diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-04-15 11:17:29 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-04-22 23:19:47 +0200 |
commit | ee36e86ce8f77a017c49b8312814c33f4b969565 (patch) | |
tree | 0f56d0206eda4a3595364d2831cf8d09f2d65213 | |
parent | 68d89f242cf9f6326e3b2f6fe119b7c74ef41c66 (diff) | |
download | curl-ee36e86ce8f77a017c49b8312814c33f4b969565.tar.gz |
configure: split out each TLS library detector into its own function
... and put those functions in separate m4 files per TLS library.
-rwxr-xr-x | configure.ac | 1212 | ||||
-rw-r--r-- | m4/curl-amissl.m4 | 47 | ||||
-rw-r--r-- | m4/curl-bearssl.m4 | 108 | ||||
-rw-r--r-- | m4/curl-gnutls.m4 | 165 | ||||
-rw-r--r-- | m4/curl-mbedtls.m4 | 109 | ||||
-rw-r--r-- | m4/curl-mesalink.m4 | 107 | ||||
-rw-r--r-- | m4/curl-nss.m4 | 142 | ||||
-rw-r--r-- | m4/curl-openssl.m4 | 377 | ||||
-rw-r--r-- | m4/curl-rustls.m4 | 106 | ||||
-rw-r--r-- | m4/curl-schannel.m4 | 46 | ||||
-rw-r--r-- | m4/curl-sectransp.m4 | 43 | ||||
-rw-r--r-- | m4/curl-wolfssl.m4 | 177 |
12 files changed, 1437 insertions, 1202 deletions
diff --git a/configure.ac b/configure.ac index 70762cc9d..033e30986 100755 --- a/configure.ac +++ b/configure.ac @@ -1731,1213 +1731,23 @@ case "$DEFAULT_SSL_BACKEND" in ;; esac -dnl ********************************************************************** - -dnl ------------------------------------------------- -dnl check winssl option before other SSL libraries -dnl ------------------------------------------------- - -AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)]) -if test "x$OPT_SCHANNEL" != xno; then - ssl_msg= - if test "x$OPT_SCHANNEL" != "xno" && - test "x$curl_cv_native_windows" = "xyes"; then - AC_MSG_RESULT(yes) - AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) - AC_SUBST(USE_SCHANNEL, [1]) - ssl_msg="Schannel" - test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - SCHANNEL_ENABLED=1 - # --with-schannel implies --enable-sspi - AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) - AC_SUBST(USE_WINDOWS_SSPI, [1]) - curl_sspi_msg="enabled" - else - AC_MSG_RESULT(no) - fi - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -else - AC_MSG_RESULT(no) -fi +CURL_WITH_SCHANNEL +CURL_WITH_SECURETRANSPORT +CURL_WITH_AMISSL +CURL_WITH_OPENSSL +CURL_WITH_GNUTLS +CURL_WITH_MBEDTLS +CURL_WITH_WOLFSSL +CURL_WITH_MESALINK +CURL_WITH_BEARSSL +CURL_WITH_RUSTLS +CURL_WITH_NSS dnl link required libraries for USE_WIN32_CRYPTO or USE_SCHANNEL if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then LIBS="-ladvapi32 -lcrypt32 $LIBS" fi -AC_MSG_CHECKING([whether to enable Secure Transport]) -if test "x$OPT_SECURETRANSPORT" != xno; then - if test "x$OPT_SECURETRANSPORT" != "xno" && - (test "x$cross_compiling" != "xno" || test -d "/System/Library/Frameworks/Security.framework"); then - AC_MSG_RESULT(yes) - AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport]) - AC_SUBST(USE_SECTRANSP, [1]) - ssl_msg="Secure Transport" - test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - SECURETRANSPORT_ENABLED=1 - LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" - else - AC_MSG_RESULT(no) - fi - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -else - AC_MSG_RESULT(no) -fi - -AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)]) -if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then - if test "x$OPT_AMISSL" != xno; then - ssl_msg= - if test "x$OPT_AMISSL" != "xno"; then - AC_MSG_RESULT(yes) - ssl_msg="AmiSSL" - test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - AMISSL_ENABLED=1 - LIBS="-lamisslauto $LIBS" - AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use]) - AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]) - else - AC_MSG_RESULT(no) - fi - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" - else - AC_MSG_RESULT(no) - fi -else - AC_MSG_RESULT(no) -fi - -dnl ********************************************************************** -dnl Check for OpenSSL libraries and headers -dnl ********************************************************************** - -if test "x$OPT_OPENSSL" != xno; then - ssl_msg= - - dnl backup the pre-ssl variables - CLEANLDFLAGS="$LDFLAGS" - CLEANCPPFLAGS="$CPPFLAGS" - CLEANLIBS="$LIBS" - - dnl This is for Msys/Mingw - case $host in - *-*-msys* | *-*-mingw*) - AC_MSG_CHECKING([for gdi32]) - my_ac_save_LIBS=$LIBS - LIBS="-lgdi32 $LIBS" - AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ - #include <windef.h> - #include <wingdi.h> - ]], - [[ - GdiFlush(); - ]])], - [ dnl worked! - AC_MSG_RESULT([yes])], - [ dnl failed, restore LIBS - LIBS=$my_ac_save_LIBS - AC_MSG_RESULT(no)] - ) - ;; - esac - - case "$OPT_OPENSSL" in - yes) - dnl --with-openssl (without path) used - PKGTEST="yes" - PREFIX_OPENSSL=/usr/local/ssl - LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" - ;; - off) - dnl no --with-openssl option given, just check default places - PKGTEST="yes" - PREFIX_OPENSSL= - ;; - *) - dnl check the given --with-openssl spot - PKGTEST="no" - PREFIX_OPENSSL=$OPT_OPENSSL - - dnl Try pkg-config even when cross-compiling. Since we - dnl specify PKG_CONFIG_LIBDIR we're only looking where - dnl the user told us to look - OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig" - if test -f "$OPENSSL_PCDIR/openssl.pc"; then - AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) - PKGTEST="yes" - elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then - AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!]) - fi - - dnl in case pkg-config comes up empty, use what we got - dnl via --with-openssl - LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" - if test "$PREFIX_OPENSSL" != "/usr" ; then - SSL_LDFLAGS="-L$LIB_OPENSSL" - SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include" - fi - SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl" - ;; - esac - - if test "$PKGTEST" = "yes"; then - - CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR]) - - if test "$PKGCONFIG" != "no" ; then - SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl - $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` - - SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl - $PKGCONFIG --libs-only-L openssl 2>/dev/null` - - SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl - $PKGCONFIG --cflags-only-I openssl 2>/dev/null` - - AC_SUBST(SSL_LIBS) - AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) - AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) - AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) - - LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'` - - dnl use the values pkg-config reported. This is here - dnl instead of below with CPPFLAGS and LDFLAGS because we only - dnl learn about this via pkg-config. If we only have - dnl the argument to --with-openssl we don't know what - dnl additional libs may be necessary. Hope that we - dnl don't need any. - LIBS="$SSL_LIBS $LIBS" - fi - fi - - dnl finally, set flags to use SSL - CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS" - LDFLAGS="$LDFLAGS $SSL_LDFLAGS" - - AC_CHECK_LIB(crypto, HMAC_Update,[ - HAVECRYPTO="yes" - LIBS="-lcrypto $LIBS" - ],[ - if test -n "$LIB_OPENSSL" ; then - LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" - fi - if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then - # only set this if pkg-config wasn't used - CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" - fi - # Linking previously failed, try extra paths from --with-openssl or - # pkg-config. Use a different function name to avoid reusing the earlier - # cached result. - AC_CHECK_LIB(crypto, HMAC_Init_ex,[ - HAVECRYPTO="yes" - LIBS="-lcrypto $LIBS"], [ - - dnl still no, but