summaryrefslogtreecommitdiff
path: root/m4
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2021-04-15 11:17:29 +0200
committerDaniel Stenberg <daniel@haxx.se>2021-04-22 23:19:47 +0200
commitee36e86ce8f77a017c49b8312814c33f4b969565 (patch)
tree0f56d0206eda4a3595364d2831cf8d09f2d65213 /m4
parent68d89f242cf9f6326e3b2f6fe119b7c74ef41c66 (diff)
downloadcurl-ee36e86ce8f77a017c49b8312814c33f4b969565.tar.gz
configure: split out each TLS library detector into its own function
... and put those functions in separate m4 files per TLS library.
Diffstat (limited to 'm4')
-rw-r--r--m4/curl-amissl.m447
-rw-r--r--m4/curl-bearssl.m4108
-rw-r--r--m4/curl-gnutls.m4165
-rw-r--r--m4/curl-mbedtls.m4109
-rw-r--r--m4/curl-mesalink.m4107
-rw-r--r--m4/curl-nss.m4142
-rw-r--r--m4/curl-openssl.m4377
-rw-r--r--m4/curl-rustls.m4106
-rw-r--r--m4/curl-schannel.m446
-rw-r--r--m4/curl-sectransp.m443
-rw-r--r--m4/curl-wolfssl.m4177
11 files changed, 1426 insertions, 1 deletions
diff --git a/m4/curl-amissl.m4 b/m4/curl-amissl.m4
new file mode 100644
index 000000000..60fe34fef
--- /dev/null
+++ b/m4/curl-amissl.m4
@@ -0,0 +1,47 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_AMISSL], [
+AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)])
+if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then
+ if test "x$OPT_AMISSL" != xno; then
+ ssl_msg=
+ if test "x$OPT_AMISSL" != "xno"; then
+ AC_MSG_RESULT(yes)
+ ssl_msg="AmiSSL"
+ test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ AMISSL_ENABLED=1
+ LIBS="-lamisslauto $LIBS"
+ AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use])
+ AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+ else
+ AC_MSG_RESULT(no)
+ fi
+else
+ AC_MSG_RESULT(no)
+fi
+
+])
diff --git a/m4/curl-bearssl.m4 b/m4/curl-bearssl.m4
new file mode 100644
index 000000000..86677e46a
--- /dev/null
+++ b/m4/curl-bearssl.m4
@@ -0,0 +1,108 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_BEARSSL], [
+dnl ----------------------------------------------------
+dnl check for BearSSL
+dnl ----------------------------------------------------
+
+if test "x$OPT_BEARSSL" != xno; then
+ _cppflags=$CPPFLAGS
+ _ldflags=$LDFLAGS
+ ssl_msg=
+
+ if test X"$OPT_BEARSSL" != Xno; then
+
+ if test "$OPT_BEARSSL" = "yes"; then
+ OPT_BEARSSL=""
+ fi
+
+ if test -z "$OPT_BEARSSL" ; then
+ dnl check for lib first without setting any new path
+
+ AC_CHECK_LIB(bearssl, br_ssl_client_init_full,
+ dnl libbearssl found, set the variable
+ [
+ AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled])
+ AC_SUBST(USE_BEARSSL, [1])
+ BEARSSL_ENABLED=1
+ USE_BEARSSL="yes"
+ ssl_msg="BearSSL"
+ test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ], [], -lbearssl)
+ fi
+
+ addld=""
+ addlib=""
+ addcflags=""
+ bearssllib=""
+
+ if test "x$USE_BEARSSL" != "xyes"; then
+ dnl add the path and test again
+ addld=-L$OPT_BEARSSL/lib$libsuff
+ addcflags=-I$OPT_BEARSSL/include
+ bearssllib=$OPT_BEARSSL/lib$libsuff
+
+ LDFLAGS="$LDFLAGS $addld"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ AC_CHECK_LIB(bearssl, br_ssl_client_init_full,
+ [
+ AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled])
+ AC_SUBST(USE_BEARSSL, [1])
+ BEARSSL_ENABLED=1
+ USE_BEARSSL="yes"
+ ssl_msg="BearSSL"
+ test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ CPPFLAGS=$_cppflags
+ LDFLAGS=$_ldflags
+ ], -lbearssl)
+ fi
+
+ if test "x$USE_BEARSSL" = "xyes"; then
+ AC_MSG_NOTICE([detected BearSSL])
+ check_for_ca_bundle=1
+
+ LIBS="-lbearssl $LIBS"
+
+ if test -n "$bearssllib"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$bearssllib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $bearssllib to CURL_LIBRARY_PATH])
