On Mar 12, 2014, at 12:43 PM, Ken Hornstein <kenh(_at_)pobox(_dot_)com> wrote:
Right now the assumption is that if you've done --with-tls or --with-cyrus-sasl you've made the right adjustments to CPPFLAGS and/or LDFLAGS and we can kick an error. Although ... fixing that so it tries to do those things and gracefully skips them if you can't make it work I don't think would be so hard. The pieces are in place, it would just require a reshuffling. Let me look at it.
For the openssl case, all you need to do is look for openssl/ssl.h in the
default include path, and that -lssl -lcrypto can find SSL_library_init() in
the default linker search path. Then I would change --with-tls to override the
base search path for the includes and libraries. This is how most packages
seem to handle it, and it works fine. Although I would probably rename
--with-tls to --with-openssl to better describe what it does.
As an example, on FreeBSD, the above defaults would find the OpenSSL
implementation in the base OS. Configuring with --with-openssl=/usr/local
would find the optional version built from FreeBSD ports.
The Cyrus SASL stuff could be just as simple, although we might want to augment
the search paths on a case-by-case basis. E.g., on FreeBSD, SASL comes from
ports, so you need to look for it in /usr/local (well, ${PORTSBASE:-/usr/local}
...).
Given all the fuss over security on the net these days, we really should be
defaulting this stuff to 'ON' whenever possible.
--lyndon
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Nmh-workers mailing list Nmh-workers(_at_)nongnu(_dot_)org https://lists.nongnu.org/mailman/listinfo/nmh-workers