|
|
@@ -1731,1213 +1731,23 @@ case "$DEFAULT_SSL_BACKEND" in
|
|
|
;;
|
|
|
esac
|
|
|
|
|
|
-dnl **********************************************************************
|
|
|
-
|
|
|
-dnl -------------------------------------------------
|
|
|
-dnl check winssl option before other SSL libraries
|
|
|
-dnl -------------------------------------------------
|
|
|
-
|
|
|
-AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
|
|
|
-if test "x$OPT_SCHANNEL" != xno; then
|
|
|
- ssl_msg=
|
|
|
- if test "x$OPT_SCHANNEL" != "xno" &&
|
|
|
- test "x$curl_cv_native_windows" = "xyes"; then
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
|
|
|
- AC_SUBST(USE_SCHANNEL, [1])
|
|
|
- ssl_msg="Schannel"
|
|
|
- test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- SCHANNEL_ENABLED=1
|
|
|
- # --with-schannel implies --enable-sspi
|
|
|
- AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
|
|
|
- AC_SUBST(USE_WINDOWS_SSPI, [1])
|
|
|
- curl_sspi_msg="enabled"
|
|
|
- else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- fi
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
-fi
|
|
|
+CURL_WITH_SCHANNEL
|
|
|
+CURL_WITH_SECURETRANSPORT
|
|
|
+CURL_WITH_AMISSL
|
|
|
+CURL_WITH_OPENSSL
|
|
|
+CURL_WITH_GNUTLS
|
|
|
+CURL_WITH_MBEDTLS
|
|
|
+CURL_WITH_WOLFSSL
|
|
|
+CURL_WITH_MESALINK
|
|
|
+CURL_WITH_BEARSSL
|
|
|
+CURL_WITH_RUSTLS
|
|
|
+CURL_WITH_NSS
|
|
|
|
|
|
dnl link required libraries for USE_WIN32_CRYPTO or USE_SCHANNEL
|
|
|
if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then
|
|
|
LIBS="-ladvapi32 -lcrypt32 $LIBS"
|
|
|
fi
|
|
|
|
|
|
-AC_MSG_CHECKING([whether to enable Secure Transport])
|
|
|
-if test "x$OPT_SECURETRANSPORT" != xno; then
|
|
|
- if test "x$OPT_SECURETRANSPORT" != "xno" &&
|
|
|
- (test "x$cross_compiling" != "xno" || test -d "/System/Library/Frameworks/Security.framework"); then
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport])
|
|
|
- AC_SUBST(USE_SECTRANSP, [1])
|
|
|
- ssl_msg="Secure Transport"
|
|
|
- test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- SECURETRANSPORT_ENABLED=1
|
|
|
- LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
|
|
|
- else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- fi
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
-fi
|
|
|
-
|
|
|
-AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)])
|
|
|
-if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then
|
|
|
- if test "x$OPT_AMISSL" != xno; then
|
|
|
- ssl_msg=
|
|
|
- if test "x$OPT_AMISSL" != "xno"; then
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- ssl_msg="AmiSSL"
|
|
|
- test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- AMISSL_ENABLED=1
|
|
|
- LIBS="-lamisslauto $LIBS"
|
|
|
- AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use])
|
|
|
- AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])
|
|
|
- else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- fi
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
- else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- fi
|
|
|
-else
|
|
|
- AC_MSG_RESULT(no)
|
|
|
-fi
|
|
|
-
|
|
|
-dnl **********************************************************************
|
|
|
-dnl Check for OpenSSL libraries and headers
|
|
|
-dnl **********************************************************************
|
|
|
-
|
|
|
-if test "x$OPT_OPENSSL" != xno; then
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- dnl backup the pre-ssl variables
|
|
|
- CLEANLDFLAGS="$LDFLAGS"
|
|
|
- CLEANCPPFLAGS="$CPPFLAGS"
|
|
|
- CLEANLIBS="$LIBS"
|
|
|
-
|
|
|
- dnl This is for Msys/Mingw
|
|
|
- case $host in
|
|
|
- *-*-msys* | *-*-mingw*)
|
|
|
- AC_MSG_CHECKING([for gdi32])
|
|
|
- my_ac_save_LIBS=$LIBS
|
|
|
- LIBS="-lgdi32 $LIBS"
|
|
|
- AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
|
|
|
- #include <windef.h>
|
|
|
- #include <wingdi.h>
|
|
|
- ]],
|
|
|
- [[
|
|
|
- GdiFlush();
|
|
|
- ]])],
|
|
|
- [ dnl worked!
