curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: How to build libcurl with OpenSSL without installing the latter?

From: ellie via curl-library <>
Date: Mon, 8 Nov 2021 23:18:06 +0100

My bad, I am not using mailing lists often enough and sent my responses
from the wrong source into the void. (Grandma moment again...) Here is a
quick copy:

My apologies, but I didn't manage to follow on your remarks regarding 
cross-compilation or how that relates to my question, sadly. At the risk 
of repeating myself, but how do others solve this?
Also wouldn't it make more sense if there was an alternate 
--with-openssl-headers-for-static or something?
I'm thinking alternatively, maybe at least --without-openssl-config-test 
would help to disable all those configure tests trying to tell me my 
install is wrong when I try to fake it. Then I could try minimal 
./fake-install/include/openssl folder, do --with-openssl=./fake-install/ 
and ignore all the other subfolders, and see if that works. But surely 
this is not how I'm meant to do it?
And it would be nice if there was some documentation on how to do this 
Sorry, that last line sounded a bit demanding in retrospect, that wasn't 
my intention. Maybe I'd even find time to help write that myself once I 
know the proper way. I just very honestly think it'd be a cool addition 
if there was some concrete documentation on a static build like this - 
if there already is and I missed it, then my apologies.
Okay so I did some fiddling and this is what I got, and it seems to work 
at least:
cd $(CURLPATH) && git reset --hard
cd $(CURLPATH) && autoreconf -fi
cd $(CURLPATH) && mkdir -p ./fake-install-so-curl-is-quiet/include/
cp -R $(OPENSSLPATH)/include/* 
cd $(CURLPATH) && mkdir -p ./fake-install-so-curl-is-quiet/lib/openssl/
cp -R $(OPENSSLPATH)/*.a $(CURLPATH)/fake-install-so-curl-is-quiet/lib/
cd $(CURLPATH) && mkdir -p ./fake-install-so-curl-is-quiet/share/openssl/
cd $(CURLPATH) && ./configure $(HOSTOPTION) --disable-shared 
--enable-static --enable-optimize --without-gnutls --without-mbedtls 
--without-wolfssl --without-mesalink --without-bearssl --without-rustl 
--without-nss --without-zlib --without-ca-path --with-ca-fallback 
--without-libpsl --without-libssh --without-libssh2 --without-wolfssh 
--without-librtmp --without-libidn2 --without-nghttp2 --without-ngtcp2 
--without-nghttp3 --without-quiche --without-hyper 
--with-openssl="`pwd`/fake-install-so-curl-is-quiet/" && make
But maybe you can see why I'd think if such options existed:
cd $(CURLPATH) && ./configure $(HOSTOPTION) --disable-shared 
--enable-static --without-any-extlibs 
--with-openssl-headers-for-static="$(OPENSSLPATH)/include/" && make
...and if that'd be all instead of the block above, that it'd be neat. 
Is there any equivalent I may have missed? Just want to be sure. Both 
the elaborate fake install copying and the long --without-XYZ list 
simply aren't pretty.
Thanks for the responses so far!
On 11/8/21 21:29, Timothe Litt via curl-library wrote:
> --with-xxx can be confusing at first.
> The --with-openssl= doesn't point to the the openssl library, but to the 
> directory above it.
> E.g. --with-openssl=/othersys means that openssl is found in:
> /othersys/include/openssl
> /othersys/lib/openssl
> /othersys/share/openssl
> The headers will be in /othersys/include
> For a local (native) build, the default is --prefix=/usr/local. You can 
> install OpenSSL (and curl) there, then you would link 
> --with-openssl=/usr/local.  That won't mess up the system-wide copy - 
> PATH would need to include /usr/local/bin to get those utilities.  You 
> would need to run ldconfig to get the sharables indexed.  Or 
> /home/myinstall if you want a single-user copy.
> For a cross-compilation, you need to distinguish where things are built 
> from where they'll live on the target.  But presumably you know about that.
> While there are circumstances where a static library makes sense, in 
> general it creates more work, since you have to keep track of everything 
> that uses it, and rebuild them as well as the library when there's an 
> update.  You can use sharables with cross-compilation, and in most 
> embedded environments.
> On 08-Nov-21 14:51, ellie via curl-library wrote:
> Timothe Litt
> ACM Distinguished Engineer
> --------------------------
> This communication may not represent the ACM or my employer's views,
> if any, on the matters discussed.
>> Hi everyone,
>> How can I build libcurl from source with OpenSSL WITHOUT having an 
>> OpenSSL install? I tried pointing the --with-openssl=... path to the 
>> OpenSSL repository (with the library built, all .a files in place 
>> even) but it doesn't like that.
>> I can't really install OpenSSL because this is a cross-compilation, so 
>> that inherently doesn't make sense. (Even for the native build I don't 
>> want to, because I statically link a local variant and installing it 
>> might mess up the system-wide copy I assume.)
>> I also use --disable-shared and --enable-static anyway, so there is no 
>> point in linking. And I have the headers in the OpenSSL source tree, 
>> now I just need to know how to tell libcurl to use those, and not 
>> complain and just build. And I'm really very clueless how to. How does 
>> this work? Would also be nice if hints were to be added for this 
>> scenario (external SSL lib from source and NOT installed, all static 
>> builds) here:
>> Any ideas appreciated!
>> Regards,
>> Ellie
>> PS: As a side note, is there a --without-any-libs switch? So I can 
>> disable every use of any possibly detected library, then add 
>> --with-... switches to enable them manually? Since this is a static 
>> build, linking anything from the OS is the opposite of what I want.
Received on 2021-11-08