summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorJohannes Schindelin <johannes.schindelin@gmx.de>2017-06-14 16:56:00 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-08-28 14:56:58 +0200
commitb0989cd3abaff4f9a0717b4875022fa79e33b481 (patch)
treee4b167c7695c675b788ea32704cdfd3e1b2f2468 /configure.ac
parenta53bda35e9a2acf4f2432b2d1b2d44497d68971e (diff)
downloadcurl-b0989cd3abaff4f9a0717b4875022fa79e33b481.tar.gz
vtls: allow selecting which SSL backend to use at runtime
When building software for the masses, it is sometimes not possible to decide for all users which SSL backend is appropriate. Git for Windows, for example, uses cURL to perform clones, fetches and pushes via HTTPS, and some users strongly prefer OpenSSL, while other users really need to use Secure Channel because it offers enterprise-ready tools to manage credentials via Windows' Credential Store. The current Git for Windows versions use the ugly work-around of building libcurl once with OpenSSL support and once with Secure Channel support, and switching out the binaries in the installer depending on the user's choice. Needless to say, this is a super ugly workaround that actually only works in some cases: Git for Windows also comes in a portable form, and in a form intended for third-party applications requiring Git functionality, in which cases this "swap out libcurl-4.dll" simply is not an option. Therefore, the Git for Windows project has a vested interest in teaching cURL to make the SSL backend a *runtime* option. This patch makes that possible. By running ./configure with multiple --with-<backend> options, cURL will be built with multiple backends. For the moment, the backend can be configured using the environment variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and "schannel"). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'configure.ac')
-rwxr-xr-xconfigure.ac77
1 files changed, 50 insertions, 27 deletions
diff --git a/configure.ac b/configure.ac
index 1b3f82184..a84974b7b 100755
--- a/configure.ac
+++ b/configure.ac
@@ -165,7 +165,7 @@ curl_verbose_msg="enabled (--disable-verbose)"
curl_mtlnk_msg="no (--with-libmetalink)"
curl_psl_msg="no (--with-libpsl)"
- init_ssl_msg=${curl_ssl_msg}
+ ssl_backends=
dnl
dnl Save some initial values the user might have provided
@@ -1345,13 +1345,14 @@ AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
OPT_WINSSL=$withval)
AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then
+ ssl_msg=
if test "x$OPT_WINSSL" != "xno" &&
test "x$curl_cv_native_windows" = "xyes"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
AC_SUBST(USE_SCHANNEL, [1])
- curl_ssl_msg="enabled (Windows-native)"
+ ssl_msg="Windows-native"
WINSSL_ENABLED=1
# --with-winssl implies --enable-sspi
AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
@@ -1361,6 +1362,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
else
AC_MSG_RESULT(no)
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
AC_MSG_RESULT(no)
fi
@@ -1372,18 +1374,19 @@ AC_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]),
OPT_DARWINSSL=$withval)
AC_MSG_CHECKING([whether to enable Apple OS native SSL/TLS])
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then
if test "x$OPT_DARWINSSL" != "xno" &&
test -d "/System/Library/Frameworks/Security.framework"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_DARWINSSL, 1, [to enable Apple OS native SSL/TLS support])
AC_SUBST(USE_DARWINSSL, [1])
- curl_ssl_msg="enabled (Apple OS-native)"
+ ssl_msg="$ssh_backends, Apple OS-native"
DARWINSSL_ENABLED=1
LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
else
AC_MSG_RESULT(no)
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
AC_MSG_RESULT(no)
fi
@@ -1401,7 +1404,10 @@ AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the
AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
OPT_SSL=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
+if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
+ test X"$OPT_SSL" != Xno; then
+ ssl_msg=
+
dnl backup the pre-ssl variables
CLEANLDFLAGS="$LDFLAGS"
CLEANCPPFLAGS="$CPPFLAGS"
@@ -1582,7 +1588,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
dnl Have the libraries--check for OpenSSL headers
AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
openssl/pem.h openssl/ssl.h openssl/err.h,
- curl_ssl_msg="enabled (OpenSSL)"
+ ssl_msg="OpenSSL"
OPENSSL_ENABLED=1
AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
@@ -1596,7 +1602,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
test $ac_cv_header_crypto_h = yes &&
test $ac_cv_header_ssl_h = yes; then
dnl three matches
- curl_ssl_msg="enabled (OpenSSL)"
+ ssl_msg="OpenSSL"
OPENSSL_ENABLED=1
fi
fi
@@ -1647,7 +1653,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
[Define to 1 if using BoringSSL.])
- curl_ssl_msg="enabled (BoringSSL)"
+ ssl_msg="BoringSSL"
],[
AC_MSG_RESULT([no])
])
@@ -1663,7 +1669,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
[Define to 1 if using libressl.])