what about with -ldl? - AC_MSG_CHECKING([OpenSSL linking with -ldl]) - LIBS="$CLEANLIBS -lcrypto -ldl" - AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ - #include <openssl/err.h> - ]], [[ - ERR_clear_error(); - ]]) ], - [ - AC_MSG_RESULT(yes) - HAVECRYPTO="yes" - ], - [ - AC_MSG_RESULT(no) - dnl ok, so what about both -ldl and -lpthread? - dnl This may be necessary for static libraries. - - AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread]) - LIBS="$CLEANLIBS -lcrypto -ldl -lpthread" - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ - #include <openssl/err.h> - ]], [[ - ERR_clear_error(); - ]])], - [ - AC_MSG_RESULT(yes) - HAVECRYPTO="yes" - ], - [ - AC_MSG_RESULT(no) - LDFLAGS="$CLEANLDFLAGS" - CPPFLAGS="$CLEANCPPFLAGS" - LIBS="$CLEANLIBS" - - ]) - - ]) - - ]) - ]) - - if test X"$HAVECRYPTO" = X"yes"; then - dnl This is only reasonable to do if crypto actually is there: check for - dnl SSL libs NOTE: it is important to do this AFTER the crypto lib - - AC_CHECK_LIB(ssl, SSL_connect) - - if test "$ac_cv_lib_ssl_SSL_connect" != yes; then - dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff - AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); - OLIBS=$LIBS - LIBS="-lRSAglue -lrsaref $LIBS" - AC_CHECK_LIB(ssl, SSL_connect) - if test "$ac_cv_lib_ssl_SSL_connect" != yes; then - dnl still no SSL_connect - AC_MSG_RESULT(no) - LIBS=$OLIBS - else - AC_MSG_RESULT(yes) - fi - - else - - dnl Have the libraries--check for OpenSSL headers - AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ - openssl/pem.h openssl/ssl.h openssl/err.h, - ssl_msg="OpenSSL" - test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - OPENSSL_ENABLED=1 - AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) - - if test $ac_cv_header_openssl_x509_h = no; then - dnl we don't use the "action" part of the AC_CHECK_HEADERS macro - dnl since 'err.h' might in fact find a krb4 header with the same - dnl name - AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h) - - if test $ac_cv_header_x509_h = yes && - test $ac_cv_header_crypto_h = yes && - test $ac_cv_header_ssl_h = yes; then - dnl three matches - ssl_msg="OpenSSL" - OPENSSL_ENABLED=1 - fi - fi - fi - - if test X"$OPENSSL_ENABLED" != X"1"; then - LIBS="$CLEANLIBS" - fi - - if test X"$OPT_OPENSSL" != Xoff && - test "$OPENSSL_ENABLED" != "1"; then - AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) - fi - fi - - if test X"$OPENSSL_ENABLED" = X"1"; then - dnl These can only exist if OpenSSL exists - dnl OpenSSL_version is introduced in 3.0.0 - - AC_CHECK_FUNCS( RAND_egd \ - SSLv2_client_method \ - OpenSSL_version ) - - AC_MSG_CHECKING([for BoringSSL]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - #include <openssl/base.h> - ]],[[ - #ifndef OPENSSL_IS_BORINGSSL - #error not boringssl - #endif - ]]) - ],[ - AC_MSG_RESULT([yes]) - AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, - [Define to 1 if using BoringSSL.]) - ssl_msg="BoringSSL" - ],[ - AC_MSG_RESULT([no]) - ]) - - AC_MSG_CHECKING([for libressl]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include <openssl/opensslv.h> - ]],[[ - int dummy = LIBRESSL_VERSION_NUMBER; - ]]) - ],[ - AC_MSG_RESULT([yes]) - AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, - [Define to 1 if using libressl.]) - ssl_msg="libressl" - ],[ - AC_MSG_RESULT([no]) - ]) - - AC_MSG_CHECKING([for OpenSSL >= v3]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include <openssl/opensslv.h> - ]],[[ - #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) - return 0; - #else - #error older than 3 - #endif - ]]) - ],[ - AC_MSG_RESULT([yes]) - AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1, - [Define to 1 if using OpenSSL 3 or later.]) - dnl OpenSSLv3 marks the DES functions deprecated but we have no - dnl replacements (yet) so tell the compiler to not warn for them - dnl - dnl Ask OpenSSL to suppress the warnings. - CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED" - ssl_msg="OpenSSL v3+" - ],[ - AC_MSG_RESULT([no]) - ]) - fi - - if test "$OPENSSL_ENABLED" = "1"; then - if test -n "$LIB_OPENSSL"; then - dnl when the ssl shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH - dnl to prevent further configure tests to fail due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH]) - fi - fi - CURL_CHECK_OPENSSL_API - check_for_ca_bundle=1 - fi - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -if test X"$OPT_OPENSSL" != Xno && - test "$OPENSSL_ENABLED" != "1"; then - AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL]) - AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) - AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected]) -fi - -dnl ********************************************************************** -dnl Check for the random seed preferences -dnl ********************************************************************** - -if test X"$OPENSSL_ENABLED" = X"1"; then - AC_ARG_WITH(egd-socket, - AS_HELP_STRING([--with-egd-socket=FILE], - [Entropy Gathering Daemon socket pathname]), - [ EGD_SOCKET="$withval" ] - ) - if test -n "$EGD_SOCKET" ; then - AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", - [your Entropy Gathering Daemon socket pathname] ) - fi - - dnl Check for user-specified random device - AC_ARG_WITH(random, - AS_HELP_STRING([--with-random=FILE], - [read randomness from FILE (default=/dev/urandom)]), - [ RANDOM_FILE="$withval" ], - [ - if test x$cross_compiling != xyes; then - dnl Check for random device - AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) - else - AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling]) - fi - ] - ) - if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then - AC_SUBST(RANDOM_FILE) - AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", - [a suitable file to read random data from]) - fi -fi - -dnl --- -dnl We require OpenSSL with SRP support. -dnl --- -if test "$OPENSSL_ENABLED" = "1"; then - AC_CHECK_LIB(crypto, SRP_Calc_client_key, - [ - AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) - AC_SUBST(HAVE_OPENSSL_SRP, [1]) - ]) -fi - -dnl --- -dnl Whether the OpenSSL configuration will be loaded automatically -dnl --- -if test X"$OPENSSL_ENABLED" = X"1"; then -AC_ARG_ENABLE(openssl-auto-load-config, -AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration]) -AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]), -[ if test X"$enableval" = X"no"; then - AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled]) - AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically]) - fi -]) -fi - -dnl ---------------------------------------------------- -dnl check for GnuTLS -dnl ---------------------------------------------------- - -if test "x$OPT_GNUTLS" != xno; then - ssl_msg= - - if test X"$OPT_GNUTLS" != Xno; then - - addld="" - addlib="" - gtlslib="" - version="" - addcflags="" - - if test "x$OPT_GNUTLS" = "xyes"; then - dnl this is with no partiular path given - CURL_CHECK_PKGCONFIG(gnutls) - - if test "$PKGCONFIG" != "no" ; then - addlib=`$PKGCONFIG --libs-only-l gnutls` - addld=`$PKGCONFIG --libs-only-L gnutls` - addcflags=`$PKGCONFIG --cflags-only-I gnutls` - version=`$PKGCONFIG --modversion gnutls` - gtlslib=`echo $addld | $SED -e 's/^-L//'` - else - dnl without pkg-config, we try libgnutls-config as that was how it - dnl used to be done - check=`libgnutls-config --version 2>/dev/null` - if test -n "$check"; then - addlib=`libgnutls-config --libs` - addcflags=`libgnutls-config --cflags` - version=`libgnutls-config --version` - gtlslib=`libgnutls-config --prefix`/lib$libsuff - fi - fi - else - dnl this is with a given path, first check if there's a libgnutls-config - dnl there and if not, make an