cURL / Mailing Lists / curl-library / Single Mail

curl-library

Supporting GPL/non-GPL (GnuTLS/OpenSSL) at the same time [was Re: Debian Development That Might Hit You]

From: Richard Atterer <richard_at_2005.atterer.net>
Date: Fri, 19 Aug 2005 19:23:53 +0200

This is the technical part, I thought I'd put it in a separate mail.

Daniel, it'd be great if the problem were solved by you as upstream, in a
way which also solves it for Debian (and other distros). That way, the
chances of cross-distro binary compatibility of libcurl will be much
better!

First, try to understand the Debian POV for this. Assume the following:

- Future versions of curl will offer different features depending on
  whether they're built with OpenSSL or GnuTLS, or both.
- Program A (BSD-licensed) allows users to choose between OpenSSL/GnuTLS at
  runtime
- Program B (GPL-licensed) only uses GnuTLS, must not link against OpenSSL,
  not even if it never calls it. (I know, kinda silly, but that's life.)
- Debian wants to support both A and B.
  A and B should be installable at the same time.

My proposed solution:

Always build and install just one libcurl.so. Building two versions might
be OK as a short-term solution, but it invites all sorts of "fun" for
program A above, which would link against two /almost/ identical versions
of the same code.

The trick: Create your own "libcurl-ssldummy.so" version of OpenSSL. It
provides symbols for the entire OpenSSL API, but returns an error if any
function is called.

In the next step, make curl-config output the right library switches:

- When program A (BSD, uses OpenSSL+GnuTLS) is built, it just uses the
   regular "curl-config --libs" to get its linker flags. It gets back -lssl
   (and friends), -lgnutls (and friends) or none of these two, depending on
   whether libcurl was built with(out) OpenSSL/GnuTLS support.

- When program B (GPL-licensed) is built, it passes a special switch to
   curl-config, e.g. "curl-config --libs --no-openssl". It gets the same
   flags as without the --no-openssl switch, EXCEPT that -lssl and friends
   have been replaced with "-lcurl-ssldummy".

B will link just fine using the dummy SSL library. When the B binary is
run, it is *not* linked against OpenSSL at all.

>From the POV of libcurl: libcurl should determine during runtime whether
OpenSSL is really available, e.g. by checking for a special return value of
SSL_get_version(). If it is available, use it, otherwise fall back to
GnuTLS, or let the program choose.

Cheers,

Richard

-- 
  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/�|  http://atterer.net  |  0x888354F7
  � '` �

Received on 2005-08-19

This message: [ Message body ]
Next message: Jeff Pohlmeyer: "RE: Time for next round!"
Previous message: Richard Atterer: "Re: Debian Development That Might Hit You"
In reply to: Daniel Stenberg: "Debian Development That Might Hit You"
Next in thread: Daniel Stenberg: "Re: Supporting GPL/non-GPL (GnuTLS/OpenSSL) at the same time [was Re: Debian Development That Might Hit You]"
Reply: Daniel Stenberg: "Re: Supporting GPL/non-GPL (GnuTLS/OpenSSL) at the same time [was Re: Debian Development That Might Hit You]"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]