- curl_ssl_msg="enabled (libressl)"
+ ssl_msg="libressl"
],[
AC_MSG_RESULT([no])
])
@@ -1683,6 +1689,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
CURL_CHECK_OPENSSL_API
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl **********************************************************************
@@ -1744,7 +1751,8 @@ AC_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to th
AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
OPT_GNUTLS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno; then
+ ssl_msg=
if test X"$OPT_GNUTLS" != Xno; then
@@ -1818,7 +1826,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_GNUTLS, [1])
GNUTLS_ENABLED=1
USE_GNUTLS="yes"
- curl_ssl_msg="enabled (GnuTLS)"
+ ssl_msg="GnuTLS"
],
[
LIBS="$CLEANLIBS"
@@ -1846,6 +1854,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi dnl GNUTLS not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ---
@@ -1903,7 +1912,8 @@ AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points t
AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]),
OPT_POLARSSL=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then
+ ssl_msg=
if test X"$OPT_POLARSSL" != Xno; then
@@ -1921,7 +1931,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_POLARSSL, [1])
POLARSSL_ENABLED=1
USE_POLARSSL="yes"
- curl_ssl_msg="enabled (PolarSSL)"
+ ssl_msg="PolarSSL"
])
fi
@@ -1947,7 +1957,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_POLARSSL, [1])
POLARSSL_ENABLED=1
USE_POLARSSL="yes"
- curl_ssl_msg="enabled (PolarSSL)"
+ ssl_msg="PolarSSL"
],
[
CPPFLAGS=$_cppflags
@@ -1975,6 +1985,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi dnl PolarSSL not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ----------------------------------------------------
@@ -1990,7 +2001,8 @@ AC_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to
AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then
+ ssl_msg=
if test X"$OPT_MBEDTLS" != Xno; then
@@ -2008,7 +2020,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_MBEDTLS, [1])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
- curl_ssl_msg="enabled (mbedTLS)"
+ ssl_msg="mbedTLS"
], [], -lmbedx509 -lmbedcrypto)
fi
@@ -2034,7 +2046,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_MBEDTLS, [1])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
- curl_ssl_msg="enabled (mbedTLS)"
+ ssl_msg="mbedTLS"
],
[
CPPFLAGS=$_cppflags
@@ -2062,6 +2074,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi dnl mbedTLS not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ----------------------------------------------------
@@ -2078,7 +2091,8 @@ AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to th
AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
OPT_CYASSL=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then
+ ssl_msg=
if test X"$OPT_CYASSL" != Xno; then
@@ -2100,7 +2114,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (CyaSSL)"
+ ssl_msg="CyaSSL"
])
fi
@@ -2126,7 +2140,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (CyaSSL)"
+ ssl_msg="CyaSSL"
],
[
CPPFLAGS=$_cppflags
@@ -2171,7 +2185,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_CYASSL, [1])
CYASSL_ENABLED=1
USE_CYASSL="yes"
- curl_ssl_msg="enabled (WolfSSL)"
+ ssl_msg="WolfSSL"
],
[
AC_MSG_RESULT(no)
@@ -2225,6 +2239,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi dnl CyaSSL not disabled
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
dnl ----------------------------------------------------
@@ -2239,7 +2254,8 @@ AC_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the inst
AC_HELP_STRING([--without-nss], [disable NSS detection]),
OPT_NSS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
+ ssl_msg=
if test X"$OPT_NSS" != Xno; then
@@ -2314,7 +2330,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_NSS, [1])
USE_NSS="yes"
NSS_ENABLED=1
- curl_ssl_msg="enabled (NSS)"
+ ssl_msg="NSS"
],
[
LDFLAGS="$CLEANLDFLAGS"
@@ -2343,7 +2359,8 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi dnl NSS not disabled
-fi dnl curl_ssl_msg = init_ssl_msg
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
OPT_AXTLS=off
@@ -2352,7 +2369,8 @@ AC_HELP_STRING([--with-axtls=PATH],[Where to look for axTLS, PATH points to the
AC_HELP_STRING([--without-axtls], [disable axTLS]),
OPT_AXTLS=$withval)
-if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+if test -z "$ssl_backends" -o "x$OPT_AXTLS" != xno; then
+ ssl_msg=
if test X"$OPT_AXTLS" != Xno; then
dnl backup the pre-axtls variables
CLEANLDFLAGS="$LDFLAGS"
@@ -2386,7 +2404,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
AC_SUBST(USE_AXTLS, [1])
AXTLS_ENABLED=1
USE_AXTLS="yes"
- curl_ssl_msg="enabled (axTLS)"
+ ssl_msg="axTLS"
if test "x$cross_compiling" != "xyes"; then
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS"
@@ -2399,6 +2417,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
LIBS="$CLEANLIBS"
])
fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
@@ -2410,6 +2429,10 @@ else
SSL_ENABLED="1"
fi
+if test -n "$ssl_backends"; then
+ curl_ssl_msg="enabled ($ssl_backends)"
+fi
+
dnl **********************************************************************
dnl Check for the CA bundle
dnl **********************************************************************