curl / Mailing Lists / curl-library / Single Mail


mbed TLS and curl-config and NTLM

From: Dan Fandrich <>
Date: Tue, 18 Apr 2017 01:06:15 +0200

Tests 1013 and 1014 for my mbed TLS autobuilds are failing, due to invalid
output of curl-config --features and --protocols. The problem is that the
configure check that determines if SMB and NTLM support is available is
incomplete compared to the compile-time check. These are only available if mbed
TLS enables MD4 support which it doesn't by default as its comment explains:
"Uncomment to enable support for (rare) MD4-signed X.509 certs". The configure
check, however, only looks to see that mbed TLS is enabled at all.

It would be ugly to have to replicate that check in both places, but it's
already pretty ugly NEARLY duplicating that checks for each of the features in
both places. Ideally, the same compile-time check could be used in the
configure script by including the same .h file, but there's a chicken and egg
problem in that those files can't be included before the config.h file is
written, which isn't done until the configure run is complete, which isn't
complete until the check for those features is done.

Maybe the answer is to require that mbed TLS have MD4 support available when
enabling SMB or NTLM with a compile-time assertion. If it's not available, the
compile will fail unless the user explicitly disables SMB and NTLM at configure
time. This might be pretty unfriendly, though, since NTLM can only be disabled
with --disable-crypto-auth which disables all other cryptographic
authentication methods at the same time, and the code itself appears to work
despite curl-config being wrong.
Received on 2017-04-18