curl-openssl.m4 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422
  1. #***************************************************************************
  2. # _ _ ____ _
  3. # Project ___| | | | _ \| |
  4. # / __| | | | |_) | |
  5. # | (__| |_| | _ <| |___
  6. # \___|\___/|_| \_\_____|
  7. #
  8. # Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. #
  10. # This software is licensed as described in the file COPYING, which
  11. # you should have received as part of this distribution. The terms
  12. # are also available at https://curl.se/docs/copyright.html.
  13. #
  14. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. # copies of the Software, and permit persons to whom the Software is
  16. # furnished to do so, under the terms of the COPYING file.
  17. #
  18. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. # KIND, either express or implied.
  20. #
  21. # SPDX-License-Identifier: curl
  22. #
  23. #***************************************************************************
  24. # File version for 'aclocal' use. Keep it a single number.
  25. # serial 5
  26. dnl **********************************************************************
  27. dnl Check for OpenSSL libraries and headers
  28. dnl **********************************************************************
  29. AC_DEFUN([CURL_WITH_OPENSSL], [
  30. if test "x$OPT_OPENSSL" != xno; then
  31. ssl_msg=
  32. dnl backup the pre-ssl variables
  33. CLEANLDFLAGS="$LDFLAGS"
  34. CLEANLDFLAGSPC="$LDFLAGSPC"
  35. CLEANCPPFLAGS="$CPPFLAGS"
  36. CLEANLIBS="$LIBS"
  37. dnl This is for MSYS/MinGW
  38. case $host in
  39. *-*-msys* | *-*-mingw*)
  40. AC_MSG_CHECKING([for gdi32])
  41. my_ac_save_LIBS=$LIBS
  42. LIBS="-lgdi32 $LIBS"
  43. AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
  44. #include <windef.h>
  45. #include <wingdi.h>
  46. ]],
  47. [[
  48. GdiFlush();
  49. ]])],
  50. [ dnl worked!
  51. AC_MSG_RESULT([yes])],
  52. [ dnl failed, restore LIBS
  53. LIBS=$my_ac_save_LIBS
  54. AC_MSG_RESULT(no)]
  55. )
  56. ;;
  57. esac
  58. case "$OPT_OPENSSL" in
  59. yes)
  60. dnl --with-openssl (without path) used
  61. PKGTEST="yes"
  62. PREFIX_OPENSSL=
  63. ;;
  64. *)
  65. dnl check the given --with-openssl spot
  66. PKGTEST="no"
  67. PREFIX_OPENSSL=$OPT_OPENSSL
  68. dnl Try pkg-config even when cross-compiling. Since we
  69. dnl specify PKG_CONFIG_LIBDIR we're only looking where
  70. dnl the user told us to look
  71. OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
  72. if test -f "$OPENSSL_PCDIR/openssl.pc"; then
  73. AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
  74. PKGTEST="yes"
  75. fi
  76. if test "$PKGTEST" != "yes"; then
  77. # try lib64 instead
  78. OPENSSL_PCDIR="$OPT_OPENSSL/lib64/pkgconfig"
  79. if test -f "$OPENSSL_PCDIR/openssl.pc"; then
  80. AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
  81. PKGTEST="yes"
  82. fi
  83. fi
  84. if test "$PKGTEST" != "yes"; then
  85. if test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
  86. AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
  87. fi
  88. fi
  89. dnl in case pkg-config comes up empty, use what we got
  90. dnl via --with-openssl
  91. LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
  92. if test "$PREFIX_OPENSSL" != "/usr" ; then
  93. SSL_LDFLAGS="-L$LIB_OPENSSL"
  94. SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
  95. fi
  96. ;;
  97. esac
  98. if test "$PKGTEST" = "yes"; then
  99. CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
  100. if test "$PKGCONFIG" != "no" ; then
  101. SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  102. $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
  103. SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  104. $PKGCONFIG --libs-only-L openssl 2>/dev/null`
  105. SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
  106. $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
  107. AC_SUBST(SSL_LIBS)
  108. AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
  109. AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
  110. AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
  111. LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
  112. dnl use the values pkg-config reported. This is here
  113. dnl instead of below with CPPFLAGS and LDFLAGS because we only
  114. dnl learn about this via pkg-config. If we only have
  115. dnl the argument to --with-openssl we don't know what
  116. dnl additional libs may be necessary. Hope that we
  117. dnl don't need any.
