Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 1 | #*************************************************************************** |
| 2 | # _ _ ____ _ |
| 3 | # Project ___| | | | _ \| | |
| 4 | # / __| | | | |_) | | |
| 5 | # | (__| |_| | _ <| |___ |
| 6 | # \___|\___/|_| \_\_____| |
| 7 | # |
Elliott Hughes | 34dd5f4 | 2021-08-10 13:01:18 -0700 | [diff] [blame] | 8 | # Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 9 | # |
| 10 | # This software is licensed as described in the file COPYING, which |
| 11 | # you should have received as part of this distribution. The terms |
Elliott Hughes | 34dd5f4 | 2021-08-10 13:01:18 -0700 | [diff] [blame] | 12 | # are also available at https://curl.se/docs/copyright.html. |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 13 | # |
| 14 | # You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | # copies of the Software, and permit persons to whom the Software is |
| 16 | # furnished to do so, under the terms of the COPYING file. |
| 17 | # |
| 18 | # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | # KIND, either express or implied. |
| 20 | # |
| 21 | #*************************************************************************** |
| 22 | |
| 23 | # File version for 'aclocal' use. Keep it a single number. |
| 24 | # serial 5 |
| 25 | |
| 26 | |
| 27 | dnl CURL_CHECK_OPENSSL_API_HEADERS |
| 28 | dnl ------------------------------------------------- |
| 29 | dnl Find out OpenSSL headers API version, as reported |
| 30 | dnl by OPENSSL_VERSION_NUMBER. No runtime checks |
| 31 | dnl allowed here for cross-compilation support. |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 32 | dnl HAVE_OPENSSL_API_HEADERS is defined as appropriate |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 33 | dnl only for systems which actually run the configure |
| 34 | dnl script. Config files generated manually or in any |
| 35 | dnl other way shall not define this. |
| 36 | |
| 37 | AC_DEFUN([CURL_CHECK_OPENSSL_API_HEADERS], [ |
| 38 | # |
| 39 | tst_api="unknown" |
| 40 | # |
| 41 | AC_MSG_CHECKING([for OpenSSL headers version]) |
| 42 | CURL_CHECK_DEF([OPENSSL_VERSION_NUMBER], [ |
| 43 | # ifdef USE_OPENSSL |
| 44 | # include <openssl/crypto.h> |
| 45 | # else |
| 46 | # include <crypto.h> |
| 47 | # endif |
| 48 | ], [silent]) |
| 49 | if test "$curl_cv_have_def_OPENSSL_VERSION_NUMBER" = "yes"; then |
| 50 | tst_verlen=`expr "$curl_cv_def_OPENSSL_VERSION_NUMBER" : '.*'` |
| 51 | case "x$tst_verlen" in |
| 52 | x6) |
| 53 | tst_vermaj=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 3` |
| 54 | tst_vermin=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 4` |
| 55 | tst_verfix=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 5` |
| 56 | tst_api=0x$tst_vermaj$tst_vermin$tst_verfix |
| 57 | ;; |
| 58 | x11|x10) |
| 59 | tst_vermaj=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 3` |
| 60 | tst_vermin=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 5` |
| 61 | tst_verfix=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 7` |
| 62 | tst_api=0x$tst_vermaj$tst_vermin$tst_verfix |
| 63 | ;; |
| 64 | *) |
| 65 | tst_api="unknown" |
| 66 | ;; |
| 67 | esac |
| 68 | case $tst_api in |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 69 | 0x111) tst_show="1.1.1" ;; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 70 | 0x110) tst_show="1.1.0" ;; |
| 71 | 0x102) tst_show="1.0.2" ;; |
| 72 | 0x101) tst_show="1.0.1" ;; |
| 73 | 0x100) tst_show="1.0.0" ;; |
| 74 | 0x099) tst_show="0.9.9" ;; |
| 75 | 0x098) tst_show="0.9.8" ;; |