+ fi
+ fi
+ fi
+
+ fi dnl BearSSL not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+])
diff --git a/m4/curl-gnutls.m4 b/m4/curl-gnutls.m4
new file mode 100644
index 000000000..f0b80abe8
--- /dev/null
+++ b/m4/curl-gnutls.m4
@@ -0,0 +1,165 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+dnl ----------------------------------------------------
+dnl check for GnuTLS
+dnl ----------------------------------------------------
+
+AC_DEFUN([CURL_WITH_GNUTLS], [
+if test "x$OPT_GNUTLS" != xno; then
+ ssl_msg=
+
+ if test X"$OPT_GNUTLS" != Xno; then
+
+ addld=""
+ addlib=""
+ gtlslib=""
+ version=""
+ addcflags=""
+
+ if test "x$OPT_GNUTLS" = "xyes"; then
+ dnl this is with no partiular path given
+ CURL_CHECK_PKGCONFIG(gnutls)
+
+ if test "$PKGCONFIG" != "no" ; then
+ addlib=`$PKGCONFIG --libs-only-l gnutls`
+ addld=`$PKGCONFIG --libs-only-L gnutls`
+ addcflags=`$PKGCONFIG --cflags-only-I gnutls`
+ version=`$PKGCONFIG --modversion gnutls`
+ gtlslib=`echo $addld | $SED -e 's/^-L//'`
+ else
+ dnl without pkg-config, we try libgnutls-config as that was how it
+ dnl used to be done
+ check=`libgnutls-config --version 2>/dev/null`
+ if test -n "$check"; then
+ addlib=`libgnutls-config --libs`
+ addcflags=`libgnutls-config --cflags`
+ version=`libgnutls-config --version`
+ gtlslib=`libgnutls-config --prefix`/lib$libsuff
+ fi
+ fi
+ else
+ dnl this is with a given path, first check if there's a libgnutls-config
+ dnl there and if not, make an educated guess
+ cfg=$OPT_GNUTLS/bin/libgnutls-config
+ check=`$cfg --version 2>/dev/null`
+ if test -n "$check"; then
+ addlib=`$cfg --libs`
+ addcflags=`$cfg --cflags`
+ version=`$cfg --version`
+ gtlslib=`$cfg --prefix`/lib$libsuff
+ else
+ dnl without pkg-config and libgnutls-config, we guess a lot!
+ addlib=-lgnutls
+ addld=-L$OPT_GNUTLS/lib$libsuff
+ addcflags=-I$OPT_GNUTLS/include
+ version="" # we just don't know
+ gtlslib=$OPT_GNUTLS/lib$libsuff
+ fi
+ fi
+
+ if test -z "$version"; then
+ dnl lots of efforts, still no go
+ version="unknown"
+ fi
+
+ if test -n "$addlib"; then
+
+ CLEANLIBS="$LIBS"
+ CLEANCPPFLAGS="$CPPFLAGS"
+ CLEANLDFLAGS="$LDFLAGS"
+
+ LIBS="$addlib $LIBS"
+ LDFLAGS="$LDFLAGS $addld"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ dnl this function is selected since it was introduced in 3.1.10
+ AC_CHECK_LIB(gnutls, gnutls_x509_crt_get_dn2,
+ [
+ AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled])
+ AC_SUBST(USE_GNUTLS, [1])
+ GNUTLS_ENABLED=1
+ USE_GNUTLS="yes"
+ ssl_msg="GnuTLS"
+ test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ LIBS="$CLEANLIBS"
+ CPPFLAGS="$CLEANCPPFLAGS"
+ ])
+
+ if test "x$USE_GNUTLS" = "xyes"; then
+ AC_MSG_NOTICE([detected GnuTLS version $version])
+ check_for_ca_bundle=1
+ if test -n "$gtlslib"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH])
+ fi
+ fi
+ fi
+
+ fi
+
+ fi dnl GNUTLS not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+
+dnl ---
+dnl Check which crypto backend GnuTLS uses
+dnl ---
+
+if test "$GNUTLS_ENABLED" = "1"; then
+ USE_GNUTLS_NETTLE=
+ # First check if we can detect either crypto library via transitive linking
+ AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
+
+ # If not, try linking directly to both of them to see if they are available
+ if test "$USE_GNUTLS_NETTLE" = ""; then
+ AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
+ fi
+ if test "$USE_GNUTLS_NETTLE" = ""; then
+ AC_MSG_ERROR([GnuTLS found, but nettle was not found])
+ fi
+ LIBS="-lnettle $LIBS"
+fi
+
+dnl ---
+dnl We require GnuTLS with SRP support.