  118. LIBS="$SSL_LIBS $LIBS"
  119. fi
  120. fi
  121. dnl finally, set flags to use SSL
  122. CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
  123. LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
  124. LDFLAGSPC="$LDFLAGSPC $SSL_LDFLAGS"
  125. AC_CHECK_LIB(crypto, HMAC_Update,[
  126. HAVECRYPTO="yes"
  127. LIBS="-lcrypto $LIBS"
  128. ],[
  129. if test -n "$LIB_OPENSSL" ; then
  130. LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
  131. LDFLAGSPC="$CLEANLDFLAGSPC -L$LIB_OPENSSL"
  132. fi
  133. if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
  134. # only set this if pkg-config wasn't used
  135. CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include"
  136. fi
  137. # Linking previously failed, try extra paths from --with-openssl or
  138. # pkg-config. Use a different function name to avoid reusing the earlier
  139. # cached result.
  140. AC_CHECK_LIB(crypto, HMAC_Init_ex,[
  141. HAVECRYPTO="yes"
  142. LIBS="-lcrypto $LIBS"], [
  143. dnl still no, but what about with -ldl?
  144. AC_MSG_CHECKING([OpenSSL linking with -ldl])
  145. LIBS="-lcrypto $CLEANLIBS -ldl"
  146. AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
  147. #include <openssl/err.h>
  148. ]], [[
  149. ERR_clear_error();
  150. ]]) ],
  151. [
  152. AC_MSG_RESULT(yes)
  153. HAVECRYPTO="yes"
  154. ],
  155. [
  156. AC_MSG_RESULT(no)
  157. dnl ok, so what about both -ldl and -lpthread?
  158. dnl This may be necessary for static libraries.
  159. AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
  160. LIBS="-lcrypto $CLEANLIBS -ldl -lpthread"
  161. AC_LINK_IFELSE([
  162. AC_LANG_PROGRAM([[
  163. #include <openssl/err.h>
  164. ]], [[
  165. ERR_clear_error();
  166. ]])],
  167. [
  168. AC_MSG_RESULT(yes)
  169. HAVECRYPTO="yes"
  170. ],
  171. [
  172. AC_MSG_RESULT(no)
  173. LDFLAGS="$CLEANLDFLAGS"
  174. LDFLAGSPC="$CLEANLDFLAGSPC"
  175. CPPFLAGS="$CLEANCPPFLAGS"
  176. LIBS="$CLEANLIBS"
  177. ])
  178. ])
  179. ])
  180. ])
  181. if test X"$HAVECRYPTO" = X"yes"; then
  182. dnl This is only reasonable to do if crypto actually is there: check for
  183. dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
  184. AC_CHECK_LIB(ssl, SSL_connect)
  185. if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
  186. dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
  187. AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
  188. OLIBS=$LIBS
  189. LIBS="-lRSAglue -lrsaref $LIBS"
  190. AC_CHECK_LIB(ssl, SSL_connect)
  191. if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
  192. dnl still no SSL_connect
  193. AC_MSG_RESULT(no)
  194. LIBS=$OLIBS
  195. else
  196. AC_MSG_RESULT(yes)
  197. fi
  198. else
  199. dnl Have the libraries--check for OpenSSL headers
  200. AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
  201. openssl/pem.h openssl/ssl.h openssl/err.h,
  202. ssl_msg="OpenSSL"
  203. test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
  204. OPENSSL_ENABLED=1
  205. AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
  206. if test $ac_cv_header_openssl_x509_h = no; then
  207. dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
  208. dnl since 'err.h' might in fact find a krb4 header with the same
  209. dnl name
  210. AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
  211. if test $ac_cv_header_x509_h = yes &&
  212. test $ac_cv_header_crypto_h = yes &&
  213. test $ac_cv_header_ssl_h = yes; then
  214. dnl three matches
  215. ssl_msg="OpenSSL"
  216. OPENSSL_ENABLED=1
  217. fi
  218. fi
  219. fi
  220. if test X"$OPENSSL_ENABLED" != X"1"; then
  221. LIBS="$CLEANLIBS"
  222. fi
  223. if test X"$OPT_OPENSSL" != Xoff &&
  224. test "$OPENSSL_ENABLED" != "1"; then
  225. AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
  226. fi
  227. fi
  228. if test X"$OPENSSL_ENABLED" = X"1"; then
  229. dnl These can only exist if OpenSSL exists
  230. AC_MSG_CHECKING([for BoringSSL])
  231. AC_COMPILE_IFELSE([
  232. AC_LANG_PROGRAM([[
  233. #include <openssl/base.h>
  234. ]],[[
  235. #ifndef OPENSSL_IS_BORINGSSL
  236. #error not boringssl
  237. #endif
  238. ]])
  239. ],[
  240. AC_MSG_RESULT([yes])
  241. ssl_msg="BoringSSL"
  242. OPENSSL_IS_BORINGSSL=1
  243. ],[
  244. AC_MSG_RESULT([no])
  245. ])
  246. AC_MSG_CHECKING([for AWS-LC])
  247. AC_COMPILE_IFELSE([
  248. AC_LANG_PROGRAM([[
  249. #include <openssl/base.h>
  250. ]],[[
  251. #ifndef OPENSSL_IS_AWSLC
  252. #error not AWS-LC
  253. #endif
  254. ]])
  255. ],[
  256. AC_MSG_RESULT([yes])
  257. ssl_msg="AWS-LC"
  258. OPENSSL_IS_BORINGSSL=1
  259. ],[
  260. AC_MSG_RESULT([no])
  261. ])
  262. AC_MSG_CHECKING([for LibreSSL])
  263. AC_COMPILE_IFELSE([
  264. AC_LANG_PROGRAM([[
  265. #include <openssl/opensslv.h>
  266. ]],[[
  267. int dummy = LIBRESSL_VERSION_NUMBER;
  268. ]])
  269. ],[
  270. AC_MSG_RESULT([yes])
  271. AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
  272. [Define to 1 if using LibreSSL.])
