curl-openssl.m4 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420
  1. #***************************************************************************
  2. # _ _ ____ _
  3. # Project ___| | | | _ \| |
  4. # / __| | | | |_) | |
  5. # | (__| |_| | _ <| |___
  6. # \___|\___/|_| \_\_____|
  7. #
  8. # Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. #
  10. # This software is licensed as described in the file COPYING, which
  11. # you should have received as part of this distribution. The terms
  12. # are also available at https://curl.se/docs/copyright.html.
  13. #
  14. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. # copies of the Software, and permit persons to whom the Software is
  16. # furnished to do so, under the terms of the COPYING file.
  17. #
  18. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. # KIND, either express or implied.
  20. #
  21. # SPDX-License-Identifier: curl
  22. #
  23. #***************************************************************************
  24. # File version for 'aclocal' use. Keep it a single number.
  25. # serial 5
  26. dnl **********************************************************************
  27. dnl Check for OpenSSL libraries and headers
  28. dnl **********************************************************************
  29. AC_DEFUN([CURL_WITH_OPENSSL], [
  30. if test "x$OPT_OPENSSL" != xno; then
  31. ssl_msg=
  32. dnl backup the pre-ssl variables
  33. CLEANLDFLAGS="$LDFLAGS"
  34. CLEANCPPFLAGS="$CPPFLAGS"
  35. CLEANLIBS="$LIBS"
  36. dnl This is for Msys/Mingw
  37. case $host in
  38. *-*-msys* | *-*-mingw*)
  39. AC_MSG_CHECKING([for gdi32])
  40. my_ac_save_LIBS=$LIBS
  41. LIBS="-lgdi32 $LIBS"
  42. AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
  43. #include <windef.h>
  44. #include <wingdi.h>
  45. ]],
  46. [[
  47. GdiFlush();
  48. ]])],
  49. [ dnl worked!
  50. AC_MSG_RESULT([yes])],
  51. [ dnl failed, restore LIBS
  52. LIBS=$my_ac_save_LIBS
  53. AC_MSG_RESULT(no)]
  54. )
  55. ;;
  56. esac
  57. case "$OPT_OPENSSL" in
  58. yes)
  59. dnl --with-openssl (without path) used
  60. PKGTEST="yes"
  61. PREFIX_OPENSSL=
  62. ;;
  63. *)
  64. dnl check the given --with-openssl spot
  65. PKGTEST="no"
  66. PREFIX_OPENSSL=$OPT_OPENSSL
  67. dnl Try pkg-config even when cross-compiling. Since we
  68. dnl specify PKG_CONFIG_LIBDIR we're only looking where
  69. dnl the user told us to look
  70. OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
  71. if test -f "$OPENSSL_PCDIR/openssl.pc"; then
  72. AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
  73. PKGTEST="yes"
  74. fi
  75. if test "$PKGTEST" != "yes"; then
  76. # try lib64 instead
  77. OPENSSL_PCDIR="$OPT_OPENSSL/lib64/pkgconfig"
  78. if test -f "$OPENSSL_PCDIR/openssl.pc"; then
  79. AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
  80. PKGTEST="yes"
  81. fi
  82. fi
  83. if test "$PKGTEST" != "yes"; then
  84. if test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
  85. AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
  86. fi
  87. fi
  88. dnl in case pkg-config comes up empty, use what we got
  89. dnl via --with-openssl
  90. LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
  91. if test "$PREFIX_OPENSSL" != "/usr" ; then
  92. SSL_LDFLAGS="-L$LIB_OPENSSL"
  93. SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
  94. fi
  95. ;;
  96. esac
  97. if test "$PKGTEST" = "yes"; then
  98. CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
  99. if test "$PKGCONFIG" != "no" ; then
  100. SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  101. $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
  102. SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  103. $PKGCONFIG --libs-only-L openssl 2>/dev/null`
  104. SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  105. $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
  106. AC_SUBST(SSL_LIBS)
  107. AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
  108. AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
  109. AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
  110. LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
  111. dnl use the values pkg-config reported. This is here
  112. dnl instead of below with CPPFLAGS and LDFLAGS because we only
  113. dnl learn about this via pkg-config. If we only have
  114. dnl the argument to --with-openssl we don't know what
  115. dnl additional libs may be necessary. Hope that we
  116. dnl don't need any.