|
|
|
- AC_MSG_RESULT([yes])],
|
|
|
- [ dnl failed, restore LIBS
|
|
|
- LIBS=$my_ac_save_LIBS
|
|
|
- AC_MSG_RESULT(no)]
|
|
|
- )
|
|
|
- ;;
|
|
|
- esac
|
|
|
-
|
|
|
- case "$OPT_OPENSSL" in
|
|
|
- yes)
|
|
|
- dnl --with-openssl (without path) used
|
|
|
- PKGTEST="yes"
|
|
|
- PREFIX_OPENSSL=/usr/local/ssl
|
|
|
- LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
|
|
|
- ;;
|
|
|
- off)
|
|
|
- dnl no --with-openssl option given, just check default places
|
|
|
- PKGTEST="yes"
|
|
|
- PREFIX_OPENSSL=
|
|
|
- ;;
|
|
|
- *)
|
|
|
- dnl check the given --with-openssl spot
|
|
|
- PKGTEST="no"
|
|
|
- PREFIX_OPENSSL=$OPT_OPENSSL
|
|
|
-
|
|
|
- dnl Try pkg-config even when cross-compiling. Since we
|
|
|
- dnl specify PKG_CONFIG_LIBDIR we're only looking where
|
|
|
- dnl the user told us to look
|
|
|
- OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
|
|
|
- if test -f "$OPENSSL_PCDIR/openssl.pc"; then
|
|
|
- AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
|
|
|
- PKGTEST="yes"
|
|
|
- elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
|
|
|
- AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
|
|
|
- fi
|
|
|
-
|
|
|
- dnl in case pkg-config comes up empty, use what we got
|
|
|
- dnl via --with-openssl
|
|
|
- LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
|
|
|
- if test "$PREFIX_OPENSSL" != "/usr" ; then
|
|
|
- SSL_LDFLAGS="-L$LIB_OPENSSL"
|
|
|
- SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
|
|
|
- fi
|
|
|
- SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl"
|
|
|
- ;;
|
|
|
- esac
|
|
|
-
|
|
|
- if test "$PKGTEST" = "yes"; then
|
|
|
-
|
|
|
- CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
|
|
|
-
|
|
|
- if test "$PKGCONFIG" != "no" ; then
|
|
|
- SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
|
|
|
- $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
|
|
|
-
|
|
|
- SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
|
|
|
- $PKGCONFIG --libs-only-L openssl 2>/dev/null`
|
|
|
-
|
|
|
- SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
|
|
|
- $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
|
|
|
-
|
|
|
- AC_SUBST(SSL_LIBS)
|
|
|
- AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
|
|
|
- AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
|
|
|
- AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
|
|
|
-
|
|
|
- LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
|
|
|
-
|
|
|
- dnl use the values pkg-config reported. This is here
|
|
|
- dnl instead of below with CPPFLAGS and LDFLAGS because we only
|
|
|
- dnl learn about this via pkg-config. If we only have
|
|
|
- dnl the argument to --with-openssl we don't know what
|
|
|
- dnl additional libs may be necessary. Hope that we
|
|
|
- dnl don't need any.
|
|
|
- LIBS="$SSL_LIBS $LIBS"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- dnl finally, set flags to use SSL
|
|
|
- CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
|
|
|
- LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
|
|
|
-
|
|
|
- AC_CHECK_LIB(crypto, HMAC_Update,[
|
|
|
- HAVECRYPTO="yes"
|
|
|
- LIBS="-lcrypto $LIBS"
|
|
|
- ],[
|
|
|
- if test -n "$LIB_OPENSSL" ; then
|
|
|
- LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
|
|
|
- fi
|
|
|
- if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
|
|
|
- # only set this if pkg-config wasn't used
|
|
|
- CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
|
|
|
- fi
|
|
|
- # Linking previously failed, try extra paths from --with-openssl or
|
|
|
- # pkg-config. Use a different function name to avoid reusing the earlier
|
|
|
- # cached result.
|
|
|
- AC_CHECK_LIB(crypto, HMAC_Init_ex,[
|
|
|
- HAVECRYPTO="yes"
|
|
|
- LIBS="-lcrypto $LIBS"], [
|
|
|
-
|
|
|
- dnl still no, but what about with -ldl?
|
|
|
- AC_MSG_CHECKING([OpenSSL linking with -ldl])
|
|
|
- LIBS="$CLEANLIBS -lcrypto -ldl"
|
|
|
- AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
|
|
|
- #include <openssl/err.h>
|
|
|
- ]], [[
|
|
|
- ERR_clear_error();
|
|
|
- ]]) ],
|
|
|
- [
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- HAVECRYPTO="yes"
|
|
|
- ],
|
|
|
- [
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- dnl ok, so what about both -ldl and -lpthread?
|
|
|
- dnl This may be necessary for static libraries.
|
|
|
-
|
|
|
- AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
|
|
|
- LIBS="$CLEANLIBS -lcrypto -ldl -lpthread"
|
|
|
- AC_LINK_IFELSE([
|
|
|
- AC_LANG_PROGRAM([[
|
|
|
- #include <openssl/err.h>
|
|
|
- ]], [[
|
|
|
- ERR_clear_error();
|
|
|
- ]])],
|
|
|
- [
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- HAVECRYPTO="yes"
|
|
|
- ],
|
|
|
- [
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- LDFLAGS="$CLEANLDFLAGS"
|
|
|
- CPPFLAGS="$CLEANCPPFLAGS"
|
|
|
- LIBS="$CLEANLIBS"
|
|
|
-
|
|
|
- ])
|
|
|
-
|
|
|
- ])
|
|
|
-
|
|
|
- ])
|
|
|
- ])
|
|
|
-
|
|
|
- if test X"$HAVECRYPTO" = X"yes"; then
|
|
|
- dnl This is only reasonable to do if crypto actually is there: check for
|
|
|
- dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
|
|
|
-
|
|
|
- AC_CHECK_LIB(ssl, SSL_connect)
|
|
|
-
|
|
|
- if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
|
|
|
- dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
|
|
|
- AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
|
|
|
- OLIBS=$LIBS
|
|
|
- LIBS="-lRSAglue -lrsaref $LIBS"
|
|
|
- AC_CHECK_LIB(ssl, SSL_connect)
|
|
|
- if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
|
|
|
- dnl still no SSL_connect
