thread] Current Thread [Next in Thread]