[Softhsm-develop] Configure script & custom OpenSSL path

[Petr Spacek]

On 18.4.2015 09:12, Rickard Bellgrim wrote:
> On Fri, Apr 17, 2015 at 3:32 PM, Petr Spacek <pspacek at redhat.com> wrote:
> 
>> Tests are passing for me on Fedora 22 with hand-compiled OpenSSL 1.0.2a.
>>
>> The only thing I had to do was to hack m4/acx_openssl_rfc5649.m4 to disable
>> RFC 5649 support because it is not present in OpenSSL 1.0.2a and this check
>> ignores --with-openssl configure parameter.
>>
>> I'm not an Autotools expert so I'm not able to write proper fix, sorry!
> 
> 
> The configuration works for me:
> 
> $ /usr/local/ssl/bin/openssl version
> OpenSSL 1.0.2a 19 Mar 2015
> 
> $ ../configure --disable-non-paged-memory --with-objectstore-backend-db
> --with-migrate --with-crypto-backend=openssl --with-openssl=/usr/local/ssl
> ...
> checking what are the OpenSSL includes... -I/usr/local/ssl/include
> checking what are the OpenSSL libs... -L/usr/local/ssl/lib -lcrypto
> checking openssl/ssl.h usability... yes
> checking openssl/ssl.h presence... yes
> checking for openssl/ssl.h... yes
> checking for BN_init in -lcrypto... yes
> checking for OpenSSL version... >= 1.0.0
> checking for OpenSSL ECC support... Found P256 and P384
> checking for OpenSSL GOST support... Found GOST engine
> checking OpenSSL EVP interface for AES key wrapping... RFC 3394 is supported
> checking OpenSSL EVP interface for AES key wrapping with pad... RFC 5649 is
> not supported
> …

My problem was that it the check itself was testing openssl in / and not in
/usr/local/ssl. The compilation later used /usr/local/ssl as it should so that
was okay for me, just the check itself was bogus.

Does it say 'RFC 5649 is supported' if you run configure script without
--with-openssl=/usr/local/ssl ?

-- 
Petr Spacek  @  Red Hat