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- LIBS=$OLIBS
|
|
|
- else
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- fi
|
|
|
-
|
|
|
- else
|
|
|
-
|
|
|
- dnl Have the libraries--check for OpenSSL headers
|
|
|
- AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
|
|
|
- openssl/pem.h openssl/ssl.h openssl/err.h,
|
|
|
- ssl_msg="OpenSSL"
|
|
|
- test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- OPENSSL_ENABLED=1
|
|
|
- AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
|
|
|
-
|
|
|
- if test $ac_cv_header_openssl_x509_h = no; then
|
|
|
- dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
|
|
|
- dnl since 'err.h' might in fact find a krb4 header with the same
|
|
|
- dnl name
|
|
|
- AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
|
|
|
-
|
|
|
- if test $ac_cv_header_x509_h = yes &&
|
|
|
- test $ac_cv_header_crypto_h = yes &&
|
|
|
- test $ac_cv_header_ssl_h = yes; then
|
|
|
- dnl three matches
|
|
|
- ssl_msg="OpenSSL"
|
|
|
- OPENSSL_ENABLED=1
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- if test X"$OPENSSL_ENABLED" != X"1"; then
|
|
|
- LIBS="$CLEANLIBS"
|
|
|
- fi
|
|
|
-
|
|
|
- if test X"$OPT_OPENSSL" != Xoff &&
|
|
|
- test "$OPENSSL_ENABLED" != "1"; then
|
|
|
- AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- if test X"$OPENSSL_ENABLED" = X"1"; then
|
|
|
- dnl These can only exist if OpenSSL exists
|
|
|
- dnl OpenSSL_version is introduced in 3.0.0
|
|
|
-
|
|
|
- AC_CHECK_FUNCS( RAND_egd \
|
|
|
- SSLv2_client_method \
|
|
|
- OpenSSL_version )
|
|
|
-
|
|
|
- AC_MSG_CHECKING([for BoringSSL])
|
|
|
- AC_COMPILE_IFELSE([
|
|
|
- AC_LANG_PROGRAM([[
|
|
|
- #include <openssl/base.h>
|
|
|
- ]],[[
|
|
|
- #ifndef OPENSSL_IS_BORINGSSL
|
|
|
- #error not boringssl
|
|
|
- #endif
|
|
|
- ]])
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT([yes])
|
|
|
- AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
|
|
|
- [Define to 1 if using BoringSSL.])
|
|
|
- ssl_msg="BoringSSL"
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT([no])
|
|
|
- ])
|
|
|
-
|
|
|
- AC_MSG_CHECKING([for libressl])
|
|
|
- AC_COMPILE_IFELSE([
|
|
|
- AC_LANG_PROGRAM([[
|
|
|
-#include <openssl/opensslv.h>
|
|
|
- ]],[[
|
|
|
- int dummy = LIBRESSL_VERSION_NUMBER;
|
|
|
- ]])
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT([yes])
|
|
|
- AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
|
|
|
- [Define to 1 if using libressl.])
|
|
|
- ssl_msg="libressl"
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT([no])
|
|
|
- ])
|
|
|
-
|
|
|
- AC_MSG_CHECKING([for OpenSSL >= v3])
|
|
|
- AC_COMPILE_IFELSE([
|
|
|
- AC_LANG_PROGRAM([[
|
|
|
-#include <openssl/opensslv.h>
|
|
|
- ]],[[
|
|
|
- #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
|
- return 0;
|
|
|
- #else
|
|
|
- #error older than 3
|
|
|
- #endif
|
|
|
- ]])
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT([yes])
|
|
|
- AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1,
|
|
|
- [Define to 1 if using OpenSSL 3 or later.])
|
|
|
- dnl OpenSSLv3 marks the DES functions deprecated but we have no
|
|
|
- dnl replacements (yet) so tell the compiler to not warn for them
|
|
|
- dnl
|
|
|
- dnl Ask OpenSSL to suppress the warnings.
|
|
|
- CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED"
|
|
|
- ssl_msg="OpenSSL v3+"
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT([no])
|
|
|
- ])
|
|
|
- fi
|
|
|
-
|
|
|
- if test "$OPENSSL_ENABLED" = "1"; then
|
|
|
- if test -n "$LIB_OPENSSL"; then
|
|
|
- dnl when the ssl shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
|
|
|
- dnl to prevent further configure tests to fail due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
- CURL_CHECK_OPENSSL_API
|
|
|
- check_for_ca_bundle=1
|
|
|
- fi
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-if test X"$OPT_OPENSSL" != Xno &&
|
|
|
- test "$OPENSSL_ENABLED" != "1"; then
|
|
|
- AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
|
|
|
- AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
|
|
|
- AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
|
|
|
-fi
|
|
|
-
|
|
|
-dnl **********************************************************************
|
|
|
-dnl Check for the random seed preferences
|
|
|
-dnl **********************************************************************
|
|
|
-
|
|
|
-if test X"$OPENSSL_ENABLED" = X"1"; then
|
|
|
- AC_ARG_WITH(egd-socket,
|
|
|
- AS_HELP_STRING([--with-egd-socket=FILE],
|
|
|
- [Entropy Gathering Daemon socket pathname]),
|
|
|
- [ EGD_SOCKET="$withval" ]
|
|
|
- )
|
|
|
- if test -n "$EGD_SOCKET" ; then
|
|
|
- AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET",
|
|
|
- [your Entropy Gathering Daemon socket pathname] )
|
|
|
- fi
|
|
|
-
|
|
|
- dnl Check for user-specified random device
|
|
|
- AC_ARG_WITH(random,
|
|
|
- AS_HELP_STRING([--with-random=FILE],
|
|
|
- [read randomness from FILE (default=/dev/urandom)]),
|
|
|
- [ RANDOM_FILE="$withval" ],
|
|
|
- [
|
|
|
- if test x$cross_compiling != xyes; then
|
|
|
- dnl Check for random device
|
|
|
- AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
|
|
|
- else
|
|
|
- AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
|
|
|
- fi
|
|
|
- ]
|
|
|
- )
|
|
|
- if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
|
|
|
- AC_SUBST(RANDOM_FILE)
|
|
|
- AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
|
|
|
- [a suitable file to read random data from])
|
|
|
- fi
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ---
|
|
|
-dnl We require OpenSSL with SRP support.