+dnl ---
+if test "$GNUTLS_ENABLED" = "1"; then
+ AC_CHECK_LIB(gnutls, gnutls_srp_verifier,
+ [
+ AC_DEFINE(HAVE_GNUTLS_SRP, 1, [if you have the function gnutls_srp_verifier])
+ AC_SUBST(HAVE_GNUTLS_SRP, [1])
+ ])
+fi
+
+])
diff --git a/m4/curl-mbedtls.m4 b/m4/curl-mbedtls.m4
new file mode 100644
index 000000000..4c91cba36
--- /dev/null
+++ b/m4/curl-mbedtls.m4
@@ -0,0 +1,109 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+dnl ----------------------------------------------------
+dnl check for mbedTLS
+dnl ----------------------------------------------------
+AC_DEFUN([CURL_WITH_MBEDTLS], [
+
+if test "x$OPT_MBEDTLS" != xno; then
+ _cppflags=$CPPFLAGS
+ _ldflags=$LDFLAGS
+ ssl_msg=
+
+ if test X"$OPT_MBEDTLS" != Xno; then
+
+ if test "$OPT_MBEDTLS" = "yes"; then
+ OPT_MBEDTLS=""
+ fi
+
+ if test -z "$OPT_MBEDTLS" ; then
+ dnl check for lib first without setting any new path
+
+ AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
+ dnl libmbedtls found, set the variable
+ [
+ AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
+ AC_SUBST(USE_MBEDTLS, [1])
+ MBEDTLS_ENABLED=1
+ USE_MBEDTLS="yes"
+ ssl_msg="mbedTLS"
+ test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ], [], -lmbedx509 -lmbedcrypto)
+ fi
+
+ addld=""
+ addlib=""
+ addcflags=""
+ mbedtlslib=""
+
+ if test "x$USE_MBEDTLS" != "xyes"; then
+ dnl add the path and test again
+ addld=-L$OPT_MBEDTLS/lib$libsuff
+ addcflags=-I$OPT_MBEDTLS/include
+ mbedtlslib=$OPT_MBEDTLS/lib$libsuff
+
+ LDFLAGS="$LDFLAGS $addld"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
+ [
+ AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
+ AC_SUBST(USE_MBEDTLS, [1])
+ MBEDTLS_ENABLED=1
+ USE_MBEDTLS="yes"
+ ssl_msg="mbedTLS"
+ test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ CPPFLAGS=$_cppflags
+ LDFLAGS=$_ldflags
+ ], -lmbedx509 -lmbedcrypto)
+ fi
+
+ if test "x$USE_MBEDTLS" = "xyes"; then
+ AC_MSG_NOTICE([detected mbedTLS])
+ check_for_ca_bundle=1
+
+ LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
+
+ if test -n "$mbedtlslib"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH])
+ fi
+ fi
+ fi
+
+ fi dnl mbedTLS not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+
+])
diff --git a/m4/curl-mesalink.m4 b/m4/curl-mesalink.m4
new file mode 100644
index 000000000..0f588a985
--- /dev/null
+++ b/m4/curl-mesalink.m4
@@ -0,0 +1,107 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_MESALINK], [
+dnl ----------------------------------------------------
+dnl check for MesaLink
+dnl ----------------------------------------------------
+
+if test "x$OPT_MESALINK" != xno; then
+ _cppflags=$CPPFLAGS
+ _ldflags=$LDFLAGS
+ ssl_msg=
+
+ if test X"$OPT_MESALINK" != Xno; then
+
+ if test "$OPT_MESALINK" = "yes"; then
+ OPT_MESALINK=""
+ fi
+
+ if test -z "$OPT_MESALINK" ; then
+ dnl check for lib first without setting any new path
+
+ AC_CHECK_LIB(mesalink, mesalink_library_init,
+ dnl libmesalink found, set the variable
+ [
+ AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled])
+ AC_SUBST(USE_MESALINK, [1])
+ MESALINK_ENABLED=1
+ USE_MESALINK="yes"
+ ssl_msg="MesaLink"
+ test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ])
+ fi
+
+ addld=""
+ addlib=""
+ addcflags=""
+ mesalinklib=""
+
+ if test "x$USE_MESALINK" != "xyes"; then
+ dnl add the path and test again
+ addld=-L$OPT_MESALINK/lib$libsuff
+ addcflags=-I$OPT_MESALINK/include
+ mesalinklib=$OPT_MESALINK/lib$libsuff
+
+ LDFLAGS="$LDFLAGS $addld"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ AC_CHECK_LIB(mesalink, mesalink_library_init,
+ [
+ AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled])
+ AC_SUBST(USE_MESALINK, [1])
+ MESALINK_ENABLED=1
+ USE_MESALINK="yes"
+ ssl_msg="MesaLink"
+ test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ CPPFLAGS=$_cppflags
+ LDFLAGS=$_ldflags
+ ])
+ fi
+
+ if test "x$USE_MESALINK" = "xyes"; then
+ AC_MSG_NOTICE([detected MesaLink])
+
+ LIBS="-lmesalink $LIBS"
+
+ if test -n "$mesalinklib"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mesalinklib"
+ export LD_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $mesalinklib to LD_LIBRARY_PATH])
