configure: check for gcrypt if using GnuTLS

1 - libcurl assumes that there are gcrypt functions available when
GnuTLS is.

2 - GnuTLS can be built to use libnettle instead as crypto library,
which breaks assumption (1)

This change makes configure make sure that if GnuTLS is requested and
detected, it also makes sure that gcrypt is present or it errors
out. This is mostly a way to make the user more aware of this flaw, the
correct fix would be to detect which crypto layer that is in use and
adapt our code to use that instead of blindly assuming gcrypt.

Reported by: Michal Gorny
Bug: http://curl.haxx.se/bug/view.cgi?id=3071038

1 files changed, 14 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index ada471814..eaf57f9d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1734,6 +1734,20 @@ if test "$OPENSSL_ENABLED" != "1"; then
 
 fi dnl OPENSSL != 1
 
+dnl ---
+dnl If GnuTLS is enabled, we MUST verify that it uses libgcrypt since
+dnl curl code relies on that but recent GnuTLS versions can in fact build
+dnl with different crypto libraries which curl right now cannot handle
+dnl ---
+
+if test "$GNUTLS_ENABLED" = "1"; then
+  AC_CHECK_LIB(gcrypt,
+               gcry_control, ,
+    [
+      AC_MSG_ERROR([need GnuTLS built with gcrypt to function with GnuTLS])
+    ])
+fi
+
 dnl ----------------------------------------------------
 dnl check for PolarSSL
 dnl ----------------------------------------------------