  117. LIBS="$SSL_LIBS $LIBS"
  118. fi
  119. fi
  120. dnl finally, set flags to use SSL
  121. CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
  122. LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
  123. AC_CHECK_LIB(crypto, HMAC_Update,[
  124. HAVECRYPTO="yes"
  125. LIBS="-lcrypto $LIBS"
  126. ],[
  127. if test -n "$LIB_OPENSSL" ; then
  128. LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
  129. fi
  130. if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
  131. # only set this if pkg-config wasn't used
  132. CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include"
  133. fi
  134. # Linking previously failed, try extra paths from --with-openssl or
  135. # pkg-config. Use a different function name to avoid reusing the earlier
  136. # cached result.
  137. AC_CHECK_LIB(crypto, HMAC_Init_ex,[
  138. HAVECRYPTO="yes"
  139. LIBS="-lcrypto $LIBS"], [
  140. dnl still no, but what about with -ldl?
  141. AC_MSG_CHECKING([OpenSSL linking with -ldl])
  142. LIBS="-lcrypto $CLEANLIBS -ldl"
  143. AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
  144. #include <openssl/err.h>
  145. ]], [[
  146. ERR_clear_error();
  147. ]]) ],
  148. [
  149. AC_MSG_RESULT(yes)
  150. HAVECRYPTO="yes"
  151. ],
  152. [
  153. AC_MSG_RESULT(no)
  154. dnl ok, so what about both -ldl and -lpthread?
  155. dnl This may be necessary for static libraries.
  156. AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
  157. LIBS="-lcrypto $CLEANLIBS -ldl -lpthread"
  158. AC_LINK_IFELSE([
  159. AC_LANG_PROGRAM([[
  160. #include <openssl/err.h>
  161. ]], [[
  162. ERR_clear_error();
  163. ]])],
  164. [
  165. AC_MSG_RESULT(yes)
  166. HAVECRYPTO="yes"
  167. ],
  168. [
  169. AC_MSG_RESULT(no)
  170. LDFLAGS="$CLEANLDFLAGS"
  171. CPPFLAGS="$CLEANCPPFLAGS"
  172. LIBS="$CLEANLIBS"
  173. ])
  174. ])
  175. ])
  176. ])
  177. if test X"$HAVECRYPTO" = X"yes"; then
  178. dnl This is only reasonable to do if crypto actually is there: check for
  179. dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
  180. AC_CHECK_LIB(ssl, SSL_connect)
  181. if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
  182. dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
  183. AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
  184. OLIBS=$LIBS
  185. LIBS="-lRSAglue -lrsaref $LIBS"
  186. AC_CHECK_LIB(ssl, SSL_connect)
  187. if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
  188. dnl still no SSL_connect
  189. AC_MSG_RESULT(no)
  190. LIBS=$OLIBS
  191. else
  192. AC_MSG_RESULT(yes)
  193. fi
  194. else
  195. dnl Have the libraries--check for OpenSSL headers
  196. AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
  197. openssl/pem.h openssl/ssl.h openssl/err.h,
  198. ssl_msg="OpenSSL"
  199. test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
  200. OPENSSL_ENABLED=1
  201. AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
  202. if test $ac_cv_header_openssl_x509_h = no; then
  203. dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
  204. dnl since 'err.h' might in fact find a krb4 header with the same
  205. dnl name
  206. AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
  207. if test $ac_cv_header_x509_h = yes &&
  208. test $ac_cv_header_crypto_h = yes &&
  209. test $ac_cv_header_ssl_h = yes; then
  210. dnl three matches
  211. ssl_msg="OpenSSL"
  212. OPENSSL_ENABLED=1
  213. fi
  214. fi
  215. fi
  216. if test X"$OPENSSL_ENABLED" != X"1"; then
  217. LIBS="$CLEANLIBS"
  218. fi
  219. if test X"$OPT_OPENSSL" != Xoff &&
  220. test "$OPENSSL_ENABLED" != "1"; then
  221. AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
  222. fi
  223. fi
  224. if test X"$OPENSSL_ENABLED" = X"1"; then
  225. dnl These can only exist if OpenSSL exists
  226. AC_MSG_CHECKING([for BoringSSL])
  227. AC_COMPILE_IFELSE([
  228. AC_LANG_PROGRAM([[
  229. #include <openssl/base.h>
  230. ]],[[
  231. #ifndef OPENSSL_IS_BORINGSSL
  232. #error not boringssl
  233. #endif
  234. ]])
  235. ],[
  236. AC_MSG_RESULT([yes])
  237. AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
  238. [Define to 1 if using BoringSSL.])