+ fi
+ fi
+ fi
+
+ fi dnl MesaLink not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+])
diff --git a/m4/curl-nss.m4 b/m4/curl-nss.m4
new file mode 100644
index 000000000..397ba71b1
--- /dev/null
+++ b/m4/curl-nss.m4
@@ -0,0 +1,142 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_NSS], [
+if test "x$OPT_NSS" != xno; then
+ ssl_msg=
+
+ if test X"$OPT_NSS" != Xno; then
+
+ addld=""
+ addlib=""
+ addcflags=""
+ nssprefix=""
+ version=""
+
+ if test "x$OPT_NSS" = "xyes"; then
+
+ CURL_CHECK_PKGCONFIG(nss)
+
+ if test "$PKGCONFIG" != "no" ; then
+ addlib=`$PKGCONFIG --libs nss`
+ addcflags=`$PKGCONFIG --cflags nss`
+ version=`$PKGCONFIG --modversion nss`
+ nssprefix=`$PKGCONFIG --variable=prefix nss`
+ else
+ dnl Without pkg-config, we check for nss-config
+
+ check=`nss-config --version 2>/dev/null`
+ if test -n "$check"; then
+ addlib=`nss-config --libs`
+ addcflags=`nss-config --cflags`
+ version=`nss-config --version`
+ nssprefix=`nss-config --prefix`
+ else
+ addlib="-lnss3"
+ addcflags=""
+ version="unknown"
+ fi
+ fi
+ else
+ NSS_PCDIR="$OPT_NSS/lib/pkgconfig"
+ if test -f "$NSS_PCDIR/nss.pc"; then
+ CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR])
+ if test "$PKGCONFIG" != "no" ; then
+ addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss`
+ addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss`
+ addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss`
+ version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss`
+ nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss`
+ fi
+ fi
+ fi
+
+ if test -z "$addlib"; then
+ # Without pkg-config, we'll kludge in some defaults
+ AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
+ addld="-L$OPT_NSS/lib"
+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+ addcflags="-I$OPT_NSS/include"
+ version="unknown"
+ nssprefix=$OPT_NSS
+ fi
+
+ CLEANLDFLAGS="$LDFLAGS"
+ CLEANLIBS="$LIBS"
+ CLEANCPPFLAGS="$CPPFLAGS"
+
+ LDFLAGS="$addld $LDFLAGS"
+ LIBS="$addlib $LIBS"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
+ AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
+ [
+ AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
+ AC_SUBST(USE_NSS, [1])
+ USE_NSS="yes"
+ NSS_ENABLED=1
+ ssl_msg="NSS"
+ test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ LDFLAGS="$CLEANLDFLAGS"
+ LIBS="$CLEANLIBS"
+ CPPFLAGS="$CLEANCPPFLAGS"
+ ])
+
+ if test "x$USE_NSS" = "xyes"; then
+ AC_MSG_NOTICE([detected NSS version $version])
+
+ dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
+ dnl PK11_DestroyGenericObject() does not release resources allocated by
+ dnl PK11_CreateGenericObject() early enough.
+ AC_CHECK_FUNC(PK11_CreateManagedGenericObject,
+ [
+ AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1,
+ [if you have the PK11_CreateManagedGenericObject function])
+ ])
+
+ dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
+ NSS_LIBS=$addlib
+ AC_SUBST([NSS_LIBS])
+
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$nssprefix/lib$libsuff"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to CURL_LIBRARY_PATH])
+ fi
+
+ fi dnl NSS found
+
+ fi dnl NSS not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+
+])
diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4
index 159dc3e24..835768e1b 100644
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -276,3 +276,378 @@ AC_DEFUN([CURL_CHECK_OPENSSL_API], [
AC_MSG_WARN([$tst_warns])
fi
])
+
+dnl **********************************************************************
+dnl Check for OpenSSL libraries and headers
+dnl **********************************************************************
+
+AC_DEFUN([CURL_WITH_OPENSSL], [
+if test "x$OPT_OPENSSL" != xno; then
+ ssl_msg=
+
+ dnl backup the pre-ssl variables
+ CLEANLDFLAGS="$LDFLAGS"
+ CLEANCPPFLAGS="$CPPFLAGS"
+ CLEANLIBS="$LIBS"
+
+ dnl This is for Msys/Mingw
+ case $host in
+ *-*-msys* | *-*-mingw*)
+ AC_MSG_CHECKING([for gdi32])
+ my_ac_save_LIBS=$LIBS
+ LIBS="-lgdi32 $LIBS"
+ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
+ #include <windef.h>
+ #include <wingdi.h>
+ ]],
+ [[
+ GdiFlush();
+ ]])],
+ [ dnl worked!