| 76 | 0x097) tst_show="0.9.7" ;; |
| 77 | 0x096) tst_show="0.9.6" ;; |
| 78 | 0x095) tst_show="0.9.5" ;; |
| 79 | 0x094) tst_show="0.9.4" ;; |
| 80 | 0x093) tst_show="0.9.3" ;; |
| 81 | 0x092) tst_show="0.9.2" ;; |
| 82 | 0x091) tst_show="0.9.1" ;; |
| 83 | *) tst_show="unknown" ;; |
| 84 | esac |
| 85 | tst_show="$tst_show - $curl_cv_def_OPENSSL_VERSION_NUMBER" |
| 86 | else |
| 87 | tst_show="unknown" |
| 88 | fi |
| 89 | AC_MSG_RESULT([$tst_show]) |
| 90 | # |
| 91 | dnl if test "$tst_api" != "unknown"; then |
| 92 | dnl AC_DEFINE_UNQUOTED(HAVE_OPENSSL_API_HEADERS, $tst_api, |
| 93 | dnl [OpenSSL headers configure time API. Defined only by configure script. |
| 94 | dnl No matter what, do not ever define this manually or by any other means.]) |
| 95 | dnl fi |
| 96 | curl_openssl_api_headers=$tst_api |
| 97 | ]) |
| 98 | |
| 99 | |
| 100 | dnl CURL_CHECK_OPENSSL_API_LIBRARY |
| 101 | dnl ------------------------------------------------- |
| 102 | dnl Find out OpenSSL library API version, performing |
| 103 | dnl only link tests in order to avoid getting fooled |
| 104 | dnl by mismatched OpenSSL headers. No runtime checks |
| 105 | dnl allowed here for cross-compilation support. |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 106 | dnl HAVE_OPENSSL_API_LIBRARY is defined as appropriate |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 107 | dnl only for systems which actually run the configure |
| 108 | dnl script. Config files generated manually or in any |
| 109 | dnl other way shall not define this. |
| 110 | dnl |
| 111 | dnl Most probably we should not bother attempting to |
| 112 | dnl detect OpenSSL library development API versions |
| 113 | dnl 0.9.9 and 1.1.0. For our intended use, detecting |
| 114 | dnl released versions should be good enough. |
| 115 | dnl |
| 116 | dnl Given that currently we are not using the result |
| 117 | dnl of this check, except for informative purposes, |
| 118 | dnl lets try to figure out everything. |
| 119 | |
| 120 | AC_DEFUN([CURL_CHECK_OPENSSL_API_LIBRARY], [ |
| 121 | # |
| 122 | tst_api="unknown" |
| 123 | # |
| 124 | AC_MSG_CHECKING([for OpenSSL library version]) |
| 125 | if test "$tst_api" = "unknown"; then |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 126 | AC_LINK_IFELSE([ |
| 127 | AC_LANG_FUNC_LINK_TRY([ERR_clear_last_mark]) |
| 128 | ],[ |
| 129 | tst_api="0x111" |
| 130 | ]) |
| 131 | fi |
| 132 | if test "$tst_api" = "unknown"; then |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 133 | case $host in |
| 134 | *-*-vms*) |
| 135 | AC_LINK_IFELSE([ |
| 136 | AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_not_resumbl_sess_cb]) |
| 137 | ],[ |
| 138 | tst_api="0x110" |
| 139 | ]) |
| 140 | ;; |
| 141 | *) |
| 142 | AC_LINK_IFELSE([ |
| 143 | AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_not_resumable_session_callback]) |
| 144 | ],[ |
| 145 | tst_api="0x110" |
| 146 | ]) |
| 147 | ;; |
| 148 | esac |
| 149 | fi |
| 150 | if test "$tst_api" = "unknown"; then |
| 151 | AC_LINK_IFELSE([ |
| 152 | AC_LANG_FUNC_LINK_TRY([SSL_CONF_CTX_new]) |
| 153 | ],[ |
| 154 | tst_api="0x102" |
| 155 | ]) |
| 156 | fi |
| 157 | if test "$tst_api" = "unknown"; then |
| 158 | AC_LINK_IFELSE([ |
| 159 | AC_LANG_FUNC_LINK_TRY([SSL_renegotiate_abbreviated]) |
| 160 | ],[ |
| 161 | tst_api="0x101" |
| 162 | ]) |
| 163 | fi |
| 164 | if test "$tst_api" = "unknown"; then |
| 165 | AC_LINK_IFELSE([ |
| 166 | AC_LANG_FUNC_LINK_TRY([OBJ_add_sigid]) |
| 167 | ],[ |
| 168 | tst_api="0x100" |
| 169 | ]) |