|
|
|
-dnl ---
|
|
|
-if test "$OPENSSL_ENABLED" = "1"; then
|
|
|
- AC_CHECK_LIB(crypto, SRP_Calc_client_key,
|
|
|
- [
|
|
|
- AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
|
|
|
- AC_SUBST(HAVE_OPENSSL_SRP, [1])
|
|
|
- ])
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ---
|
|
|
-dnl Whether the OpenSSL configuration will be loaded automatically
|
|
|
-dnl ---
|
|
|
-if test X"$OPENSSL_ENABLED" = X"1"; then
|
|
|
-AC_ARG_ENABLE(openssl-auto-load-config,
|
|
|
-AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration])
|
|
|
-AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]),
|
|
|
-[ if test X"$enableval" = X"no"; then
|
|
|
- AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled])
|
|
|
- AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically])
|
|
|
- fi
|
|
|
-])
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl check for GnuTLS
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-if test "x$OPT_GNUTLS" != xno; then
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_GNUTLS" != Xno; then
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib=""
|
|
|
- gtlslib=""
|
|
|
- version=""
|
|
|
- addcflags=""
|
|
|
-
|
|
|
- if test "x$OPT_GNUTLS" = "xyes"; then
|
|
|
- dnl this is with no partiular path given
|
|
|
- CURL_CHECK_PKGCONFIG(gnutls)
|
|
|
-
|
|
|
- if test "$PKGCONFIG" != "no" ; then
|
|
|
- addlib=`$PKGCONFIG --libs-only-l gnutls`
|
|
|
- addld=`$PKGCONFIG --libs-only-L gnutls`
|
|
|
- addcflags=`$PKGCONFIG --cflags-only-I gnutls`
|
|
|
- version=`$PKGCONFIG --modversion gnutls`
|
|
|
- gtlslib=`echo $addld | $SED -e 's/^-L//'`
|
|
|
- else
|
|
|
- dnl without pkg-config, we try libgnutls-config as that was how it
|
|
|
- dnl used to be done
|
|
|
- check=`libgnutls-config --version 2>/dev/null`
|
|
|
- if test -n "$check"; then
|
|
|
- addlib=`libgnutls-config --libs`
|
|
|
- addcflags=`libgnutls-config --cflags`
|
|
|
- version=`libgnutls-config --version`
|
|
|
- gtlslib=`libgnutls-config --prefix`/lib$libsuff
|
|
|
- fi
|
|
|
- fi
|
|
|
- else
|
|
|
- dnl this is with a given path, first check if there's a libgnutls-config
|
|
|
- dnl there and if not, make an educated guess
|
|
|
- cfg=$OPT_GNUTLS/bin/libgnutls-config
|
|
|
- check=`$cfg --version 2>/dev/null`
|
|
|
- if test -n "$check"; then
|
|
|
- addlib=`$cfg --libs`
|
|
|
- addcflags=`$cfg --cflags`
|
|
|
- version=`$cfg --version`
|
|
|
- gtlslib=`$cfg --prefix`/lib$libsuff
|
|
|
- else
|
|
|
- dnl without pkg-config and libgnutls-config, we guess a lot!
|
|
|
- addlib=-lgnutls
|
|
|
- addld=-L$OPT_GNUTLS/lib$libsuff
|
|
|
- addcflags=-I$OPT_GNUTLS/include
|
|
|
- version="" # we just don't know
|
|
|
- gtlslib=$OPT_GNUTLS/lib$libsuff
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- if test -z "$version"; then
|
|
|
- dnl lots of efforts, still no go
|
|
|
- version="unknown"
|
|
|
- fi
|
|
|
-
|
|
|
- if test -n "$addlib"; then
|
|
|
-
|
|
|
- CLEANLIBS="$LIBS"
|
|
|
- CLEANCPPFLAGS="$CPPFLAGS"
|
|
|
- CLEANLDFLAGS="$LDFLAGS"
|
|
|
-
|
|
|
- LIBS="$addlib $LIBS"
|
|
|
- LDFLAGS="$LDFLAGS $addld"
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- fi
|
|
|
-
|
|
|
- dnl this function is selected since it was introduced in 3.1.10
|
|
|
- AC_CHECK_LIB(gnutls, gnutls_x509_crt_get_dn2,
|
|
|
- [
|
|
|
- AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled])
|
|
|
- AC_SUBST(USE_GNUTLS, [1])
|
|
|
- GNUTLS_ENABLED=1
|
|
|
- USE_GNUTLS="yes"
|
|
|
- ssl_msg="GnuTLS"
|
|
|
- test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- [
|
|
|
- LIBS="$CLEANLIBS"
|
|
|
- CPPFLAGS="$CLEANCPPFLAGS"
|
|
|
- ])
|
|
|
-
|
|
|
- if test "x$USE_GNUTLS" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected GnuTLS version $version])
|
|
|
- check_for_ca_bundle=1
|
|
|
- if test -n "$gtlslib"; then
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl GNUTLS not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ---
|
|
|
-dnl Check which crypto backend GnuTLS uses
|
|
|
-dnl ---
|
|
|
-
|
|
|
-if test "$GNUTLS_ENABLED" = "1"; then
|
|
|
- USE_GNUTLS_NETTLE=
|
|
|
- # First check if we can detect either crypto library via transitive linking
|
|
|
- AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
|
|
|
-
|
|
|
- # If not, try linking directly to both of them to see if they are available
|
|
|
- if test "$USE_GNUTLS_NETTLE" = ""; then
|
|
|
- AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
|
|
|
- fi
|
|
|
- if test "$USE_GNUTLS_NETTLE" = ""; then
|
|
|
- AC_MSG_ERROR([GnuTLS found, but nettle was not found])
|
|
|
- fi
|
|
|
- LIBS="-lnettle $LIBS"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ---
|
|
|
-dnl We require GnuTLS with SRP support.