+ AC_MSG_RESULT([yes])],
+ [ dnl failed, restore LIBS
+ LIBS=$my_ac_save_LIBS
+ AC_MSG_RESULT(no)]
+ )
+ ;;
+ esac
+
+ case "$OPT_OPENSSL" in
+ yes)
+ dnl --with-openssl (without path) used
+ PKGTEST="yes"
+ PREFIX_OPENSSL=
+ ;;
+ *)
+ dnl check the given --with-openssl spot
+ PKGTEST="no"
+ PREFIX_OPENSSL=$OPT_OPENSSL
+
+ dnl Try pkg-config even when cross-compiling. Since we
+ dnl specify PKG_CONFIG_LIBDIR we're only looking where
+ dnl the user told us to look
+ OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
+ if test -f "$OPENSSL_PCDIR/openssl.pc"; then
+ AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
+ PKGTEST="yes"
+ elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
+ AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
+ fi
+
+ dnl in case pkg-config comes up empty, use what we got
+ dnl via --with-openssl
+ LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
+ if test "$PREFIX_OPENSSL" != "/usr" ; then
+ SSL_LDFLAGS="-L$LIB_OPENSSL"
+ SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
+ fi
+ SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl"
+ ;;
+ esac
+
+ if test "$PKGTEST" = "yes"; then
+
+ CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
+
+ if test "$PKGCONFIG" != "no" ; then
+ SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
+ $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
+
+ SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
+ $PKGCONFIG --libs-only-L openssl 2>/dev/null`
+
+ SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
+ $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
+
+ AC_SUBST(SSL_LIBS)
+ AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
+ AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
+ AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
+
+ LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
+
+ dnl use the values pkg-config reported. This is here
+ dnl instead of below with CPPFLAGS and LDFLAGS because we only
+ dnl learn about this via pkg-config. If we only have
+ dnl the argument to --with-openssl we don't know what
+ dnl additional libs may be necessary. Hope that we
+ dnl don't need any.
+ LIBS="$SSL_LIBS $LIBS"
+ fi
+ fi
+
+ dnl finally, set flags to use SSL
+ CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
+ LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
+
+ AC_CHECK_LIB(crypto, HMAC_Update,[
+ HAVECRYPTO="yes"
+ LIBS="-lcrypto $LIBS"
+ ],[
+ if test -n "$LIB_OPENSSL" ; then
+ LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
+ fi
+ if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
+ # only set this if pkg-config wasn't used
+ CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
+ fi
+ # Linking previously failed, try extra paths from --with-openssl or
+ # pkg-config. Use a different function name to avoid reusing the earlier
+ # cached result.
+ AC_CHECK_LIB(crypto, HMAC_Init_ex,[
+ HAVECRYPTO="yes"
+ LIBS="-lcrypto $LIBS"], [
+
+ dnl still no, but what about with -ldl?
+ AC_MSG_CHECKING([OpenSSL linking with -ldl])
+ LIBS="$CLEANLIBS -lcrypto -ldl"
+ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
+ #include <openssl/err.h>
+ ]], [[
+ ERR_clear_error();
+ ]]) ],
+ [
+ AC_MSG_RESULT(yes)
+ HAVECRYPTO="yes"
+ ],
+ [
+ AC_MSG_RESULT(no)
+ dnl ok, so what about both -ldl and -lpthread?
+ dnl This may be necessary for static libraries.
+
+ AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
+ LIBS="$CLEANLIBS -lcrypto -ldl -lpthread"
+ AC_LINK_IFELSE([
+ AC_LANG_PROGRAM([[
+ #include <openssl/err.h>
+ ]], [[
+ ERR_clear_error();
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ HAVECRYPTO="yes"
+ ],
+ [
+ AC_MSG_RESULT(no)
+ LDFLAGS="$CLEANLDFLAGS"
+ CPPFLAGS="$CLEANCPPFLAGS"
+ LIBS="$CLEANLIBS"
+
+ ])
+
+ ])
+
+ ])
+ ])
+
+ if test X"$HAVECRYPTO" = X"yes"; then
+ dnl This is only reasonable to do if crypto actually is there: check for
+ dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
+
+ AC_CHECK_LIB(ssl, SSL_connect)
+
+ if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
+ dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
+ AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
+ OLIBS=$LIBS
+ LIBS="-lRSAglue -lrsaref $LIBS"
+ AC_CHECK_LIB(ssl, SSL_connect)
+ if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
+ dnl still no SSL_connect
+ AC_MSG_RESULT(no)
+ LIBS=$OLIBS
+ else
+ AC_MSG_RESULT(yes)
+ fi
+
+ else
+
+ dnl Have the libraries--check for OpenSSL headers
+ AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
+ openssl/pem.h openssl/ssl.h openssl/err.h,
+ ssl_msg="OpenSSL"
+ test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ OPENSSL_ENABLED=1
+ AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
+
+ if test $ac_cv_header_openssl_x509_h = no; then
+ dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
+ dnl since 'err.h' might in fact find a krb4 header with the same
+ dnl name
+ AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
+
+ if test $ac_cv_header_x509_h = yes &&
+ test $ac_cv_header_crypto_h = yes &&
+ test $ac_cv_header_ssl_h = yes; then
+ dnl three matches
+ ssl_msg="OpenSSL"
+ OPENSSL_ENABLED=1
+ fi
+ fi
+ fi
+
+ if test X"$OPENSSL_ENABLED" != X"1"; then
+ LIBS="$CLEANLIBS"
+ fi
+
+ if test X"$OPT_OPENSSL" != Xoff &&
+ test "$OPENSSL_ENABLED" != "1"; then
+ AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
+ fi
+ fi
+
+ if test X"$OPENSSL_ENABLED" = X"1"; then
+ dnl These can only exist if OpenSSL exists
+ dnl OpenSSL_version is introduced in 3.0.0
+
+ AC_CHECK_FUNCS( RAND_egd \
+ SSLv2_client_method \
+ OpenSSL_version )
+
+ AC_MSG_CHECKING([for BoringSSL])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+ #include <openssl/base.h>
+ ]],[[
+ #ifndef OPENSSL_IS_BORINGSSL
+ #error not boringssl
+ #endif
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
+ [Define to 1 if using BoringSSL.])
