On Tue, Jan 05, 2021 at 05:44:27PM +0100, William Dauchy wrote: > Hi Willy, > > On Tue, Jan 5, 2021 at 5:23 PM Willy Tarreau <w...@1wt.eu> wrote: > > as I suspected in issue #1020, another user got trapped not enabling > > SSL when building from sources (probably for the first time, as it > > happens to everyone to build haproxy for the first time). > > > > Given that haproxy's main target is HTTP and that these days it often > > comes with SSL (and it doesn't seem like it's going to revert soon), > > I was wondering if it would be a good idea for 2.4 and onwards to preset > > USE_OPENSSL=1 by default. At least users who face build errors will have > > a glance at the README and figure how to disable it if they don't want > > it. But providing a successful build which misses some essential features > > doesn't sound like a very good long-term solution to me. > > > > I'm interested in any opinion here. > > I used to think most people use `use_openssl=1` and wondered why it > was not the default, but I recently discovered a large setup not > making use of tls. The market is however strongly moving towards end > to end encryption so I would say it makes sense to have use_openssl=1 > by default.
At least not to have to type it anymore ? > People like things which work out of the box without > reading any doc. So I'm quite a supporter of that change. Note, they still have to enter the target operating system so minimal reading is necessary. But this can be addressed in the makefile's help message which is their first contact indicating them what target to use. (we could even suggest what the current target looks like for some of them). > A developer/maintainer knows how to deactivate it for test purposes to > reply to Tim's comment even if it is longer to type. It's true as well. Nowadays I have a myriad of build scripts which all build with various options combinations, for various platforms, with various debugging options etc, so the typing time on the developer's machine is not a big deal: $ ls make-*|wc -l 84 So I don't find myself often adding USE_OPENSSL=1 by hand. But on the other hand I also trapped myself into forgetting it when building by hand for the same reason. Maybe if we figure a nice way to print some options before building, it could then be nice to recap the main options used so that users still have a chance to press Ctrl-C and change them. This would still alleviate the need to read docs and provide indications about other possible options (PCRE, ZLIB, etc). Willy
