2
0

curl-openssl.m4 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418
  1. #***************************************************************************
  2. # _ _ ____ _
  3. # Project ___| | | | _ \| |
  4. # / __| | | | |_) | |
  5. # | (__| |_| | _ <| |___
  6. # \___|\___/|_| \_\_____|
  7. #
  8. # Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. #
  10. # This software is licensed as described in the file COPYING, which
  11. # you should have received as part of this distribution. The terms
  12. # are also available at https://curl.se/docs/copyright.html.
  13. #
  14. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. # copies of the Software, and permit persons to whom the Software is
  16. # furnished to do so, under the terms of the COPYING file.
  17. #
  18. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. # KIND, either express or implied.
  20. #
  21. # SPDX-License-Identifier: curl
  22. #
  23. #***************************************************************************
  24. # File version for 'aclocal' use. Keep it a single number.
  25. # serial 5
  26. dnl **********************************************************************
  27. dnl Check for OpenSSL libraries and headers
  28. dnl **********************************************************************
  29. AC_DEFUN([CURL_WITH_OPENSSL], [
  30. if test "x$OPT_OPENSSL" != xno; then
  31. ssl_msg=
  32. dnl backup the pre-ssl variables
  33. CLEANLDFLAGS="$LDFLAGS"
  34. CLEANCPPFLAGS="$CPPFLAGS"
  35. CLEANLIBS="$LIBS"
  36. dnl This is for MSYS/MinGW
  37. case $host in
  38. *-*-msys* | *-*-mingw*)
  39. AC_MSG_CHECKING([for gdi32])
  40. my_ac_save_LIBS=$LIBS
  41. LIBS="-lgdi32 $LIBS"
  42. AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
  43. #include <windef.h>
  44. #include <wingdi.h>
  45. ]],
  46. [[
  47. GdiFlush();
  48. ]])],
  49. [ dnl worked!
  50. AC_MSG_RESULT([yes])],
  51. [ dnl failed, restore LIBS
  52. LIBS=$my_ac_save_LIBS
  53. AC_MSG_RESULT(no)]
  54. )
  55. ;;
  56. esac
  57. case "$OPT_OPENSSL" in
  58. yes)
  59. dnl --with-openssl (without path) used
  60. PKGTEST="yes"
  61. PREFIX_OPENSSL=
  62. ;;
  63. *)
  64. dnl check the given --with-openssl spot
  65. PKGTEST="no"
  66. PREFIX_OPENSSL=$OPT_OPENSSL
  67. dnl Try pkg-config even when cross-compiling. Since we
  68. dnl specify PKG_CONFIG_LIBDIR we're only looking where
  69. dnl the user told us to look
  70. OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
  71. if test -f "$OPENSSL_PCDIR/openssl.pc"; then
  72. AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
  73. PKGTEST="yes"
  74. fi
  75. if test "$PKGTEST" != "yes"; then
  76. # try lib64 instead
  77. OPENSSL_PCDIR="$OPT_OPENSSL/lib64/pkgconfig"
  78. if test -f "$OPENSSL_PCDIR/openssl.pc"; then
  79. AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
  80. PKGTEST="yes"
  81. fi
  82. fi
  83. if test "$PKGTEST" != "yes"; then
  84. if test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
  85. AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
  86. fi
  87. fi
  88. dnl in case pkg-config comes up empty, use what we got
  89. dnl via --with-openssl
  90. LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
  91. if test "$PREFIX_OPENSSL" != "/usr" ; then
  92. SSL_LDFLAGS="-L$LIB_OPENSSL"
  93. SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
  94. fi
  95. ;;
  96. esac
  97. if test "$PKGTEST" = "yes"; then
  98. CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
  99. if test "$PKGCONFIG" != "no" ; then
  100. SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  101. $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
  102. SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  103. $PKGCONFIG --libs-only-L openssl 2>/dev/null`
  104. SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  105. $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
  106. AC_SUBST(SSL_LIBS)
  107. AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
  108. AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
  109. AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
  110. LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
  111. dnl use the values pkg-config reported. This is here
  112. dnl instead of below with CPPFLAGS and LDFLAGS because we only
  113. dnl learn about this via pkg-config. If we only have
  114. dnl the argument to --with-openssl we don't know what
  115. dnl additional libs may be necessary. Hope that we
  116. dnl don't need any.
  117. LIBS="$SSL_LIBS $LIBS"
  118. fi
  119. fi
  120. dnl finally, set flags to use SSL
  121. CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
  122. LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
  123. AC_CHECK_LIB(crypto, HMAC_Update,[
  124. HAVECRYPTO="yes"
  125. LIBS="-lcrypto $LIBS"
  126. ],[
  127. if test -n "$LIB_OPENSSL" ; then
  128. LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
  129. fi
  130. if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
  131. # only set this if pkg-config wasn't used
  132. CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include"
  133. fi
  134. # Linking previously failed, try extra paths from --with-openssl or
  135. # pkg-config. Use a different function name to avoid reusing the earlier
  136. # cached result.