+ ssl_msg="BoringSSL"
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+
+ AC_MSG_CHECKING([for libressl])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+#include <openssl/opensslv.h>
+ ]],[[
+ int dummy = LIBRESSL_VERSION_NUMBER;
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
+ [Define to 1 if using libressl.])
+ ssl_msg="libressl"
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+
+ AC_MSG_CHECKING([for OpenSSL >= v3])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+#include <openssl/opensslv.h>
+ ]],[[
+ #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
+ return 0;
+ #else
+ #error older than 3
+ #endif
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1,
+ [Define to 1 if using OpenSSL 3 or later.])
+ dnl OpenSSLv3 marks the DES functions deprecated but we have no
+ dnl replacements (yet) so tell the compiler to not warn for them
+ dnl
+ dnl Ask OpenSSL to suppress the warnings.
+ CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED"
+ ssl_msg="OpenSSL v3+"
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+ fi
+
+ if test "$OPENSSL_ENABLED" = "1"; then
+ if test -n "$LIB_OPENSSL"; then
+ dnl when the ssl shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
+ dnl to prevent further configure tests to fail due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
+ fi
+ fi
+ CURL_CHECK_OPENSSL_API
+ check_for_ca_bundle=1
+ fi
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+
+if test X"$OPT_OPENSSL" != Xno &&
+ test "$OPENSSL_ENABLED" != "1"; then
+ AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
+ AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
+ AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
+fi
+
+dnl **********************************************************************
+dnl Check for the random seed preferences
+dnl **********************************************************************
+
+if test X"$OPENSSL_ENABLED" = X"1"; then
+ AC_ARG_WITH(egd-socket,
+ AS_HELP_STRING([--with-egd-socket=FILE],
+ [Entropy Gathering Daemon socket pathname]),
+ [ EGD_SOCKET="$withval" ]
+ )
+ if test -n "$EGD_SOCKET" ; then
+ AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET",
+ [your Entropy Gathering Daemon socket pathname] )
+ fi
+
+ dnl Check for user-specified random device
+ AC_ARG_WITH(random,
+ AS_HELP_STRING([--with-random=FILE],
+ [read randomness from FILE (default=/dev/urandom)]),
+ [ RANDOM_FILE="$withval" ],
+ [
+ if test x$cross_compiling != xyes; then
+ dnl Check for random device
+ AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
+ else
+ AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
+ fi
+ ]
+ )
+ if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
+ AC_SUBST(RANDOM_FILE)
+ AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
+ [a suitable file to read random data from])
+ fi
+fi
+
+dnl ---
+dnl We require OpenSSL with SRP support.