|
|
|
-dnl ---
|
|
|
-if test "$GNUTLS_ENABLED" = "1"; then
|
|
|
- AC_CHECK_LIB(gnutls, gnutls_srp_verifier,
|
|
|
- [
|
|
|
- AC_DEFINE(HAVE_GNUTLS_SRP, 1, [if you have the function gnutls_srp_verifier])
|
|
|
- AC_SUBST(HAVE_GNUTLS_SRP, [1])
|
|
|
- ])
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl check for mbedTLS
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-if test "x$OPT_MBEDTLS" != xno; then
|
|
|
- _cppflags=$CPPFLAGS
|
|
|
- _ldflags=$LDFLAGS
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_MBEDTLS" != Xno; then
|
|
|
-
|
|
|
- if test "$OPT_MBEDTLS" = "yes"; then
|
|
|
- OPT_MBEDTLS=""
|
|
|
- fi
|
|
|
-
|
|
|
- if test -z "$OPT_MBEDTLS" ; then
|
|
|
- dnl check for lib first without setting any new path
|
|
|
-
|
|
|
- AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
|
|
|
- dnl libmbedtls found, set the variable
|
|
|
- [
|
|
|
- AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
|
|
|
- AC_SUBST(USE_MBEDTLS, [1])
|
|
|
- MBEDTLS_ENABLED=1
|
|
|
- USE_MBEDTLS="yes"
|
|
|
- ssl_msg="mbedTLS"
|
|
|
- test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ], [], -lmbedx509 -lmbedcrypto)
|
|
|
- fi
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib=""
|
|
|
- addcflags=""
|
|
|
- mbedtlslib=""
|
|
|
-
|
|
|
- if test "x$USE_MBEDTLS" != "xyes"; then
|
|
|
- dnl add the path and test again
|
|
|
- addld=-L$OPT_MBEDTLS/lib$libsuff
|
|
|
- addcflags=-I$OPT_MBEDTLS/include
|
|
|
- mbedtlslib=$OPT_MBEDTLS/lib$libsuff
|
|
|
-
|
|
|
- LDFLAGS="$LDFLAGS $addld"
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- fi
|
|
|
-
|
|
|
- AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
|
|
|
- [
|
|
|
- AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
|
|
|
- AC_SUBST(USE_MBEDTLS, [1])
|
|
|
- MBEDTLS_ENABLED=1
|
|
|
- USE_MBEDTLS="yes"
|
|
|
- ssl_msg="mbedTLS"
|
|
|
- test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- [
|
|
|
- CPPFLAGS=$_cppflags
|
|
|
- LDFLAGS=$_ldflags
|
|
|
- ], -lmbedx509 -lmbedcrypto)
|
|
|
- fi
|
|
|
-
|
|
|
- if test "x$USE_MBEDTLS" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected mbedTLS])
|
|
|
- check_for_ca_bundle=1
|
|
|
-
|
|
|
- LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
|
|
|
-
|
|
|
- if test -n "$mbedtlslib"; then
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl mbedTLS not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl check for wolfSSL
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-case "$OPT_WOLFSSL" in
|
|
|
- yes|no)
|
|
|
- wolfpkg=""
|
|
|
- ;;
|
|
|
- *)
|
|
|
- wolfpkg="$withval/lib/pkgconfig"
|
|
|
- ;;
|
|
|
-esac
|
|
|
-
|
|
|
-if test "x$OPT_WOLFSSL" != xno; then
|
|
|
- _cppflags=$CPPFLAGS
|
|
|
- _ldflags=$LDFLAGS
|
|
|
-
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_WOLFSSL" != Xno; then
|
|
|
-
|
|
|
- if test "$OPT_WOLFSSL" = "yes"; then
|
|
|
- OPT_WOLFSSL=""
|
|
|
- fi
|
|
|
-
|
|
|
- dnl try pkg-config magic
|
|
|
- CURL_CHECK_PKGCONFIG(wolfssl, [$wolfpkg])
|
|
|
- AC_MSG_NOTICE([Check dir $wolfpkg])
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib=""
|
|
|
- addcflags=""
|
|
|
- if test "$PKGCONFIG" != "no" ; then
|
|
|
- addlib=`CURL_EXPORT_PCDIR([$wolfpkg])
|
|
|
- $PKGCONFIG --libs-only-l wolfssl`
|
|
|
- addld=`CURL_EXPORT_PCDIR([$wolfpkg])
|
|
|
- $PKGCONFIG --libs-only-L wolfssl`
|
|
|
- addcflags=`CURL_EXPORT_PCDIR([$wolfpkg])
|
|
|
- $PKGCONFIG --cflags-only-I wolfssl`
|
|
|
- version=`CURL_EXPORT_PCDIR([$wolfpkg])
|
|
|
- $PKGCONFIG --modversion wolfssl`
|
|
|
- wolfssllibpath=`echo $addld | $SED -e 's/^-L//'`
|
|
|
- else
|
|
|
- addlib=-lwolfssl
|
|
|
- dnl use system defaults if user does not supply a path
|
|
|
- if test -n "$OPT_WOLFSSL"; then
|
|
|
- addld=-L$OPT_WOLFSSL/lib$libsuff
|
|
|
- addcflags=-I$OPT_WOLFSSL/include
|
|
|
- wolfssllibpath=$OPT_WOLFSSL/lib$libsuff
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- if test "x$USE_WOLFSSL" != "xyes"; then
|
|
|
-
|
|
|
- LDFLAGS="$LDFLAGS $addld"
|
|
|
- AC_MSG_NOTICE([Add $addld to LDFLAGS])
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- AC_MSG_NOTICE([Add $addcflags to CPPFLAGS])
|
|
|
- fi
|
|
|
-
|
|
|
- my_ac_save_LIBS="$LIBS"
|
|
|
- LIBS="$addlib $LIBS"
|
|
|
- AC_MSG_NOTICE([Add $addlib to LIBS])
|
|
|
-
|
|
|
- AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl])
|
|
|
- AC_LINK_IFELSE([
|
|
|
- AC_LANG_PROGRAM([[
|
|
|
-/* These aren't needed for detection and confuse WolfSSL.
