[gnutls-dev] Re: pkg-config support for opencdk

Simon Josefsson jas at extundo.com
Mon Oct 2 10:34:53 CEST 2006


Andreas Metzler <ametzler at downhill.at.eu.org> writes:

> On 2006-08-18 Simon Josefsson <jas at extundo.com> wrote:
>> Martin Lambers <marlam at marlam.de> writes:
>>> On Tue, 08. Aug 2006, 14:47:39 +0200, Simon Josefsson wrote:
>>>> I think Bruno's AC_LIB_HAVE_LINKFLAGS is the best choice.  It works
>>>> for cross-compilations, can check for particular versions through the
>>>> gnutls.h LIBGNUTLS_VERSION* symbols, and doesn't add unnecessary
>>>> libraries to the link line, and works with and without libtool.
>
>>> How does the check for particular versions work with
>>> AC_LIB_HAVE_LINKFLAGS? Can you give an example?
> [...]
>> You could modify it into:
>
>>   AC_LIB_HAVE_LINKFLAGS(gnutls,,
>>     [#include <gnutls/gnutls.h>
>>      #if LIBGNUTLS_VERSION_NUMBER < 0x010500
>>      error too old gnutls
>>      #endif],
>>     [gnutls_certificate_verify_peers2 (0, 0);])
>
>> I didn't test this, but something like it should work.
>
>> Note that the test for gnutls_certificate_verify_peers2() is an
>> implicit version test -- gsasl need a gnutls version that have that
>> particular feature.  That is the best approach: test the GnuTLS
>> library for the properties (e.g., APIs) that your application actually
>> needs.  Doing so will work even if someone has back-ported a feature
>> to an older version, for example.
>
> Hello,
> I have wasted a bit of time with this today by taking a look at an
> obvious candidate, gnutls itself. It currently uses AM_PATH_LIBTASN1
> to search for a minimal version of tasn1. Afaiui the version
> requirement is not due to some special function only available in this
> version but to ignore known to be buggy versions. Libtasn1 doesn't
> ship a LIBTASN1_VERSION_NUMBER available for the trick noted above.
>
> I have thought about ways to work around it:
>
> #1 Use a custom autoconf macro to pull the *value* of LIBTASN1_VERSION
> from libtasn1.h using the C preprocessor and then compare this string
> and GNUTLS_LIBTASN1_VERSION using to be written shell code.
> (hideous, imho)
>
> #2 Use asn1_check_version("$GNUTLS_LIBTASN1_VERSION") in
> AC_RUN_IFELSE. - This breaks cross-compilation.
>
> #3 continue using AM_PATH_LIBTASN1.
>
> #4 PKG_CHECK_MODULES([LIBTASN1], [libtasn1 >= $GNUTLS_LIBTASN1_VERSION])
>
> #5 remove the version requirement and search for used features,
> allowing linkage with buggy libtasn1.

How about:

#6: Add version symbols to libtasn1.h, so that the above
 AC_LIB_HAVE_LINKFLAGS check would work?

Pro:

* Make it possible to detect and not use known buggy versions.

* Handle -R vs -Wl,-rpath etc linker differences.

* Work under cross-compilation.

Con:

* A new libtasn1 release is needed, and gnutls will have to depend on
  it.

* It doesn't check the libtasn1.so version, only the libtasn1.h
  version, at build-time.  However, the libtasn1.so version can change
  after building, so I think this MUST be done in the application
  anyway.  And gnutls already do that, so there is no problem.

Thanks for thinking about this!

/Simon




More information about the Gnutls-devel mailing list