On CentOS/Red Hat/Fedora we should set CFLAGS to disable elliptic curves ciphers.
jadeallenx opened this issue · comments
Red Hat believes there's a patent issue and has disabled them for over 10 years. This causes the out of the box Erlang build to die.
Can set CFLAGS="-DOPENSSL_NO_EC=1"
to tell the Erlang crypto libraries to not build the elliptic curve cipher suite.
I guess we'd do something parallel to maybe_patch_darwin
but for RH/Fedora/CentOS?
I was thinking in the block inside of _do_build()
at line 581 we'd add something about if this is Linux and then if it's Red Hat/Fedora/CentOS, etc, we'd jigger the CFLAGS there if they didn't already include the -DOPENSSL_NO_EC=1
directive.
An alternative to disabling EC is statically linking OpenSSL, i've hacked a recipe to do this on EC2