|
|
|
- They are set up properly later if it is detected. */
|
|
|
-#undef SIZEOF_LONG
|
|
|
-#undef SIZEOF_LONG_LONG
|
|
|
-#include <wolfssl/ssl.h>
|
|
|
- ]],[[
|
|
|
- return wolfSSL_Init();
|
|
|
- ]])
|
|
|
- ],[
|
|
|
- AC_MSG_RESULT(yes)
|
|
|
- AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled])
|
|
|
- AC_SUBST(USE_WOLFSSL, [1])
|
|
|
- WOLFSSL_ENABLED=1
|
|
|
- USE_WOLFSSL="yes"
|
|
|
- ssl_msg="WolfSSL"
|
|
|
- test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- [
|
|
|
- AC_MSG_RESULT(no)
|
|
|
- CPPFLAGS=$_cppflags
|
|
|
- LDFLAGS=$_ldflags
|
|
|
- wolfssllibpath=""
|
|
|
- ])
|
|
|
- LIBS="$my_ac_save_LIBS"
|
|
|
- fi
|
|
|
-
|
|
|
- if test "x$USE_WOLFSSL" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected wolfSSL])
|
|
|
- check_for_ca_bundle=1
|
|
|
-
|
|
|
- dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
|
|
|
- AX_COMPILE_CHECK_SIZEOF(long long)
|
|
|
-
|
|
|
- LIBS="$addlib -lm $LIBS"
|
|
|
-
|
|
|
- dnl Recent WolfSSL versions build without SSLv3 by default
|
|
|
- dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
|
|
|
- dnl DES* is needed for NTLM support and lives in the OpenSSL compatibility
|
|
|
- dnl layer
|
|
|
- AC_CHECK_FUNCS(wolfSSLv3_client_method \
|
|
|
- wolfSSL_get_peer_certificate \
|
|
|
- wolfSSL_UseALPN )
|
|
|
-
|
|
|
- dnl if this symbol is present, we want the include path to include the
|
|
|
- dnl OpenSSL API root as well
|
|
|
- AC_CHECK_FUNC(wolfSSL_DES_ecb_encrypt,
|
|
|
- [
|
|
|
- AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1,
|
|
|
- [if you have wolfSSL_DES_ecb_encrypt])
|
|
|
- if test -n "$addcflags"; then
|
|
|
- dnl use a for loop to strip off whitespace
|
|
|
- for f in $addcflags; do
|
|
|
- CPPFLAGS="$f/wolfssl $CPPFLAGS"
|
|
|
- AC_MSG_NOTICE([Add $f/wolfssl to CPPFLAGS])
|
|
|
- break
|
|
|
- done
|
|
|
- else
|
|
|
- dnl user didn't give a path, so guess/hope they installed wolfssl
|
|
|
- dnl headers to system default location
|
|
|
- CPPFLAGS="-I$includedir/wolfssl $CPPFLAGS"
|
|
|
- AC_MSG_NOTICE([Add $includedir/wolfssl to CPPFLAGS])
|
|
|
- fi
|
|
|
- WOLFSSL_NTLM=1
|
|
|
- ]
|
|
|
- )
|
|
|
-
|
|
|
- if test -n "$wolfssllibpath"; then
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl wolfSSL not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl check for MesaLink
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-if test "x$OPT_MESALINK" != xno; then
|
|
|
- _cppflags=$CPPFLAGS
|
|
|
- _ldflags=$LDFLAGS
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_MESALINK" != Xno; then
|
|
|
-
|
|
|
- if test "$OPT_MESALINK" = "yes"; then
|
|
|
- OPT_MESALINK=""
|
|
|
- fi
|
|
|
-
|
|
|
- if test -z "$OPT_MESALINK" ; then
|
|
|
- dnl check for lib first without setting any new path
|
|
|
-
|
|
|
- AC_CHECK_LIB(mesalink, mesalink_library_init,
|
|
|
- dnl libmesalink found, set the variable
|
|
|
- [
|
|
|
- AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled])
|
|
|
- AC_SUBST(USE_MESALINK, [1])
|
|
|
- MESALINK_ENABLED=1
|
|
|
- USE_MESALINK="yes"
|
|
|
- ssl_msg="MesaLink"
|
|
|
- test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ])
|
|
|
- fi
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib=""
|
|
|
- addcflags=""
|
|
|
- mesalinklib=""
|
|
|
-
|
|
|
- if test "x$USE_MESALINK" != "xyes"; then
|
|
|
- dnl add the path and test again
|
|
|
- addld=-L$OPT_MESALINK/lib$libsuff
|
|
|
- addcflags=-I$OPT_MESALINK/include
|
|
|
- mesalinklib=$OPT_MESALINK/lib$libsuff
|
|
|
-
|
|
|
- LDFLAGS="$LDFLAGS $addld"
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- fi
|
|
|
-
|
|
|
- AC_CHECK_LIB(mesalink, mesalink_library_init,
|
|
|
- [
|
|
|
- AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled])
|
|
|
- AC_SUBST(USE_MESALINK, [1])
|
|
|
- MESALINK_ENABLED=1
|
|
|
- USE_MESALINK="yes"
|
|
|
- ssl_msg="MesaLink"
|
|
|
- test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- [
|
|
|
- CPPFLAGS=$_cppflags
|
|
|
- LDFLAGS=$_ldflags
|
|
|
- ])
|
|
|
- fi
|
|
|
-
|
|
|
- if test "x$USE_MESALINK" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected MesaLink])
|
|
|
-
|
|
|
- LIBS="-lmesalink $LIBS"
|
|
|
-
|
|
|
- if test -n "$mesalinklib"; then
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mesalinklib"
|
|
|