  137. AC_CHECK_LIB(crypto, HMAC_Init_ex,[
  138. HAVECRYPTO="yes"
  139. LIBS="-lcrypto $LIBS"], [
  140. dnl still no, but what about with -ldl?
  141. AC_MSG_CHECKING([OpenSSL linking with -ldl])
  142. LIBS="-lcrypto $CLEANLIBS -ldl"
  143. AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
  144. #include <openssl/err.h>
  145. ]], [[
  146. ERR_clear_error();
  147. ]]) ],
  148. [
  149. AC_MSG_RESULT(yes)
  150. HAVECRYPTO="yes"
  151. ],
  152. [
  153. AC_MSG_RESULT(no)
  154. dnl ok, so what about both -ldl and -lpthread?
  155. dnl This may be necessary for static libraries.
  156. AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
  157. LIBS="-lcrypto $CLEANLIBS -ldl -lpthread"
  158. AC_LINK_IFELSE([
  159. AC_LANG_PROGRAM([[
  160. #include <openssl/err.h>
  161. ]], [[
  162. ERR_clear_error();
  163. ]])],
  164. [
  165. AC_MSG_RESULT(yes)
  166. HAVECRYPTO="yes"
  167. ],
  168. [
  169. AC_MSG_RESULT(no)
  170. LDFLAGS="$CLEANLDFLAGS"
  171. CPPFLAGS="$CLEANCPPFLAGS"
  172. LIBS="$CLEANLIBS"
  173. ])
  174. ])
  175. ])
  176. ])
  177. if test X"$HAVECRYPTO" = X"yes"; then
  178. dnl This is only reasonable to do if crypto actually is there: check for
  179. dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
  180. AC_CHECK_LIB(ssl, SSL_connect)
  181. if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
  182. dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
  183. AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
  184. OLIBS=$LIBS
  185. LIBS="-lRSAglue -lrsaref $LIBS"
  186. AC_CHECK_LIB(ssl, SSL_connect)
  187. if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
  188. dnl still no SSL_connect
  189. AC_MSG_RESULT(no)
  190. LIBS=$OLIBS
  191. else
  192. AC_MSG_RESULT(yes)
  193. fi
  194. else
  195. dnl Have the libraries--check for OpenSSL headers
  196. AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
  197. openssl/pem.h openssl/ssl.h openssl/err.h,
  198. ssl_msg="OpenSSL"
  199. test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
  200. OPENSSL_ENABLED=1
  201. AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
  202. if test $ac_cv_header_openssl_x509_h = no; then
  203. dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
  204. dnl since 'err.h' might in fact find a krb4 header with the same
  205. dnl name
  206. AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
  207. if test $ac_cv_header_x509_h = yes &&
  208. test $ac_cv_header_crypto_h = yes &&
  209. test $ac_cv_header_ssl_h = yes; then
  210. dnl three matches
  211. ssl_msg="OpenSSL"
  212. OPENSSL_ENABLED=1
  213. fi
  214. fi
  215. fi
  216. if test X"$OPENSSL_ENABLED" != X"1"; then
  217. LIBS="$CLEANLIBS"
  218. fi
  219. if test X"$OPT_OPENSSL" != Xoff &&
  220. test "$OPENSSL_ENABLED" != "1"; then
  221. AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
  222. fi
  223. fi
  224. if test X"$OPENSSL_ENABLED" = X"1"; then
  225. dnl These can only exist if OpenSSL exists
  226. AC_MSG_CHECKING([for BoringSSL])
  227. AC_COMPILE_IFELSE([
  228. AC_LANG_PROGRAM([[
  229. #include <openssl/base.h>
  230. ]],[[
  231. #ifndef OPENSSL_IS_BORINGSSL
  232. #error not boringssl
  233. #endif
  234. ]])
  235. ],[
  236. AC_MSG_RESULT([yes])
  237. ssl_msg="BoringSSL"
  238. OPENSSL_IS_BORINGSSL=1
  239. ],[
  240. AC_MSG_RESULT([no])
  241. ])
  242. AC_MSG_CHECKING([for AWS-LC])
  243. AC_COMPILE_IFELSE([
  244. AC_LANG_PROGRAM([[
  245. #include <openssl/base.h>
  246. ]],[[
  247. #ifndef OPENSSL_IS_AWSLC
  248. #error not AWS-LC
  249. #endif
  250. ]])
  251. ],[
  252. AC_MSG_RESULT([yes])
  253. ssl_msg="AWS-LC"
  254. OPENSSL_IS_BORINGSSL=1
  255. ],[
  256. AC_MSG_RESULT([no])
  257. ])
  258. AC_MSG_CHECKING([for LibreSSL])
  259. AC_COMPILE_IFELSE([
  260. AC_LANG_PROGRAM([[
  261. #include <openssl/opensslv.h>
  262. ]],[[
  263. int dummy = LIBRESSL_VERSION_NUMBER;
  264. ]])
  265. ],[
  266. AC_MSG_RESULT([yes])
  267. AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
  268. [Define to 1 if using LibreSSL.])