educated guess - cfg=$OPT_GNUTLS/bin/libgnutls-config - check=`$cfg --version 2>/dev/null` - if test -n "$check"; then - addlib=`$cfg --libs` - addcflags=`$cfg --cflags` - version=`$cfg --version` - gtlslib=`$cfg --prefix`/lib$libsuff - else - dnl without pkg-config and libgnutls-config, we guess a lot! - addlib=-lgnutls - addld=-L$OPT_GNUTLS/lib$libsuff - addcflags=-I$OPT_GNUTLS/include - version="" # we just don't know - gtlslib=$OPT_GNUTLS/lib$libsuff - fi - fi - - if test -z "$version"; then - dnl lots of efforts, still no go - version="unknown" - fi - - if test -n "$addlib"; then - - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" - CLEANLDFLAGS="$LDFLAGS" - - LIBS="$addlib $LIBS" - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - dnl this function is selected since it was introduced in 3.1.10 - AC_CHECK_LIB(gnutls, gnutls_x509_crt_get_dn2, - [ - AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled]) - AC_SUBST(USE_GNUTLS, [1]) - GNUTLS_ENABLED=1 - USE_GNUTLS="yes" - ssl_msg="GnuTLS" - test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" - ]) - - if test "x$USE_GNUTLS" = "xyes"; then - AC_MSG_NOTICE([detected GnuTLS version $version]) - check_for_ca_bundle=1 - if test -n "$gtlslib"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH]) - fi - fi - fi - - fi - - fi dnl GNUTLS not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl --- -dnl Check which crypto backend GnuTLS uses -dnl --- - -if test "$GNUTLS_ENABLED" = "1"; then - USE_GNUTLS_NETTLE= - # First check if we can detect either crypto library via transitive linking - AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ]) - - # If not, try linking directly to both of them to see if they are available - if test "$USE_GNUTLS_NETTLE" = ""; then - AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ]) - fi - if test "$USE_GNUTLS_NETTLE" = ""; then - AC_MSG_ERROR([GnuTLS found, but nettle was not found]) - fi - LIBS="-lnettle $LIBS" -fi - -dnl --- -dnl We require GnuTLS with SRP support. -dnl --- -if test "$GNUTLS_ENABLED" = "1"; then - AC_CHECK_LIB(gnutls, gnutls_srp_verifier, - [ - AC_DEFINE(HAVE_GNUTLS_SRP, 1, [if you have the function gnutls_srp_verifier]) - AC_SUBST(HAVE_GNUTLS_SRP, [1]) - ]) -fi - -dnl ---------------------------------------------------- -dnl check for mbedTLS -dnl ---------------------------------------------------- - -if test "x$OPT_MBEDTLS" != xno; then - _cppflags=$CPPFLAGS - _ldflags=$LDFLAGS - ssl_msg= - - if test X"$OPT_MBEDTLS" != Xno; then - - if test "$OPT_MBEDTLS" = "yes"; then - OPT_MBEDTLS="" - fi - - if test -z "$OPT_MBEDTLS" ; then - dnl check for lib first without setting any new path - - AC_CHECK_LIB(mbedtls, mbedtls_havege_init, - dnl libmbedtls found, set the variable - [ - AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) - AC_SUBST(USE_MBEDTLS, [1]) - MBEDTLS_ENABLED=1 - USE_MBEDTLS="yes" - ssl_msg="mbedTLS" - test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], [], -lmbedx509 -lmbedcrypto) - fi - - addld="" - addlib="" - addcflags="" - mbedtlslib="" - - if test "x$USE_MBEDTLS" != "xyes"; then - dnl add the path and test again - addld=-L$OPT_MBEDTLS/lib$libsuff - addcflags=-I$OPT_MBEDTLS/include - mbedtlslib=$OPT_MBEDTLS/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, - [ - AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) - AC_SUBST(USE_MBEDTLS, [1]) - MBEDTLS_ENABLED=1 - USE_MBEDTLS="yes" - ssl_msg="mbedTLS" - test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - ], -lmbedx509 -lmbedcrypto) - fi - - if test "x$USE_MBEDTLS" = "xyes"; then - AC_MSG_NOTICE([detected mbedTLS]) - check_for_ca_bundle=1 - - LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS" - - if test -n "$mbedtlslib"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH]) - fi - fi - fi - - fi dnl mbedTLS not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl ---------------------------------------------------- -dnl check for wolfSSL -dnl ---------------------------------------------------- - -case "$OPT_WOLFSSL" in - yes|no) - wolfpkg="" - ;; - *) - wolfpkg="$withval/lib/pkgconfig" - ;; -esac - -if test "x$OPT_WOLFSSL" != xno; then - _cppflags=$CPPFLAGS - _ldflags=$LDFLAGS - - ssl_msg= - - if test X"$OPT_WOLFSSL" != Xno; then - - if test "$OPT_WOLFSSL" = "yes"; then - OPT_WOLFSSL="" - fi - - dnl try pkg-config magic - CURL_CHECK_PKGCONFIG(wolfssl, [$wolfpkg]) - AC_MSG_NOTICE([Check dir $wolfpkg]) - - addld="" - addlib="" - addcflags="" - if test "$PKGCONFIG" != "no" ; then - addlib=`CURL_EXPORT_PCDIR([$wolfpkg]) - $PKGCONFIG --libs-only-l wolfssl` - addld=`CURL_EXPORT_PCDIR([$wolfpkg]) - $PKGCONFIG --libs-only-L wolfssl` - addcflags=`CURL_EXPORT_PCDIR([$wolfpkg]) - $PKGCONFIG --cflags-only-I wolfssl` - version=`CURL_EXPORT_PCDIR([$wolfpkg]) - $PKGCONFIG --modversion wolfssl` - wolfssllibpath=`echo $addld | $SED -e 's/^-L//'` - else - addlib=-lwolfssl - dnl use system defaults if user does not supply a path - if test -n "$OPT_WOLFSSL"; then - addld=-L$OPT_WOLFSSL/lib$libsuff - addcflags=-I$OPT_WOLFSSL/include - wolfssllibpath=$OPT_WOLFSSL/lib$libsuff - fi - fi - - if test "x$USE_WOLFSSL" != "xyes"; then - - LDFLAGS="$LDFLAGS $addld" - AC_MSG_NOTICE([Add $addld to LDFLAGS]) - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - AC_MSG_NOTICE([Add $addcflags to CPPFLAGS]) - fi - - my_ac_save_LIBS="$LIBS" - LIBS="$addlib $LIBS" - AC_MSG_NOTICE([Add $addlib to LIBS]) - - AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ -/* These aren't needed for detection and confuse WolfSSL. - They are set up properly later if it is detected. */ -#undef SIZEOF_LONG -#undef SIZEOF_LONG_LONG -#include <wolfssl/ssl.h> - ]],[[ - return wolfSSL_Init(); - ]]) - ],[ - AC_MSG_RESULT(yes) - AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled]) - AC_SUBST(USE_WOLFSSL, [1]) - WOLFSSL_ENABLED=1 - USE_WOLFSSL="yes" - ssl_msg="WolfSSL" - test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - AC_MSG_RESULT(no) - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - wolfssllibpath="" - ]) - LIBS="$my_ac_save_LIBS" - fi - - if test "x$USE_WOLFSSL" = "xyes"; then - AC_MSG_NOTICE([detected wolfSSL]) - check_for_ca_bundle=1 - - dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! - AX_COMPILE_CHECK_SIZEOF(long long) - - LIBS="$addlib -lm $LIBS" - - dnl Recent WolfSSL versions build without SSLv3 by default - dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* - dnl DES* is needed for NTLM support and lives in the OpenSSL compatibility - dnl layer - AC_CHECK_FUNCS(wolfSSLv3_client_method \ - wolfSSL_get_peer_certificate \ - wolfSSL_UseALPN ) - - dnl if this symbol is present, we want the include path to include the - dnl OpenSSL API root as well - AC_CHECK_FUNC(wolfSSL_DES_ecb_encrypt, - [ - AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1, - [if you have wolfSSL_DES_ecb_encrypt]) - if test -n "$addcflags"; then - dnl use a for loop to strip off whitespace - for f in $addcflags; do - CPPFLAGS="$f/wolfssl $CPPFLAGS" - AC_MSG_NOTICE([Add $f/wolfssl to CPPFLAGS]) - break - done - else - dnl user didn't give a path, so guess/hope they installed wolfssl - dnl headers to system default location - CPPFLAGS="-I$includedir/wolfssl $CPPFLAGS" - AC_MSG_NOTICE([Add $includedir/wolfssl to CPPFLAGS]) - fi - WOLFSSL_NTLM=1 - ] - ) - - if test -n "$wolfssllibpath"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH]) - fi - fi - - fi - - fi dnl wolfSSL not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl ---------------------------------------------------- -dnl check for MesaLink -dnl ---------------------------------------------------- - -if test "x$OPT_MESALINK" != xno; then - _cppflags=$CPPFLAGS - _ldflags=$LDFLAGS - ssl_msg= - - if test X"$OPT_MESALINK" != Xno; then - - if test "$OPT_MESALINK" = "yes"; then - OPT_MESALINK="" - fi - - if test -z "$OPT_MESALINK" ; then - dnl check for lib first without setting any new path - - AC_CHECK_LIB(mesalink, mesalink_library_init, - dnl libmesalink found, set the variable - [ - AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled]) - AC_SUBST(USE_MESALINK, [1]) - MESALINK_ENABLED=1 - USE_MESALINK="yes" - ssl_msg="MesaLink" - test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ]) - fi - - addld="" - addlib="" - addcflags="" - mesalinklib="" - - if test "x$USE_MESALINK" != "xyes"; then - dnl add the path and test again - addld=-L$OPT_MESALINK/lib$libsuff - addcflags=-I$OPT_MESALINK/include - mesalinklib=$OPT_MESALINK/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - AC_CHECK_LIB(mesalink, mesalink_library_init, - [ - AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled]) - AC_SUBST(USE_MESALINK, [1]) - MESALINK_ENABLED=1 - USE_MESALINK="yes" - ssl_msg="MesaLink" - test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - ]) - fi - - if test "x$USE_MESALINK" = "xyes"; then - AC_MSG_NOTICE([detected MesaLink]) - - LIBS="-lmesalink $LIBS" - - if test -n "$mesalinklib"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl LD_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mesalinklib" - export LD_LIBRARY_PATH - AC_MSG_NOTICE([Added $mesalinklib to LD_LIBRARY_PATH]) - fi - fi - fi - - fi dnl MesaLink not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl ---------------------------------------------------- -dnl check for BearSSL -dnl ---------------------------------------------------- - -if test "x$OPT_BEARSSL" != xno; then - _cppflags=$CPPFLAGS - _ldflags=$LDFLAGS - ssl_msg= - - if test X"$OPT_BEARSSL" != Xno; then - - if test "$OPT_BEARSSL" = "yes"; then - OPT_BEARSSL="" - fi - - if test -z "$OPT_BEARSSL" ; then - dnl check for lib first without setting any new path - - AC_CHECK_LIB(bearssl, br_ssl_client_init_full, - dnl libbearssl found, set the variable - [ - AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled]) - AC_SUBST(USE_BEARSSL, [1]) - BEARSSL_ENABLED=1 - USE_BEARSSL="yes" - ssl_msg="BearSSL" - test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], [], -lbearssl) - fi - - addld="" - addlib="" - addcflags="" - bearssllib="" - - if test "x$USE_BEARSSL" != "xyes"; then - dnl add the path and test again - addld=-L$OPT_BEARSSL/lib$libsuff - addcflags=-I$OPT_BEARSSL/include - bearssllib=$OPT_BEARSSL/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - AC_CHECK_LIB(bearssl, br_ssl_client_init_full, - [ - AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled]) - AC_SUBST(USE_BEARSSL, [1]) - BEARSSL_ENABLED=1 - USE_BEARSSL="yes" - ssl_msg="BearSSL" - test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - ], -lbearssl) - fi - - if test "x$USE_BEARSSL" = "xyes"; then - AC_MSG_NOTICE([detected BearSSL]) - check_for_ca_bundle=1 - - LIBS="-lbearssl $LIBS" - - if test -n "$bearssllib"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$bearssllib" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $bearssllib to CURL_LIBRARY_PATH]) - fi - fi - fi - - fi dnl BearSSL not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl ---------------------------------------------------- -dnl check for rustls -dnl ---------------------------------------------------- - -if test "x$OPT_RUSTLS" != xno; then - _cppflags=$CPPFLAGS - _ldflags=$LDFLAGS - ssl_msg= - - if test X"$OPT_RUSTLS" != Xno; then - - if test "$OPT_RUSTLS" = "yes"; then - OPT_RUSTLS="" - fi - - if test -z "$OPT_RUSTLS" ; then - dnl check for lib first without setting any new path - - AC_CHECK_LIB(crustls, rustls_client_session_read, - dnl libcrustls found, set the variable - [ - AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled]) - AC_SUBST(USE_RUSTLS, [1]) - RUSTLS_ENABLED=1 - USE_RUSTLS="yes" - ssl_msg="rustls" - test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], [], -lpthread -ldl) - fi - - addld="" - addlib="-lpthread" - addcflags="" - bearssllib="" - - if test "x$USE_RUSTLS" != "xyes"; then - dnl add the path and test again - addld=-L$OPT_RUSTLS/lib$libsuff - addcflags=-I$OPT_RUSTLS/include - rustlslib=$OPT_RUSTLS/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - AC_CHECK_LIB(crustls, rustls_client_session_read, - [ - AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled]) - AC_SUBST(USE_RUSTLS, [1]) - RUSTLS_ENABLED=1 - USE_RUSTLS="yes" - ssl_msg="rustls" - test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]), - -lpthread -ldl) - fi - - if test "x$USE_RUSTLS" = "xyes"; then - AC_MSG_NOTICE([detected rustls]) - check_for_ca_bundle=1 - - LIBS="-lcrustls -lpthread -ldl $LIBS" - - if test -n "$rustlslib"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH]) - fi - fi - fi - - fi dnl rustls not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl ---------------------------------------------------- -dnl NSS. Only check if GnuTLS and OpenSSL are not enabled -dnl ---------------------------------------------------- - -if test "x$OPT_NSS" != xno; then - ssl_msg= - - if test X"$OPT_NSS" != Xno; then - - addld="" - addlib="" - addcflags="" - nssprefix="" - version="" - - if test "x$OPT_NSS" = "xyes"; then - - CURL_CHECK_PKGCONFIG(nss) - - if test "$PKGCONFIG" != "no" ; then - addlib=`$PKGCONFIG --libs nss` - addcflags=`$PKGCONFIG --cflags nss` - version=`$PKGCONFIG --modversion nss` - nssprefix=`$PKGCONFIG --variable=prefix nss` - else - dnl Without pkg-config, we check for nss-config - - check=`nss-config --version 2>/dev/null` - if test -n "$check"; then - addlib=`nss-config --libs` - addcflags=`nss-config --cflags` - version=`nss-config --version` - nssprefix=`nss-config --prefix` - else - addlib="-lnss3" - addcflags="" - version="unknown" - fi - fi - else - NSS_PCDIR="$OPT_NSS/lib/pkgconfig" - if test -f "$NSS_PCDIR/nss.pc"; then - CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR]) - if test "$PKGCONFIG" != "no" ; then - addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss` - addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss` - addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss` - version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss` - nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss` - fi - fi - fi - - if test -z "$addlib"; then - # Without pkg-config, we'll kludge in some defaults - AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) - addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS - fi - - CLEANLDFLAGS="$LDFLAGS" - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" - - LDFLAGS="$addld $LDFLAGS" - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 - AC_CHECK_LIB(nss3, SSL_VersionRangeSet, - [ - AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) - AC_SUBST(USE_NSS, [1]) - USE_NSS="yes" - NSS_ENABLED=1 - ssl_msg="NSS" - test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - LDFLAGS="$CLEANLDFLAGS" - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" - ]) - - if test "x$USE_NSS" = "xyes"; then - AC_MSG_NOTICE([detected NSS version $version]) - - dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because - dnl PK11_DestroyGenericObject() does not release resources allocated by - dnl PK11_CreateGenericObject() early enough. - AC_CHECK_FUNC(PK11_CreateManagedGenericObject, - [ - AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1, - [if you have the PK11_CreateManagedGenericObject function]) - ]) - - dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS - NSS_LIBS=$addlib - AC_SUBST([NSS_LIBS]) - - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$nssprefix/lib$libsuff" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to