- export LD_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $mesalinklib to LD_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl MesaLink not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl check for BearSSL
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-if test "x$OPT_BEARSSL" != xno; then
|
|
|
- _cppflags=$CPPFLAGS
|
|
|
- _ldflags=$LDFLAGS
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_BEARSSL" != Xno; then
|
|
|
-
|
|
|
- if test "$OPT_BEARSSL" = "yes"; then
|
|
|
- OPT_BEARSSL=""
|
|
|
- fi
|
|
|
-
|
|
|
- if test -z "$OPT_BEARSSL" ; then
|
|
|
- dnl check for lib first without setting any new path
|
|
|
-
|
|
|
- AC_CHECK_LIB(bearssl, br_ssl_client_init_full,
|
|
|
- dnl libbearssl found, set the variable
|
|
|
- [
|
|
|
- AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled])
|
|
|
- AC_SUBST(USE_BEARSSL, [1])
|
|
|
- BEARSSL_ENABLED=1
|
|
|
- USE_BEARSSL="yes"
|
|
|
- ssl_msg="BearSSL"
|
|
|
- test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ], [], -lbearssl)
|
|
|
- fi
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib=""
|
|
|
- addcflags=""
|
|
|
- bearssllib=""
|
|
|
-
|
|
|
- if test "x$USE_BEARSSL" != "xyes"; then
|
|
|
- dnl add the path and test again
|
|
|
- addld=-L$OPT_BEARSSL/lib$libsuff
|
|
|
- addcflags=-I$OPT_BEARSSL/include
|
|
|
- bearssllib=$OPT_BEARSSL/lib$libsuff
|
|
|
-
|
|
|
- LDFLAGS="$LDFLAGS $addld"
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- fi
|
|
|
-
|
|
|
- AC_CHECK_LIB(bearssl, br_ssl_client_init_full,
|
|
|
- [
|
|
|
- AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled])
|
|
|
- AC_SUBST(USE_BEARSSL, [1])
|
|
|
- BEARSSL_ENABLED=1
|
|
|
- USE_BEARSSL="yes"
|
|
|
- ssl_msg="BearSSL"
|
|
|
- test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- [
|
|
|
- CPPFLAGS=$_cppflags
|
|
|
- LDFLAGS=$_ldflags
|
|
|
- ], -lbearssl)
|
|
|
- fi
|
|
|
-
|
|
|
- if test "x$USE_BEARSSL" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected BearSSL])
|
|
|
- check_for_ca_bundle=1
|
|
|
-
|
|
|
- LIBS="-lbearssl $LIBS"
|
|
|
-
|
|
|
- if test -n "$bearssllib"; then
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$bearssllib"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $bearssllib to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl BearSSL not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl check for rustls
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-if test "x$OPT_RUSTLS" != xno; then
|
|
|
- _cppflags=$CPPFLAGS
|
|
|
- _ldflags=$LDFLAGS
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_RUSTLS" != Xno; then
|
|
|
-
|
|
|
- if test "$OPT_RUSTLS" = "yes"; then
|
|
|
- OPT_RUSTLS=""
|
|
|
- fi
|
|
|
-
|
|
|
- if test -z "$OPT_RUSTLS" ; then
|
|
|
- dnl check for lib first without setting any new path
|
|
|
-
|
|
|
- AC_CHECK_LIB(crustls, rustls_client_session_read,
|
|
|
- dnl libcrustls found, set the variable
|
|
|
- [
|
|
|
- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
|
|
|
- AC_SUBST(USE_RUSTLS, [1])
|
|
|
- RUSTLS_ENABLED=1
|
|
|
- USE_RUSTLS="yes"
|
|
|
- ssl_msg="rustls"
|
|
|
- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ], [], -lpthread -ldl)
|
|
|
- fi
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib="-lpthread"
|
|
|
- addcflags=""
|
|
|
- bearssllib=""
|
|
|
-
|
|
|
- if test "x$USE_RUSTLS" != "xyes"; then
|
|
|
- dnl add the path and test again
|
|
|
- addld=-L$OPT_RUSTLS/lib$libsuff
|
|
|
- addcflags=-I$OPT_RUSTLS/include
|
|
|
- rustlslib=$OPT_RUSTLS/lib$libsuff
|
|
|
-
|
|
|
- LDFLAGS="$LDFLAGS $addld"
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- fi
|
|
|
-
|
|
|
- AC_CHECK_LIB(crustls, rustls_client_session_read,
|
|
|
- [
|
|
|
- AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
|
|
|
- AC_SUBST(USE_RUSTLS, [1])
|
|
|
- RUSTLS_ENABLED=1
|
|
|
- USE_RUSTLS="yes"
|
|
|
- ssl_msg="rustls"
|
|
|
- test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
|
|
|
- -lpthread -ldl)
|
|
|
- fi
|
|
|
-
|
|
|
- if test "x$USE_RUSTLS" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected rustls])
|
|
|
- check_for_ca_bundle=1
|
|
|
-
|
|
|
- LIBS="-lcrustls -lpthread -ldl $LIBS"
|
|
|
-
|
|
|
- if test -n "$rustlslib"; then
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl rustls not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