  269. ssl_msg="LibreSSL"
  270. ],[
  271. AC_MSG_RESULT([no])
  272. ])
  273. AC_MSG_CHECKING([for OpenSSL >= v3])
  274. AC_COMPILE_IFELSE([
  275. AC_LANG_PROGRAM([[
  276. #include <openssl/opensslv.h>
  277. ]],[[
  278. #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
  279. return 0;
  280. #else
  281. #error older than 3
  282. #endif
  283. ]])
  284. ],[
  285. AC_MSG_RESULT([yes])
  286. ssl_msg="OpenSSL v3+"
  287. ],[
  288. AC_MSG_RESULT([no])
  289. ])
  290. fi
  291. dnl is this OpenSSL (fork) providing the original QUIC API?
  292. AC_CHECK_FUNCS([SSL_set_quic_use_legacy_codepoint],
  293. [QUIC_ENABLED=yes])
  294. if test "$QUIC_ENABLED" = "yes"; then
  295. AC_MSG_NOTICE([OpenSSL fork speaks QUIC API])
  296. else
  297. AC_MSG_NOTICE([OpenSSL version does not speak QUIC API])
  298. fi
  299. if test "$OPENSSL_ENABLED" = "1"; then
  300. if test -n "$LIB_OPENSSL"; then
  301. dnl when the ssl shared libs were found in a path that the run-time
  302. dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
  303. dnl to prevent further configure tests to fail due to this
  304. if test "x$cross_compiling" != "xyes"; then
  305. CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
  306. export CURL_LIBRARY_PATH
  307. AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
  308. fi
  309. fi
  310. check_for_ca_bundle=1
  311. LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE openssl"
  312. fi
  313. test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
  314. fi
  315. if test X"$OPT_OPENSSL" != Xno &&
  316. test "$OPENSSL_ENABLED" != "1"; then
  317. AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
  318. AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
  319. AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
  320. fi
  321. dnl ---
  322. dnl We require OpenSSL with SRP support.
  323. dnl ---
  324. if test "$OPENSSL_ENABLED" = "1"; then
  325. AC_MSG_CHECKING([for SRP support in OpenSSL])
  326. AC_LINK_IFELSE([
  327. AC_LANG_PROGRAM([[
  328. #include <openssl/ssl.h>
  329. ]],[[
  330. SSL_CTX_set_srp_username(NULL, "");
  331. SSL_CTX_set_srp_password(NULL, "");
  332. ]])
  333. ],[
  334. AC_MSG_RESULT([yes])
  335. AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password])
  336. AC_SUBST(HAVE_OPENSSL_SRP, [1])
  337. ],[
  338. AC_MSG_RESULT([no])
  339. ])
  340. fi
  341. dnl ---
  342. dnl Whether the OpenSSL configuration will be loaded automatically
  343. dnl ---
  344. if test X"$OPENSSL_ENABLED" = X"1"; then
  345. AC_ARG_ENABLE(openssl-auto-load-config,
  346. AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration])
  347. AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]),
  348. [ if test X"$enableval" = X"no"; then
  349. AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled])
  350. AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically])
  351. fi
  352. ])
  353. fi
  354. dnl ---
  355. dnl We may use OpenSSL QUIC.
  356. dnl ---
  357. if test "$OPENSSL_ENABLED" = "1"; then
  358. AC_MSG_CHECKING([for QUIC support and OpenSSL >= 3.3])
  359. AC_LINK_IFELSE([
  360. AC_LANG_PROGRAM([[
  361. #include <openssl/ssl.h>
  362. ]],[[
  363. #if (OPENSSL_VERSION_NUMBER < 0x30300000L)
  364. #error need at least version 3.3.0
  365. #endif
  366. OSSL_QUIC_client_method();
  367. ]])
  368. ],[
  369. AC_MSG_RESULT([yes])
  370. have_openssl_quic=1
  371. ],[
  372. AC_MSG_RESULT([no])
  373. ])
  374. fi
  375. ])