Recent nss upgrade breaks ssl support in curl in a CentOS 6.7 build

[Christian Lohmaier]

Hi *,

On Sun, Mar 13, 2016 at 1:55 PM, Giuseppe Castagno
<giuseppe.castagno at acca-esse.eu> wrote:
> Hi all,
>
> I found recent upgrading nss cause curl configure failing to detect nss
> availability.
> Happens only in CentOS 6.7, didn't observe it on Ubuntu 14.04.
>
> nss upgrade is present both in master and in libreoffice-5-1.

… and libreoffice-5-0

patch committed to master as 98d48dad9e807a4a40f4c3d1b5280d9e5156cb18
cherry-pick for 5-0: https://gerrit.libreoffice.org/#/c/23191/
cherry-pick for 5-1: https://gerrit.libreoffice.org/#/c/23189/

thanks for hunting this down..

Problem is that  libnssutil3.so is not added to curl's configure
check, and system one on the baseline is too old (only patched 3.19
version). On other distros, system versions of libnssutil3.so jumps in
and satisfies the configure check...

configure:21330: checking whether to enable Windows native SSL/TLS
(Windows native builds only)
configure:21352: result: no
configure:21368: checking whether to enable iOS/Mac OS X native SSL/TLS
configure:21384: result: no
configure:24009: WARNING: Using hard-wired libraries and compilation
flags for NSS.
configure:24028: checking for SSL_VersionRangeSet in -lnss3
configure:24050: /usr/bin/ccache /opt/rh/devtoolset-2/root/usr/bin/gcc
-o conftest -O2 -Wno-system-headers -isystem
/home/buildslave/build/workdir/UnpackedTarball/nss/dist/public/nss
-I/home/buildslave/build/workdir/UnpackedTarball/nss/dist/out/include
-L/home/buildslave/build/workdir/UnpackedTarball/nss/dist/out/lib
-Wl,-z,origin -Wl,-rpath,\$$ORIGIN conftest.c -lnss3  -lssl3 -lsmime3
-lnss3 -lplds4 -lplc4 -lnspr4 -lz -lrt >&5
/home/buildslave/build/workdir/UnpackedTarball/nss/dist/out/lib/libnss3.so:
undefined reference to `NSSUTIL_ArgParseModuleSpecEx at NSSUTIL_3.21'
collect2: error: ld returned 1 exit status

ciao
Christian