+dnl ---
+if test "$OPENSSL_ENABLED" = "1"; then
+ AC_CHECK_LIB(crypto, SRP_Calc_client_key,
+ [
+ AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
+ AC_SUBST(HAVE_OPENSSL_SRP, [1])
+ ])
+fi
+
+dnl ---
+dnl Whether the OpenSSL configuration will be loaded automatically
+dnl ---
+if test X"$OPENSSL_ENABLED" = X"1"; then
+AC_ARG_ENABLE(openssl-auto-load-config,
+AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration])
+AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]),
+[ if test X"$enableval" = X"no"; then
+ AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled])
+ AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically])
+ fi
+])
+fi
+
+])
diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
new file mode 100644
index 000000000..f33822245
--- /dev/null
+++ b/m4/curl-rustls.m4
@@ -0,0 +1,106 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_RUSTLS], [
+dnl ----------------------------------------------------
+dnl check for rustls
+dnl ----------------------------------------------------
+
+if test "x$OPT_RUSTLS" != xno; then
+ _cppflags=$CPPFLAGS
+ _ldflags=$LDFLAGS
+ ssl_msg=
+
+ if test X"$OPT_RUSTLS" != Xno; then
+
+ if test "$OPT_RUSTLS" = "yes"; then
+ OPT_RUSTLS=""
+ fi
+
+ if test -z "$OPT_RUSTLS" ; then
+ dnl check for lib first without setting any new path
+
+ AC_CHECK_LIB(crustls, rustls_client_session_read,
+ dnl libcrustls found, set the variable
+ [
+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+ AC_SUBST(USE_RUSTLS, [1])
+ RUSTLS_ENABLED=1
+ USE_RUSTLS="yes"
+ ssl_msg="rustls"
+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ], [], -lpthread -ldl)
+ fi
+
+ addld=""
+ addlib="-lpthread"
+ addcflags=""
+ bearssllib=""
+
+ if test "x$USE_RUSTLS" != "xyes"; then
+ dnl add the path and test again
+ addld=-L$OPT_RUSTLS/lib$libsuff
+ addcflags=-I$OPT_RUSTLS/include
+ rustlslib=$OPT_RUSTLS/lib$libsuff
+
+ LDFLAGS="$LDFLAGS $addld"
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ fi
+
+ AC_CHECK_LIB(crustls, rustls_client_session_read,
+ [
+ AC_DEFINE(USE_RUSTLS, 1, [if rustls is enabled])
+ AC_SUBST(USE_RUSTLS, [1])
+ RUSTLS_ENABLED=1
+ USE_RUSTLS="yes"
+ ssl_msg="rustls"
+ test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ AC_MSG_ERROR([--with-rustls was specified but could not find rustls.]),
+ -lpthread -ldl)
+ fi
+
+ if test "x$USE_RUSTLS" = "xyes"; then
+ AC_MSG_NOTICE([detected rustls])
+ check_for_ca_bundle=1
+
+ LIBS="-lcrustls -lpthread -ldl $LIBS"
+
+ if test -n "$rustlslib"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $rustlslib to CURL_LIBRARY_PATH])
+ fi
+ fi
+ fi
+
+ fi dnl rustls not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+])
diff --git a/m4/curl-schannel.m4 b/m4/curl-schannel.m4
new file mode 100644
index 000000000..7ffe8ddba
--- /dev/null
+++ b/m4/curl-schannel.m4
@@ -0,0 +1,46 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_SCHANNEL], [
+AC_MSG_CHECKING([whether to enable Windows native SSL/TLS])
+if test "x$OPT_SCHANNEL" != xno; then
+ ssl_msg=
+ if test "x$OPT_SCHANNEL" != "xno" &&
+ test "x$curl_cv_native_windows" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
+ AC_SUBST(USE_SCHANNEL, [1])
+ ssl_msg="Schannel"
+ test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ SCHANNEL_ENABLED=1
+ # --with-schannel implies --enable-sspi
+ AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
+ AC_SUBST(USE_WINDOWS_SSPI, [1])
+ curl_sspi_msg="enabled"
+ else
+ AC_MSG_RESULT(no)
+ fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+else
+ AC_MSG_RESULT(no)
+fi
+])
diff --git a/m4/curl-sectransp.m4 b/m4/curl-sectransp.m4
new file mode 100644
index 000000000..658df958f
--- /dev/null
+++ b/m4/curl-sectransp.m4
@@ -0,0 +1,43 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_SECURETRANSPORT], [
+AC_MSG_CHECKING([whether to enable Secure Transport])
+if test "x$OPT_SECURETRANSPORT" != xno; then
+ if test "x$OPT_SECURETRANSPORT" != "xno" &&
+ (test "x$cross_compiling" != "xno" || test -d "/System/Library/Frameworks/Security.framework"); then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport])
+ AC_SUBST(USE_SECTRANSP, [1])
+ ssl_msg="Secure Transport"
+ test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ SECURETRANSPORT_ENABLED=1
+ LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