CURL_LIBRARY_PATH]) - fi - - fi dnl NSS found - - fi dnl NSS not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED" in x) diff --git a/m4/curl-amissl.m4 b/m4/curl-amissl.m4 new file mode 100644 index 000000000..60fe34fef --- /dev/null +++ b/m4/curl-amissl.m4 @@ -0,0 +1,47 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_AMISSL], [ +AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)]) +if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then + if test "x$OPT_AMISSL" != xno; then + ssl_msg= + if test "x$OPT_AMISSL" != "xno"; then + AC_MSG_RESULT(yes) + ssl_msg="AmiSSL" + test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + AMISSL_ENABLED=1 + LIBS="-lamisslauto $LIBS" + AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use]) + AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]) + else + AC_MSG_RESULT(no) + fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" + else + AC_MSG_RESULT(no) + fi +else + AC_MSG_RESULT(no) +fi + +]) diff --git a/m4/curl-bearssl.m4 b/m4/curl-bearssl.m4 new file mode 100644 index 000000000..86677e46a --- /dev/null +++ b/m4/curl-bearssl.m4 @@ -0,0 +1,108 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_BEARSSL], [ +dnl ---------------------------------------------------- +dnl check for BearSSL +dnl ---------------------------------------------------- + +if test "x$OPT_BEARSSL" != xno; then + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + ssl_msg= + + if test X"$OPT_BEARSSL" != Xno; then + + if test "$OPT_BEARSSL" = "yes"; then + OPT_BEARSSL="" + fi + + if test -z "$OPT_BEARSSL" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(bearssl, br_ssl_client_init_full, + dnl libbearssl found, set the variable + [ + AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled]) + AC_SUBST(USE_BEARSSL, [1]) + BEARSSL_ENABLED=1 + USE_BEARSSL="yes" + ssl_msg="BearSSL" + test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], [], -lbearssl) + fi + + addld="" + addlib="" + addcflags="" + bearssllib="" + + if test "x$USE_BEARSSL" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_BEARSSL/lib$libsuff + addcflags=-I$OPT_BEARSSL/include + bearssllib=$OPT_BEARSSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(bearssl, br_ssl_client_init_full, + [ + AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled]) + AC_SUBST(USE_BEARSSL, [1]) + BEARSSL_ENABLED=1 + USE_BEARSSL="yes" + ssl_msg="BearSSL" + test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ], -lbearssl) + fi + + if test "x$USE_BEARSSL" = "xyes"; then + AC_MSG_NOTICE([detected BearSSL]) + check_for_ca_bundle=1 + + LIBS="-lbearssl $LIBS" + + if test -n "$bearssllib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$bearssllib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $bearssllib to CURL_LIBRARY_PATH]) + fi + fi + fi + + fi dnl BearSSL not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi +]) diff --git a/m4/curl-gnutls.m4 b/m4/curl-gnutls.m4 new file mode 100644 index 000000000..f0b80abe8 --- /dev/null +++ b/m4/curl-gnutls.m4 @@ -0,0 +1,165 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +dnl ---------------------------------------------------- +dnl check for GnuTLS +dnl ---------------------------------------------------- + +AC_DEFUN([CURL_WITH_GNUTLS], [ +if test "x$OPT_GNUTLS" != xno; then + ssl_msg= + + if test X"$OPT_GNUTLS" != Xno; then + + addld="" + addlib="" + gtlslib="" + version="" + addcflags="" + + if test "x$OPT_GNUTLS" = "xyes"; then + dnl this is with no partiular path given + CURL_CHECK_PKGCONFIG(gnutls) + + if test "$PKGCONFIG" != "no" ; then + addlib=`$PKGCONFIG --libs-only-l gnutls` + addld=`$PKGCONFIG --libs-only-L gnutls` + addcflags=`$PKGCONFIG --cflags-only-I gnutls` + version=`$PKGCONFIG --modversion gnutls` + gtlslib=`echo $addld | $SED -e 's/^-L//'` + else + dnl without pkg-config, we try libgnutls-config as that was how it + dnl used to be done + check=`libgnutls-config --version 2>/dev/null` + if test -n "$check"; then + addlib=`libgnutls-config --libs` + addcflags=`libgnutls-config --cflags` + version=`libgnutls-config --version` + gtlslib=`libgnutls-config --prefix`/lib$libsuff + fi + fi + else + dnl this is with a given path, first check if there's a libgnutls-config + dnl there and if not, make an educated guess + cfg=$OPT_GNUTLS/bin/libgnutls-config + check=`$cfg --version 2>/dev/null` + if test -n "$check"; then + addlib=`$cfg --libs` + addcflags=`$cfg --cflags` + version=`$cfg --version` + gtlslib=`$cfg --prefix`/lib$libsuff + else + dnl without pkg-config and libgnutls-config, we guess a lot! + addlib=-lgnutls + addld=-L$OPT_GNUTLS/lib$libsuff + addcflags=-I$OPT_GNUTLS/include + version="" # we just don't know + gtlslib=$OPT_GNUTLS/lib$libsuff + fi + fi + + if test -z "$version"; then + dnl lots of efforts, still no go + version="unknown" + fi + + if test -n "$addlib"; then + + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLDFLAGS="$LDFLAGS" + + LIBS="$addlib $LIBS" + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + dnl this function is selected since it was introduced in 3.1.10 + AC_CHECK_LIB(gnutls, gnutls_x509_crt_get_dn2, + [ + AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled]) + AC_SUBST(USE_GNUTLS, [1]) + GNUTLS_ENABLED=1 + USE_GNUTLS="yes" + ssl_msg="GnuTLS" + test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) + + if test "x$USE_GNUTLS" = "xyes"; then + AC_MSG_NOTICE([detected GnuTLS version $version]) + check_for_ca_bundle=1 + if test -n "$gtlslib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH]) + fi + fi + fi + + fi + + fi dnl GNUTLS not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +dnl --- +dnl Check which crypto backend GnuTLS uses +dnl --- + +if test "$GNUTLS_ENABLED" = "1"; then + USE_GNUTLS_NETTLE= + # First check if we can detect either crypto library via transitive linking + AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ]) + + # If not, try linking directly to both of them to see if they are available + if test "$USE_GNUTLS_NETTLE" = ""; then + AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ]) + fi + if test "$USE_GNUTLS_NETTLE" = ""; then + AC_MSG_ERROR([GnuTLS found, but nettle was not found]) + fi + LIBS="-lnettle $LIBS" +fi + +dnl --- +dnl We require GnuTLS with SRP support. +dnl --- +if test "$GNUTLS_ENABLED" = "1"; then + AC_CHECK_LIB(gnutls, gnutls_srp_verifier, + [ + AC_DEFINE(HAVE_GNUTLS_SRP, 1, [if you have the function gnutls_srp_verifier]) + AC_SUBST(HAVE_GNUTLS_SRP, [1]) + ]) +fi + +]) diff --git a/m4/curl-mbedtls.m4 b/m4/curl-mbedtls.m4 new file mode 100644 index 000000000..4c91cba36 --- /dev/null +++ b/m4/curl-mbedtls.m4 @@ -0,0 +1,109 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +dnl ---------------------------------------------------- +dnl check for mbedTLS +dnl ---------------------------------------------------- +AC_DEFUN([CURL_WITH_MBEDTLS], [ + +if test "x$OPT_MBEDTLS" != xno; then + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + ssl_msg= + + if test X"$OPT_MBEDTLS" != Xno; then + + if test "$OPT_MBEDTLS" = "yes"; then + OPT_MBEDTLS="" + fi + + if test -z "$OPT_MBEDTLS" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(mbedtls, mbedtls_havege_init, + dnl libmbedtls found, set the variable + [ + AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) + AC_SUBST(USE_MBEDTLS, [1]) + MBEDTLS_ENABLED=1 + USE_MBEDTLS="yes" + ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], [], -lmbedx509 -lmbedcrypto) + fi + + addld="" + addlib="" + addcflags="" + mbedtlslib="" + + if test "x$USE_MBEDTLS" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_MBEDTLS/lib$libsuff + addcflags=-I$OPT_MBEDTLS/include + mbedtlslib=$OPT_MBEDTLS/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, + [ + AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) + AC_SUBST(USE_MBEDTLS, [1]) + MBEDTLS_ENABLED=1 + USE_MBEDTLS="yes" + ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ], -lmbedx509 -lmbedcrypto) + fi + + if test "x$USE_MBEDTLS" = "xyes"; then + AC_MSG_NOTICE([detected mbedTLS]) + check_for_ca_bundle=1 + + LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS" + + if test -n "$mbedtlslib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH]) + fi + fi + fi + + fi dnl mbedTLS not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +]) diff --git a/m4/curl-mesalink.m4 b/m4/curl-mesalink.m4 new file mode 100644 index 000000000..0f588a985 --- /dev/null +++ b/m4/curl-mesalink.m4 @@ -0,0 +1,107 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_MESALINK], [ +dnl ---------------------------------------------------- +dnl check for MesaLink +dnl ---------------------------------------------------- + +if test "x$OPT_MESALINK" != xno; then + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + ssl_msg= + + if test X"$OPT_MESALINK" != Xno; then + + if test "$OPT_MESALINK" = "yes"; then + OPT_MESALINK="" + fi + + if test -z "$OPT_MESALINK" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(mesalink, mesalink_library_init, + dnl libmesalink found, set the variable + [ + AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled]) + AC_SUBST(USE_MESALINK, [1]) + MESALINK_ENABLED=1 + USE_MESALINK="yes" + ssl_msg="MesaLink" + test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ]) + fi + + addld="" + addlib="" + addcflags="" + mesalinklib="" + + if test "x$USE_MESALINK" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_MESALINK/lib$libsuff + addcflags=-I$OPT_MESALINK/include + mesalinklib=$OPT_MESALINK/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(mesalink, mesalink_library_init, + [ + AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled]) + AC_SUBST(USE_MESALINK, [1]) + MESALINK_ENABLED=1 + USE_MESALINK="yes" + ssl_msg="MesaLink" + test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ]) + fi + + if test "x$USE_MESALINK" = "xyes"; then + AC_MSG_NOTICE([detected MesaLink]) + + LIBS="-lmesalink $LIBS" + + if test -n "$mesalinklib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl LD_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mesalinklib" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $mesalinklib to LD_LIBRARY_PATH]) + fi + fi + fi + + fi dnl MesaLink not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi +]) diff --git a/m4/curl-nss.m4 b/m4/curl-nss.m4 new file mode 100644 index 000000000..397ba71b1 --- /dev/null +++ b/m4/curl-nss.m4 @@ -0,0 +1,142 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_NSS], [ +if test "x$OPT_NSS" != xno; then + ssl_msg= + + if test X"$OPT_NSS" != Xno; then + + addld="" + addlib="" + addcflags="" + nssprefix="" + version="" + + if test "x$OPT_NSS" = "xyes"; then + + CURL_CHECK_PKGCONFIG(nss) + + if test "$PKGCONFIG" != "no" ; then + addlib=`$PKGCONFIG --libs nss` + addcflags=`$PKGCONFIG --cflags nss` + version=`$PKGCONFIG --modversion nss` + nssprefix=`$PKGCONFIG --variable=prefix nss` + else + dnl Without pkg-config, we check for nss-config + + check=`nss-config --version 2>/dev/null` + if test -n "$check"; then + addlib=`nss-config --libs` + addcflags=`nss-config --cflags` + version=`nss-config --version` + nssprefix=`nss-config --prefix` + else + addlib="-lnss3" + addcflags="" + version="unknown" + fi + fi + else + NSS_PCDIR="$OPT_NSS/lib/pkgconfig" + if test -f "$NSS_PCDIR/nss.pc"; then + CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR]) + if test "$PKGCONFIG" != "no" ; then + addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss` + addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss` + addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss` + version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss` + nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss` + fi + fi + fi + + if test -z "$addlib"; then + # Without pkg-config, we'll kludge in some defaults + AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) + addld="-L$OPT_NSS/lib" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS + fi + + CLEANLDFLAGS="$LDFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" + + LDFLAGS="$addld $LDFLAGS" + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 + AC_CHECK_LIB(nss3, SSL_VersionRangeSet, + [ + AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) + AC_SUBST(USE_NSS, [1]) + USE_NSS="yes" + NSS_ENABLED=1 + ssl_msg="NSS" + test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + LDFLAGS="$CLEANLDFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) + + if test "x$USE_NSS" = "xyes"; then + AC_MSG_NOTICE([detected NSS version $version]) + + dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + dnl PK11_DestroyGenericObject() does not release resources allocated by + dnl PK11_CreateGenericObject() early enough. + AC_CHECK_FUNC(PK11_CreateManagedGenericObject, + [ + AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1, + [if you have the PK11_CreateManagedGenericObject function]) + ]) + + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS + NSS_LIBS=$addlib + AC_SUBST([NSS_LIBS]) + + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$nssprefix/lib$libsuff" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to CURL_LIBRARY_PATH]) + fi + + fi dnl NSS found + + fi dnl NSS not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +]) diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4 index 159dc3e24..835768e1b 100644 --- a/m4/curl-openssl.m4 +++ b/m4/curl-openssl.m4 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -276,3 +276,378 @@ AC_DEFUN([CURL_CHECK_OPENSSL_API], [ AC_MSG_WARN([$tst_warns]) fi ]) + +dnl ********************************************************************** +dnl Check for OpenSSL libraries and headers +dnl ********************************************************************** + +AC_DEFUN([CURL_WITH_OPENSSL], [ +if test "x$OPT_OPENSSL" != xno; then + ssl_msg= + + dnl backup the pre-ssl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + dnl This is for Msys/Mingw + case $host in + *-*-msys* | *-*-mingw*) + AC_MSG_CHECKING([for gdi32]) + my_ac_save_LIBS=$LIBS + LIBS="-lgdi32 $LIBS" + AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ + #include <windef.h> + #include <wingdi.h> + ]], + [[ + GdiFlush(); + ]])], + [ dnl worked! + AC_MSG_RESULT([yes])], + [ dnl failed, restore LIBS + LIBS=$my_ac_save_LIBS + AC_MSG_RESULT(no)] + ) + ;; + esac + + case "$OPT_OPENSSL" in + yes) + dnl --with-openssl (without path) used + PKGTEST="yes" + PREFIX_OPENSSL= + ;; + *) + dnl check the given --with-openssl spot + PKGTEST="no" + PREFIX_OPENSSL=$OPT_OPENSSL + + dnl Try pkg-config even when cross-compiling. Since we + dnl specify PKG_CONFIG_LIBDIR we're only looking where + dnl the user told us to look + OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig" + if test -f "$OPENSSL_PCDIR/openssl.pc"; then + AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) + PKGTEST="yes" + elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then + AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!]) + fi + + dnl in case pkg-config comes up empty, use what we got + dnl via --with-openssl + LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" + if test "$PREFIX_OPENSSL" != "/usr" ; then + SSL_LDFLAGS="-L$LIB_OPENSSL" + SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include" + fi + SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl" + ;; + esac + + if test "$PKGTEST" = "yes"; then + + CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR]) + + if test "$PKGCONFIG" != "no" ; then + SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` + + SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --libs-only-L openssl 2>/dev/null` + + SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --cflags-only-I openssl 2>/dev/null` + + AC_SUBST(SSL_LIBS) + AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) + AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) + AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) + + LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'` + + dnl use the values pkg-config reported. This is here + dnl instead of below with CPPFLAGS and LDFLAGS because we only + dnl learn about this via pkg-config. If we only have + dnl the argument to --with-openssl we don't know what + dnl additional libs may be necessary. Hope that we + dnl don't need any. + LIBS="$SSL_LIBS $LIBS" + fi + fi + + dnl finally, set flags to use SSL + CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS" + LDFLAGS="$LDFLAGS $SSL_LDFLAGS" + + AC_CHECK_LIB(crypto, HMAC_Update,[ + HAVECRYPTO="yes" + LIBS="-lcrypto $LIBS" + ],[ + if test -n "$LIB_OPENSSL" ; then + LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" + fi + if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then + # only set this if pkg-config wasn't used + CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" + fi + # Linking previously failed, try extra paths from --with-openssl or + # pkg-config. Use a different function name to avoid reusing the earlier + # cached result. + AC_CHECK_LIB(crypto, HMAC_Init_ex,[ + HAVECRYPTO="yes" + LIBS="-lcrypto $LIBS"], [ + + dnl still no, but what about with -ldl? + AC_MSG_CHECKING([OpenSSL linking with -ldl]) + LIBS="$CLEANLIBS -lcrypto -ldl" + AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ + #include <openssl/err.h> + ]], [[ + ERR_clear_error(); + ]]) ], + [ + AC_MSG_RESULT(yes) + HAVECRYPTO="yes" + ], + [ + AC_MSG_RESULT(no) + dnl ok, so what about both -ldl and -lpthread? + dnl This may be necessary for static libraries. + + AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread]) + LIBS="$CLEANLIBS -lcrypto -ldl -lpthread" + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + #include <openssl/err.h> + ]], [[ + ERR_clear_error(); + ]])], + [ + AC_MSG_RESULT(yes) + HAVECRYPTO="yes" + ], + [ + AC_MSG_RESULT(no) + LDFLAGS="$CLEANLDFLAGS" + CPPFLAGS="$CLEANCPPFLAGS" + LIBS="$CLEANLIBS" + + ]) + + ]) + + ]) + ]) + + if test X"$HAVECRYPTO" = X"yes"; then + dnl This is only reasonable to do if crypto actually is there: check for + dnl SSL libs NOTE: it is important to do this AFTER the crypto lib + + AC_CHECK_LIB(ssl, SSL_connect) + + if test "$ac_cv_lib_ssl_SSL_connect" != yes; then + dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff + AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); + OLIBS=$LIBS + LIBS="-lRSAglue -lrsaref $LIBS" + AC_CHECK_LIB(ssl, SSL_connect) + if test "$ac_cv_lib_ssl_SSL_connect" != yes; then + dnl still no SSL_connect + AC_MSG_RESULT(no) + LIBS=$OLIBS + else + AC_MSG_RESULT(yes) + fi + + else + + dnl Have the libraries--check for OpenSSL headers + AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ + openssl/pem.h openssl/ssl.h openssl/err.h, + ssl_msg="OpenSSL" + test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + OPENSSL_ENABLED=1 + AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) + + if test $ac_cv_header_openssl_x509_h = no; then + dnl we don't use the "action" part of the AC_CHECK_HEADERS macro + dnl since 'err.h' might in fact find a krb4 header with the same + dnl name + AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h) + + if test $ac_cv_header_x509_h = yes && + test $ac_cv_header_crypto_h = yes && + test $ac_cv_header_ssl_h = yes; then + dnl three matches + ssl_msg="OpenSSL" + OPENSSL_ENABLED=1 + fi + fi + fi + + if test X"$OPENSSL_ENABLED" != X"1"; then + LIBS="$CLEANLIBS" + fi + + if test X"$OPT_OPENSSL" != Xoff && + test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) + fi + fi + + if test X"$OPENSSL_ENABLED" = X"1"; then + dnl These can only exist if OpenSSL exists + dnl OpenSSL_version is introduced in 3.0.0 + + AC_CHECK_FUNCS( RAND_egd \ + SSLv2_client_method \ + OpenSSL_version ) + + AC_MSG_CHECKING([for BoringSSL]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #include <openssl/base.h> + ]],[[ + #ifndef OPENSSL_IS_BORINGSSL + #error not boringssl + #endif + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, + [Define to 1 if using BoringSSL.]) + ssl_msg="BoringSSL" + ],[ + AC_MSG_RESULT([no]) + ]) + + AC_MSG_CHECKING([for libressl]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> + ]],[[ + int dummy = LIBRESSL_VERSION_NUMBER; + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, + [Define to 1 if using libressl.]) + ssl_msg="libressl" + ],[ + AC_MSG_RESULT([no]) + ]) + + AC_MSG_CHECKING([for OpenSSL >= v3]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> + ]],[[ + #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) + return 0; + #else + #error older than 3 + #endif + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1, + [Define to 1 if using OpenSSL 3 or later.]) + dnl OpenSSLv3 marks the DES functions deprecated but we have no + dnl replacements (yet) so tell the compiler to not warn for them + dnl + dnl Ask OpenSSL to suppress the warnings. + CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED" + ssl_msg="OpenSSL v3+" + ],[ + AC_MSG_RESULT([no]) + ]) + fi + + if test "$OPENSSL_ENABLED" = "1"; then + if test -n "$LIB_OPENSSL"; then + dnl when the ssl shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH]) + fi + fi + CURL_CHECK_OPENSSL_API + check_for_ca_bundle=1 + fi + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +if test X"$OPT_OPENSSL" != Xno && + test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL]) + AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) + AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected]) +fi + +dnl ********************************************************************** +dnl Check for the random seed preferences +dnl ********************************************************************** + +if test X"$OPENSSL_ENABLED" = X"1"; then + AC_ARG_WITH(egd-socket, + AS_HELP_STRING([--with-egd-socket=FILE], + [Entropy Gathering Daemon socket pathname]), + [ EGD_SOCKET="$withval" ] + ) + if test -n "$EGD_SOCKET" ; then + AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", + [your Entropy Gathering Daemon socket pathname] ) + fi + + dnl Check for user-specified random device + AC_ARG_WITH(random, + AS_HELP_STRING([--with-random=FILE], + [read randomness from FILE (default=/dev/urandom)]), + [ RANDOM_FILE="$withval" ], + [ + if test x$cross_compiling != xyes; then + dnl Check for random device + AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) + else + AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling]) + fi + ] + ) + if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then + AC_SUBST(RANDOM_FILE) + AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", + [a suitable file to read random data from]) + fi +fi + +dnl --- +dnl We require OpenSSL with SRP support. +dnl --- +if test "$OPENSSL_ENABLED" = "1"; then + AC_CHECK_LIB(crypto, SRP_Calc_client_key, + [ + AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) + AC_SUBST(HAVE_OPENSSL_SRP, [1]) + ]) +fi + +dnl --- +dnl Whether the OpenSSL configuration will be loaded automatically +dnl --- +if test X"$OPENSSL_ENABLED" = X"1"; then +AC_ARG_ENABLE(openssl-auto-load-config, +AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration]) +AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]), +[ if test X"$enableval" = X"no"; then + AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled]) + AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically]) + fi +]) +fi + +]) diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4 new file mode 100644 index 000000000..f33822245 --- /dev/null +++ b/m4/curl-rustls.m4 @@ -0,0 +1,106 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_RUSTLS], [ +dnl ---------------------------------------------------- +dnl check for rustls +dnl ---------------------------------------------------- + +if test "x$OPT_RUSTLS" != xno; then + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + ssl_msg= + + if test X"$OPT_RUSTLS" != Xno; then + + if test "$OPT_RUSTLS" = "yes"; then + OPT_RUSTLS="" + fi + + if test -z "$OPT_RUSTLS" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(crustls, rustls_client_session_read, + dnl libcrustls found, set the variable + [ + AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled]) + AC_SUBST(USE_RUSTLS, [1]) + RUSTLS_ENABLED=1 + USE_RUSTLS="yes" + ssl_msg="rustls" + test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], [], -lpthread -ldl) + fi + + addld="" + addlib="-lpthread" + addcflags="" + bearssllib="" + + if test "x$USE_RUSTLS" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_RUSTLS/lib$libsuff + addcflags=-I$OPT_RUSTLS/include + rustlslib=$OPT_RUSTLS/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(crustls, rustls_client_session_read, + [ + AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled]) + AC_SUBST(USE_RUSTLS, [1]) + RUSTLS_ENABLED=1 + USE_RUSTLS="yes" + ssl_msg="rustls" + test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]), + -lpthread -ldl) + fi + + if test "x$USE_RUSTLS" = "xyes"; then + AC_MSG_NOTICE([detected rustls]) + check_for_ca_bundle=1 + + LIBS="-lcrustls -lpthread -ldl $LIBS" + + if test -n "$rustlslib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH]) + fi + fi + fi + + fi dnl rustls not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi +]) diff --git a/m4/curl-schannel.m4 b/m4/curl-schannel.m4 new file mode 100644 index 000000000..7ffe8ddba --- /dev/null +++ b/m4/curl-schannel.m4 @@ -0,0 +1,46 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_SCHANNEL], [ +AC_MSG_CHECKING([whether to enable Windows native SSL/TLS]) +if test "x$OPT_SCHANNEL" != xno; then + ssl_msg= + if test "x$OPT_SCHANNEL" != "xno" && + test "x$curl_cv_native_windows" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) + AC_SUBST(USE_SCHANNEL, [1]) + ssl_msg="Schannel" + test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + SCHANNEL_ENABLED=1 + # --with-schannel implies --enable-sspi + AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) + AC_SUBST(USE_WINDOWS_SSPI, [1]) + curl_sspi_msg="enabled" + else + AC_MSG_RESULT(no) + fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +else + AC_MSG_RESULT(no) +fi +]) diff --git a/m4/curl-sectransp.m4 b/m4/curl-sectransp.m4 new file mode 100644 index 000000000..658df958f --- /dev/null +++ b/m4/curl-sectransp.m4 @@ -0,0 +1,43 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_SECURETRANSPORT], [ +AC_MSG_CHECKING([whether to enable Secure Transport]) +if test "x$OPT_SECURETRANSPORT" != xno; then + if test "x$OPT_SECURETRANSPORT" != "xno" && + (test "x$cross_compiling" != "xno" || test -d "/System/Library/Frameworks/Security.framework"); then + AC_MSG_RESULT(yes) + AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport]) + AC_SUBST(USE_SECTRANSP, [1]) + ssl_msg="Secure Transport" + test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + SECURETRANSPORT_ENABLED=1 + LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" + else + AC_MSG_RESULT(no) + fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +else + AC_MSG_RESULT(no) +fi + +]) diff --git a/m4/curl-wolfssl.m4 b/m4/curl-wolfssl.m4 new file mode 100644 index 000000000..db9f8ceb5 --- /dev/null +++ b/m4/curl-wolfssl.m4 @@ -0,0 +1,177 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +AC_DEFUN([CURL_WITH_WOLFSSL], [ +dnl ---------------------------------------------------- +dnl check for wolfSSL +dnl ---------------------------------------------------- + +case "$OPT_WOLFSSL" in + yes|no) + wolfpkg="" + ;; + *) + wolfpkg="$withval/lib/pkgconfig" + ;; +esac + +if test "x$OPT_WOLFSSL" != xno; then + _cppflags=$CPPFLAGS + _ldflags=$LDFLAGS + + ssl_msg= + + if test X"$OPT_WOLFSSL" != Xno; then + + if test "$OPT_WOLFSSL" = "yes"; then + OPT_WOLFSSL="" + fi + + dnl try pkg-config magic + CURL_CHECK_PKGCONFIG(wolfssl, [$wolfpkg]) + AC_MSG_NOTICE([Check dir $wolfpkg]) + + addld="" + addlib="" + addcflags="" + if test "$PKGCONFIG" != "no" ; then + addlib=`CURL_EXPORT_PCDIR([$wolfpkg]) + $PKGCONFIG --libs-only-l wolfssl` + addld=`CURL_EXPORT_PCDIR([$wolfpkg]) + $PKGCONFIG --libs-only-L wolfssl` + addcflags=`CURL_EXPORT_PCDIR([$wolfpkg]) + $PKGCONFIG --cflags-only-I wolfssl` + version=`CURL_EXPORT_PCDIR([$wolfpkg]) + $PKGCONFIG --modversion wolfssl` + wolfssllibpath=`echo $addld | $SED -e 's/^-L//'` + else + addlib=-lwolfssl + dnl use system defaults if user does not supply a path + if test -n "$OPT_WOLFSSL"; then + addld=-L$OPT_WOLFSSL/lib$libsuff + addcflags=-I$OPT_WOLFSSL/include + wolfssllibpath=$OPT_WOLFSSL/lib$libsuff + fi + fi + + if test "x$USE_WOLFSSL" != "xyes"; then + + LDFLAGS="$LDFLAGS $addld" + AC_MSG_NOTICE([Add $addld to LDFLAGS]) + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + AC_MSG_NOTICE([Add $addcflags to CPPFLAGS]) + fi + + my_ac_save_LIBS="$LIBS" + LIBS="$addlib $LIBS" + AC_MSG_NOTICE([Add $addlib to LIBS]) + + AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +/* These aren't needed for detection and confuse WolfSSL. + They are set up properly later if it is detected. */ +#undef SIZEOF_LONG +#undef SIZEOF_LONG_LONG +#include <wolfssl/ssl.h> + ]],[[ + return wolfSSL_Init(); + ]]) + ],[ + AC_MSG_RESULT(yes) + AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled]) + AC_SUBST(USE_WOLFSSL, [1]) + WOLFSSL_ENABLED=1 + USE_WOLFSSL="yes" + ssl_msg="WolfSSL" + test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + AC_MSG_RESULT(no) + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + wolfssllibpath="" + ]) + LIBS="$my_ac_save_LIBS" + fi + + if test "x$USE_WOLFSSL" = "xyes"; then + AC_MSG_NOTICE([detected wolfSSL]) + check_for_ca_bundle=1 + + dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! + AX_COMPILE_CHECK_SIZEOF(long long) + + LIBS="$addlib -lm $LIBS" + + dnl Recent WolfSSL versions build without SSLv3 by default + dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* + dnl DES* is needed for NTLM support and lives in the OpenSSL compatibility + dnl layer + AC_CHECK_FUNCS(wolfSSLv3_client_method \ + wolfSSL_get_peer_certificate \ + wolfSSL_UseALPN ) + + dnl if this symbol is present, we want the include path to include the + dnl OpenSSL API root as well + AC_CHECK_FUNC(wolfSSL_DES_ecb_encrypt, + [ + AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1, + [if you have wolfSSL_DES_ecb_encrypt]) + if test -n "$addcflags"; then + dnl use a for loop to strip off whitespace + for f in $addcflags; do + CPPFLAGS="$f/wolfssl $CPPFLAGS" + AC_MSG_NOTICE([Add $f/wolfssl to CPPFLAGS]) + break + done + else + dnl user didn't give a path, so guess/hope they installed wolfssl + dnl headers to system default location + CPPFLAGS="-I$includedir/wolfssl $CPPFLAGS" + AC_MSG_NOTICE([Add $includedir/wolfssl to CPPFLAGS]) + fi + WOLFSSL_NTLM=1 + ] + ) + + if test -n "$wolfssllibpath"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH]) + fi + fi + + fi + + fi dnl wolfSSL not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +]) |