  273. ssl_msg="LibreSSL"
  274. ],[
  275. AC_MSG_RESULT([no])
  276. ])
  277. AC_MSG_CHECKING([for OpenSSL >= v3])
  278. AC_COMPILE_IFELSE([
  279. AC_LANG_PROGRAM([[
  280. #include <openssl/opensslv.h>
  281. ]],[[
  282. #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
  283. return 0;
  284. #else
  285. #error older than 3
  286. #endif
  287. ]])
  288. ],[
  289. AC_MSG_RESULT([yes])
  290. ssl_msg="OpenSSL v3+"
  291. ],[
  292. AC_MSG_RESULT([no])
  293. ])
  294. fi
  295. dnl is this OpenSSL (fork) providing the original QUIC API?
  296. AC_CHECK_FUNCS([SSL_set_quic_use_legacy_codepoint],
  297. [QUIC_ENABLED=yes])
  298. if test "$QUIC_ENABLED" = "yes"; then
  299. AC_MSG_NOTICE([OpenSSL fork speaks QUIC API])
  300. else
  301. AC_MSG_NOTICE([OpenSSL version does not speak QUIC API])
  302. fi
  303. if test "$OPENSSL_ENABLED" = "1"; then
  304. if test -n "$LIB_OPENSSL"; then
  305. dnl when the ssl shared libs were found in a path that the run-time
  306. dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
  307. dnl to prevent further configure tests to fail due to this
  308. if test "x$cross_compiling" != "xyes"; then
  309. CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
  310. export CURL_LIBRARY_PATH
  311. AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
  312. fi
  313. fi
  314. check_for_ca_bundle=1
  315. LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE openssl"
  316. fi
  317. test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
  318. fi
  319. if test X"$OPT_OPENSSL" != Xno &&
  320. test "$OPENSSL_ENABLED" != "1"; then
  321. AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
  322. AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
  323. AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
  324. fi
  325. dnl ---
  326. dnl We require OpenSSL with SRP support.
  327. dnl ---
  328. if test "$OPENSSL_ENABLED" = "1"; then
  329. AC_MSG_CHECKING([for SRP support in OpenSSL])
  330. AC_LINK_IFELSE([
  331. AC_LANG_PROGRAM([[
  332. #include <openssl/ssl.h>
  333. ]],[[
  334. SSL_CTX_set_srp_username(NULL, "");
  335. SSL_CTX_set_srp_password(NULL, "");
  336. ]])
  337. ],[
  338. AC_MSG_RESULT([yes])
  339. AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password])
  340. AC_SUBST(HAVE_OPENSSL_SRP, [1])
  341. ],[
  342. AC_MSG_RESULT([no])
  343. ])
  344. fi
  345. dnl ---
  346. dnl Whether the OpenSSL configuration will be loaded automatically
  347. dnl ---
  348. if test X"$OPENSSL_ENABLED" = X"1"; then
  349. AC_ARG_ENABLE(openssl-auto-load-config,
  350. AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration])
  351. AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]),
  352. [ if test X"$enableval" = X"no"; then
  353. AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled])
  354. AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically])
  355. fi
  356. ])
  357. fi
  358. dnl ---
  359. dnl We may use OpenSSL QUIC.
  360. dnl ---
  361. if test "$OPENSSL_ENABLED" = "1"; then
  362. AC_MSG_CHECKING([for QUIC support and OpenSSL >= 3.3])
  363. AC_LINK_IFELSE([
  364. AC_LANG_PROGRAM([[
  365. #include <openssl/ssl.h>
  366. ]],[[
  367. #if (OPENSSL_VERSION_NUMBER < 0x30300000L)
  368. #error need at least version 3.3.0
  369. #endif
  370. OSSL_QUIC_client_method();
  371. ]])
  372. ],[
  373. AC_MSG_RESULT([yes])
  374. have_openssl_quic=1
  375. ],[
  376. AC_MSG_RESULT([no])
  377. ])
  378. fi
  379. ])