Building krb5 libs without openssl

Greg Hudson ghudson at
Sun Dec 5 11:40:32 EST 2021

On 12/5/21 8:16 AM, Isaac Boukris wrote:
> The configure help isn't clear about '--with-tls-impl' alternatives,
> from the script it looks like 'no' is an option but even though it
> still compiles the files at 'lib/crypto/openssl' unless I comment it
> out from the Makefile.

I recently changed how the crypto build system works so that all source
files are built, but some of them generate empty objects.  This improves
automatic dependency generation and allows the OpenSSL back end to
borrow from the builtin back end depending on the OpenSSL version.  See
commit 7e8c41afc54db2ca75de5a1e2e440b034be8887b .

That's all controlled by the --with-crypto-impl option.  The
--with-tls-impl option only applies to plugins/tls.  There, notls.c and
openssl.c are both built regardless of configuration, but one of them
generates an empty object.

> This is the configure command I'm trying to make work:
> CFLAGS='-g -O0' ./configure --disable-pkinit --disable-rpath
> --disable-thread-support --disable-shared --enable-static
> --with-tls-impl=no --without-keyutils

This configuration builds for me, and appears not to link against OpenSSL.

More information about the krbdev mailing list