+ else
+ AC_MSG_RESULT(no)
+ fi
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+else
+ AC_MSG_RESULT(no)
+fi
+
+])
diff --git a/m4/curl-wolfssl.m4 b/m4/curl-wolfssl.m4
new file mode 100644
index 000000000..db9f8ceb5
--- /dev/null
+++ b/m4/curl-wolfssl.m4
@@ -0,0 +1,177 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+AC_DEFUN([CURL_WITH_WOLFSSL], [
+dnl ----------------------------------------------------
+dnl check for wolfSSL
+dnl ----------------------------------------------------
+
+case "$OPT_WOLFSSL" in
+ yes|no)
+ wolfpkg=""
+ ;;
+ *)
+ wolfpkg="$withval/lib/pkgconfig"
+ ;;
+esac
+
+if test "x$OPT_WOLFSSL" != xno; then
+ _cppflags=$CPPFLAGS
+ _ldflags=$LDFLAGS
+
+ ssl_msg=
+
+ if test X"$OPT_WOLFSSL" != Xno; then
+
+ if test "$OPT_WOLFSSL" = "yes"; then
+ OPT_WOLFSSL=""
+ fi
+
+ dnl try pkg-config magic
+ CURL_CHECK_PKGCONFIG(wolfssl, [$wolfpkg])
+ AC_MSG_NOTICE([Check dir $wolfpkg])
+
+ addld=""
+ addlib=""
+ addcflags=""
+ if test "$PKGCONFIG" != "no" ; then
+ addlib=`CURL_EXPORT_PCDIR([$wolfpkg])
+ $PKGCONFIG --libs-only-l wolfssl`
+ addld=`CURL_EXPORT_PCDIR([$wolfpkg])
+ $PKGCONFIG --libs-only-L wolfssl`
+ addcflags=`CURL_EXPORT_PCDIR([$wolfpkg])
+ $PKGCONFIG --cflags-only-I wolfssl`
+ version=`CURL_EXPORT_PCDIR([$wolfpkg])
+ $PKGCONFIG --modversion wolfssl`
+ wolfssllibpath=`echo $addld | $SED -e 's/^-L//'`
+ else
+ addlib=-lwolfssl
+ dnl use system defaults if user does not supply a path
+ if test -n "$OPT_WOLFSSL"; then
+ addld=-L$OPT_WOLFSSL/lib$libsuff
+ addcflags=-I$OPT_WOLFSSL/include
+ wolfssllibpath=$OPT_WOLFSSL/lib$libsuff
+ fi
+ fi
+
+ if test "x$USE_WOLFSSL" != "xyes"; then
+
+ LDFLAGS="$LDFLAGS $addld"
+ AC_MSG_NOTICE([Add $addld to LDFLAGS])
+ if test "$addcflags" != "-I/usr/include"; then
+ CPPFLAGS="$CPPFLAGS $addcflags"
+ AC_MSG_NOTICE([Add $addcflags to CPPFLAGS])
+ fi
+
+ my_ac_save_LIBS="$LIBS"
+ LIBS="$addlib $LIBS"
+ AC_MSG_NOTICE([Add $addlib to LIBS])
+
+ AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl])
+ AC_LINK_IFELSE([
+ AC_LANG_PROGRAM([[
+/* These aren't needed for detection and confuse WolfSSL.
+ They are set up properly later if it is detected. */
+#undef SIZEOF_LONG
+#undef SIZEOF_LONG_LONG
+#include <wolfssl/ssl.h>
+ ]],[[
+ return wolfSSL_Init();
+ ]])
+ ],[
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled])
+ AC_SUBST(USE_WOLFSSL, [1])
+ WOLFSSL_ENABLED=1
+ USE_WOLFSSL="yes"
+ ssl_msg="WolfSSL"
+ test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+ ],
+ [
+ AC_MSG_RESULT(no)
+ CPPFLAGS=$_cppflags
+ LDFLAGS=$_ldflags
+ wolfssllibpath=""
+ ])
+ LIBS="$my_ac_save_LIBS"
+ fi
+
+ if test "x$USE_WOLFSSL" = "xyes"; then
+ AC_MSG_NOTICE([detected wolfSSL])
+ check_for_ca_bundle=1
+
+ dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
+ AX_COMPILE_CHECK_SIZEOF(long long)
+
+ LIBS="$addlib -lm $LIBS"
+
+ dnl Recent WolfSSL versions build without SSLv3 by default
+ dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
+ dnl DES* is needed for NTLM support and lives in the OpenSSL compatibility
+ dnl layer
+ AC_CHECK_FUNCS(wolfSSLv3_client_method \
+ wolfSSL_get_peer_certificate \
+ wolfSSL_UseALPN )
+
+ dnl if this symbol is present, we want the include path to include the
+ dnl OpenSSL API root as well
+ AC_CHECK_FUNC(wolfSSL_DES_ecb_encrypt,
+ [
+ AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1,
+ [if you have wolfSSL_DES_ecb_encrypt])
+ if test -n "$addcflags"; then
+ dnl use a for loop to strip off whitespace
+ for f in $addcflags; do
+ CPPFLAGS="$f/wolfssl $CPPFLAGS"
+ AC_MSG_NOTICE([Add $f/wolfssl to CPPFLAGS])
+ break
+ done
+ else
+ dnl user didn't give a path, so guess/hope they installed wolfssl
+ dnl headers to system default location
+ CPPFLAGS="-I$includedir/wolfssl $CPPFLAGS"
+ AC_MSG_NOTICE([Add $includedir/wolfssl to CPPFLAGS])
+ fi
+ WOLFSSL_NTLM=1
+ ]
+ )
+
+ if test -n "$wolfssllibpath"; then
+ dnl when shared libs were found in a path that the run-time
+ dnl linker doesn't search through, we need to add it to
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
+ dnl due to this
+ if test "x$cross_compiling" != "xyes"; then
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH])
+ fi
+ fi
+
+ fi
+
+ fi dnl wolfSSL not disabled
+
+ test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
+fi
+
+])