  239. ssl_msg="BoringSSL"
  240. ],[
  241. AC_MSG_RESULT([no])
  242. ])
  243. AC_MSG_CHECKING([for AWS-LC])
  244. AC_COMPILE_IFELSE([
  245. AC_LANG_PROGRAM([[
  246. #include <openssl/base.h>
  247. ]],[[
  248. #ifndef OPENSSL_IS_AWSLC
  249. #error not AWS-LC
  250. #endif
  251. ]])
  252. ],[
  253. AC_MSG_RESULT([yes])
  254. AC_DEFINE_UNQUOTED(HAVE_AWSLC, 1,
  255. [Define to 1 if using AWS-LC.])
  256. ssl_msg="AWS-LC"
  257. ],[
  258. AC_MSG_RESULT([no])
  259. ])
  260. AC_MSG_CHECKING([for libressl])
  261. AC_COMPILE_IFELSE([
  262. AC_LANG_PROGRAM([[
  263. #include <openssl/opensslv.h>
  264. ]],[[
  265. int dummy = LIBRESSL_VERSION_NUMBER;
  266. ]])
  267. ],[
  268. AC_MSG_RESULT([yes])
  269. AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
  270. [Define to 1 if using libressl.])
  271. ssl_msg="libressl"
  272. ],[
  273. AC_MSG_RESULT([no])
  274. ])
  275. AC_MSG_CHECKING([for OpenSSL >= v3])
  276. AC_COMPILE_IFELSE([
  277. AC_LANG_PROGRAM([[
  278. #include <openssl/opensslv.h>
  279. ]],[[
  280. #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
  281. return 0;
  282. #else
  283. #error older than 3
  284. #endif
  285. ]])
  286. ],[
  287. AC_MSG_RESULT([yes])
  288. AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1,
  289. [Define to 1 if using OpenSSL 3 or later.])
  290. ssl_msg="OpenSSL v3+"
  291. ],[
  292. AC_MSG_RESULT([no])
  293. ])
  294. fi
  295. if test "$OPENSSL_ENABLED" = "1"; then
  296. if test -n "$LIB_OPENSSL"; then
  297. dnl when the ssl shared libs were found in a path that the run-time
  298. dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
  299. dnl to prevent further configure tests to fail due to this
  300. if test "x$cross_compiling" != "xyes"; then
  301. CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
  302. export CURL_LIBRARY_PATH
  303. AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
  304. fi
  305. fi
  306. check_for_ca_bundle=1
  307. fi
  308. test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
  309. fi
  310. if test X"$OPT_OPENSSL" != Xno &&
  311. test "$OPENSSL_ENABLED" != "1"; then
  312. AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
  313. AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
  314. AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
  315. fi
  316. dnl **********************************************************************
  317. dnl Check for the random seed preferences
  318. dnl **********************************************************************
  319. if test X"$OPENSSL_ENABLED" = X"1"; then
  320. dnl Check for user-specified random device
  321. AC_ARG_WITH(random,
  322. AS_HELP_STRING([--with-random=FILE],
  323. [read randomness from FILE (default=/dev/urandom)]),
  324. [ RANDOM_FILE="$withval" ],
  325. [
  326. if test x$cross_compiling != xyes; then
  327. dnl Check for random device
  328. AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
  329. else
  330. AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
  331. fi
  332. ]
  333. )
  334. if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
  335. AC_SUBST(RANDOM_FILE)
  336. AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
  337. [a suitable file to read random data from])
  338. fi
  339. fi
  340. dnl ---
  341. dnl We require OpenSSL with SRP support.
  342. dnl ---
  343. if test "$OPENSSL_ENABLED" = "1"; then
  344. AC_MSG_CHECKING([for SRP support in OpenSSL])
  345. AC_LINK_IFELSE([
  346. AC_LANG_PROGRAM([[
  347. #include <openssl/ssl.h>
  348. ]],[[
  349. SSL_CTX_set_srp_username(NULL, "");
  350. SSL_CTX_set_srp_password(NULL, "");
  351. ]])
  352. ],[
  353. AC_MSG_RESULT([yes])
  354. AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password])
  355. AC_SUBST(HAVE_OPENSSL_SRP, [1])
  356. ],[
  357. AC_MSG_RESULT([no])
  358. ])
  359. fi
  360. dnl ---
  361. dnl Whether the OpenSSL configuration will be loaded automatically
  362. dnl ---
  363. if test X"$OPENSSL_ENABLED" = X"1"; then
  364. AC_ARG_ENABLE(openssl-auto-load-config,
  365. AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration])
  366. AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]),
  367. [ if test X"$enableval" = X"no"; then
  368. AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled])
  369. AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically])
  370. fi
  371. ])
  372. fi
  373. ])