summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorMichael Forney <mforney@mforney.org>2019-11-07 20:17:18 -0800
committerDaniel Stenberg <daniel@haxx.se>2019-11-26 08:32:23 +0100
commit9b879160df01e7ddbb4770904391d3b74114302b (patch)
tree459aa36410942ab4dfc69d424d759d87ec8d5259 /configure.ac
parent95e94c64fb0290b6c0e66e78de7d7dfd109c4080 (diff)
downloadcurl-9b879160df01e7ddbb4770904391d3b74114302b.tar.gz
TLS: add BearSSL vtls implementation
Closes #4597
Diffstat (limited to 'configure.ac')
-rwxr-xr-xconfigure.ac98
1 files changed, 95 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac
index 4bc4a9cbd..1b5a7fb4a 100755
--- a/configure.ac
+++ b/configure.ac
@@ -156,7 +156,7 @@ AC_SUBST(PKGADD_VENDOR)
dnl
dnl initialize all the info variables
- curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl} )"
+ curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl} )"
curl_ssh_msg="no (--with-libssh2)"
curl_zlib_msg="no (--with-zlib)"
curl_brotli_msg="no (--with-brotli)"
@@ -2400,6 +2400,98 @@ if test -z "$ssl_backends" -o "x$OPT_MESALINK" != xno; then
fi
dnl ----------------------------------------------------
+dnl check for BearSSL
+dnl ----------------------------------------------------
+
+OPT_BEARSSL=no
+
+_cppflags=$CPPFLAGS
+_ldflags=$LDFLAGS
+AC_ARG_WITH(bearssl,dnl
+AC_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root])
+AC_HELP_STRING([--without-bearssl], [disable BearSSL detection]),
+ OPT_BEARSSL=$withval)
+
+if test -z "$ssl_backends" -o "x$OPT_BEARSSL" != xno; then
+ ssl_msg=
+
+ if test X"$OPT_BEARSSL" != Xno; then
+
+ if test "$OPT_BEARSSL" = "yes"; then
+ OPT_BEARSSL=""
+ fi
+
+ if test -z "$OPT_BEARSSL" ; then
+ dnl check for lib first without setting any new path
+
+ AC_CHECK_LIB(bearssl, br_ssl_client_init_full,
+ dnl libbearssl found, set the variable
+ [
+ AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled])
+ AC_SUBST(USE_BEARSSL, [1])
+ BEARSSL_ENABLED=1
+ USE_BEARSSL="yes"
+ ssl_msg="BearSSL"
+ test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ], [], -lbearssl)
+ fi
+
+ addld=""
+ addlib=""
+ addcflags=""
+ bearssllib=""
+
+ if test "x$USE_BEARSSL" != "xyes"; then
+ dnl add the path and test again
+ addld=-L$OPT_BEARSSL/lib$libsuff
+ addcflags=-I$OPT_BEARSSL/include
+ bearssllib=$OPT_BEARSSL/lib$libsuff
+
+ LDFLAGS="$LDFLAGS $addld"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ AC_CHECK_LIB(bearssl, br_ssl_client_init_full,
+ [
+ AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled])
+ AC_SUBST(USE_BEARSSL, [1])
+ BEARSSL_ENABLED=1
+ USE_BEARSSL="yes"
+ ssl_msg="BearSSL"
+ test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ CPPFLAGS=$_cppflags
+ LDFLAGS=$_ldflags
+ ], -lbearssl)
+ fi
+
+ if test "x$USE_BEARSSL" = "xyes"; then
+ AC_MSG_NOTICE([detected BearSSL])
+ check_for_ca_bundle=1
+
+ LIBS="-lbearssl $LIBS"
+
+ if test -n "$bearssllib"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$bearssllib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $bearssllib to CURL_LIBRARY_PATH])
+ fi
+ fi
+ fi
+
+ fi dnl BearSSL not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+
+dnl ----------------------------------------------------
dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
dnl ----------------------------------------------------
@@ -2529,10 +2621,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
-case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in
+case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED" in
x)
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
- AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.])
+ AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this.])
;;
x1)
# one SSL backend is enabled