-dnl ----------------------------------------------------
|
|
|
-dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
|
|
|
-dnl ----------------------------------------------------
|
|
|
-
|
|
|
-if test "x$OPT_NSS" != xno; then
|
|
|
- ssl_msg=
|
|
|
-
|
|
|
- if test X"$OPT_NSS" != Xno; then
|
|
|
-
|
|
|
- addld=""
|
|
|
- addlib=""
|
|
|
- addcflags=""
|
|
|
- nssprefix=""
|
|
|
- version=""
|
|
|
-
|
|
|
- if test "x$OPT_NSS" = "xyes"; then
|
|
|
-
|
|
|
- CURL_CHECK_PKGCONFIG(nss)
|
|
|
-
|
|
|
- if test "$PKGCONFIG" != "no" ; then
|
|
|
- addlib=`$PKGCONFIG --libs nss`
|
|
|
- addcflags=`$PKGCONFIG --cflags nss`
|
|
|
- version=`$PKGCONFIG --modversion nss`
|
|
|
- nssprefix=`$PKGCONFIG --variable=prefix nss`
|
|
|
- else
|
|
|
- dnl Without pkg-config, we check for nss-config
|
|
|
-
|
|
|
- check=`nss-config --version 2>/dev/null`
|
|
|
- if test -n "$check"; then
|
|
|
- addlib=`nss-config --libs`
|
|
|
- addcflags=`nss-config --cflags`
|
|
|
- version=`nss-config --version`
|
|
|
- nssprefix=`nss-config --prefix`
|
|
|
- else
|
|
|
- addlib="-lnss3"
|
|
|
- addcflags=""
|
|
|
- version="unknown"
|
|
|
- fi
|
|
|
- fi
|
|
|
- else
|
|
|
- NSS_PCDIR="$OPT_NSS/lib/pkgconfig"
|
|
|
- if test -f "$NSS_PCDIR/nss.pc"; then
|
|
|
- CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR])
|
|
|
- if test "$PKGCONFIG" != "no" ; then
|
|
|
- addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss`
|
|
|
- addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss`
|
|
|
- addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss`
|
|
|
- version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss`
|
|
|
- nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss`
|
|
|
- fi
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- if test -z "$addlib"; then
|
|
|
- # Without pkg-config, we'll kludge in some defaults
|
|
|
- AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
|
|
|
- addld="-L$OPT_NSS/lib"
|
|
|
- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
|
|
|
- addcflags="-I$OPT_NSS/include"
|
|
|
- version="unknown"
|
|
|
- nssprefix=$OPT_NSS
|
|
|
- fi
|
|
|
-
|
|
|
- CLEANLDFLAGS="$LDFLAGS"
|
|
|
- CLEANLIBS="$LIBS"
|
|
|
- CLEANCPPFLAGS="$CPPFLAGS"
|
|
|
-
|
|
|
- LDFLAGS="$addld $LDFLAGS"
|
|
|
- LIBS="$addlib $LIBS"
|
|
|
- if test "$addcflags" != "-I/usr/include"; then
|
|
|
- CPPFLAGS="$CPPFLAGS $addcflags"
|
|
|
- fi
|
|
|
-
|
|
|
- dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
|
|
|
- AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
|
|
|
- [
|
|
|
- AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
|
|
|
- AC_SUBST(USE_NSS, [1])
|
|
|
- USE_NSS="yes"
|
|
|
- NSS_ENABLED=1
|
|
|
- ssl_msg="NSS"
|
|
|
- test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
|
|
|
- ],
|
|
|
- [
|
|
|
- LDFLAGS="$CLEANLDFLAGS"
|
|
|
- LIBS="$CLEANLIBS"
|
|
|
- CPPFLAGS="$CLEANCPPFLAGS"
|
|
|
- ])
|
|
|
-
|
|
|
- if test "x$USE_NSS" = "xyes"; then
|
|
|
- AC_MSG_NOTICE([detected NSS version $version])
|
|
|
-
|
|
|
- dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
|
|
|
- dnl PK11_DestroyGenericObject() does not release resources allocated by
|
|
|
- dnl PK11_CreateGenericObject() early enough.
|
|
|
- AC_CHECK_FUNC(PK11_CreateManagedGenericObject,
|
|
|
- [
|
|
|
- AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1,
|
|
|
- [if you have the PK11_CreateManagedGenericObject function])
|
|
|
- ])
|
|
|
-
|
|
|
- dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
|
|
|
- NSS_LIBS=$addlib
|
|
|
- AC_SUBST([NSS_LIBS])
|
|
|
-
|
|
|
- dnl when shared libs were found in a path that the run-time
|
|
|
- dnl linker doesn't search through, we need to add it to
|
|
|
- dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
|
|
|
- dnl due to this
|
|
|
- if test "x$cross_compiling" != "xyes"; then
|
|
|
- CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$nssprefix/lib$libsuff"
|
|
|
- export CURL_LIBRARY_PATH
|
|
|
- AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to CURL_LIBRARY_PATH])
|
|
|
- fi
|
|
|
-
|
|
|
- fi dnl NSS found
|
|
|
-
|
|
|
- fi dnl NSS not disabled
|
|
|
-
|
|
|
- test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
|
|
|
-fi
|
|
|
-
|
|
|
case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED"
|
|
|
in
|
|
|
x)
|
Daniel Stenberg