| 170 | fi |
| 171 | if test "$tst_api" = "unknown"; then |
| 172 | AC_LINK_IFELSE([ |
| 173 | AC_LANG_FUNC_LINK_TRY([ERR_set_mark]) |
| 174 | ],[ |
| 175 | tst_api="0x098" |
| 176 | ]) |
| 177 | fi |
| 178 | if test "$tst_api" = "unknown"; then |
| 179 | AC_LINK_IFELSE([ |
| 180 | AC_LANG_FUNC_LINK_TRY([ERR_peek_last_error]) |
| 181 | ],[ |
| 182 | tst_api="0x097" |
| 183 | ]) |
| 184 | fi |
| 185 | if test "$tst_api" = "unknown"; then |
| 186 | AC_LINK_IFELSE([ |
| 187 | AC_LANG_FUNC_LINK_TRY([c2i_ASN1_OBJECT]) |
| 188 | ],[ |
| 189 | tst_api="0x096" |
| 190 | ]) |
| 191 | fi |
| 192 | if test "$tst_api" = "unknown"; then |
| 193 | AC_LINK_IFELSE([ |
| 194 | AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_purpose]) |
| 195 | ],[ |
| 196 | tst_api="0x095" |
| 197 | ]) |
| 198 | fi |
| 199 | if test "$tst_api" = "unknown"; then |
| 200 | AC_LINK_IFELSE([ |
| 201 | AC_LANG_FUNC_LINK_TRY([OBJ_obj2txt]) |
| 202 | ],[ |
| 203 | tst_api="0x094" |
| 204 | ]) |
| 205 | fi |
| 206 | if test "$tst_api" = "unknown"; then |
| 207 | AC_LINK_IFELSE([ |
| 208 | AC_LANG_FUNC_LINK_TRY([SSL_get_verify_depth]) |
| 209 | ],[ |
| 210 | tst_api="0x093" |
| 211 | ]) |
| 212 | fi |
| 213 | if test "$tst_api" = "unknown"; then |
| 214 | AC_LINK_IFELSE([ |
| 215 | AC_LANG_FUNC_LINK_TRY([SSL_library_init]) |
| 216 | ],[ |
| 217 | tst_api="0x092" |
| 218 | ]) |
| 219 | fi |
| 220 | if test "$tst_api" = "unknown"; then |
| 221 | AC_LINK_IFELSE([ |
| 222 | AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_cipher_list]) |
| 223 | ],[ |
| 224 | tst_api="0x091" |
| 225 | ]) |
| 226 | fi |
| 227 | case $tst_api in |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 228 | 0x111) tst_show="1.1.1" ;; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 229 | 0x110) tst_show="1.1.0" ;; |
| 230 | 0x102) tst_show="1.0.2" ;; |
| 231 | 0x101) tst_show="1.0.1" ;; |
| 232 | 0x100) tst_show="1.0.0" ;; |
| 233 | 0x099) tst_show="0.9.9" ;; |
| 234 | 0x098) tst_show="0.9.8" ;; |
| 235 | 0x097) tst_show="0.9.7" ;; |
| 236 | 0x096) tst_show="0.9.6" ;; |
| 237 | 0x095) tst_show="0.9.5" ;; |
| 238 | 0x094) tst_show="0.9.4" ;; |
| 239 | 0x093) tst_show="0.9.3" ;; |
| 240 | 0x092) tst_show="0.9.2" ;; |
| 241 | 0x091) tst_show="0.9.1" ;; |
| 242 | *) tst_show="unknown" ;; |
| 243 | esac |
| 244 | AC_MSG_RESULT([$tst_show]) |
| 245 | # |
| 246 | dnl if test "$tst_api" != "unknown"; then |
| 247 | dnl AC_DEFINE_UNQUOTED(HAVE_OPENSSL_API_LIBRARY, $tst_api, |
| 248 | dnl [OpenSSL library link time API. Defined only by configure script. |
| 249 | dnl No matter what, do not ever define this manually or by any other means.]) |
| 250 | dnl fi |
| 251 | curl_openssl_api_library=$tst_api |
| 252 | ]) |
| 253 | |
| 254 | |
| 255 | dnl CURL_CHECK_OPENSSL_API |
| 256 | dnl ------------------------------------------------- |
| 257 | |
| 258 | AC_DEFUN([CURL_CHECK_OPENSSL_API], [ |
| 259 | # |
| 260 | CURL_CHECK_OPENSSL_API_HEADERS |
| 261 | CURL_CHECK_OPENSSL_API_LIBRARY |
| 262 | # |
| 263 | tst_match="yes" |
| 264 | # |
| 265 | AC_MSG_CHECKING([for OpenSSL headers and library versions matching]) |
| 266 | if test "$curl_openssl_api_headers" = "unknown" || |
| 267 | test "$curl_openssl_api_library" = "unknown"; then |
| 268 | tst_match="fail" |
| 269 | tst_warns="Can not compare OpenSSL headers and library versions." |
| 270 | elif test "$curl_openssl_api_headers" != "$curl_openssl_api_library"; then |
| 271 | tst_match="no" |
| 272 | tst_warns="OpenSSL headers and library versions do not match." |
| 273 | fi |
| 274 | AC_MSG_RESULT([$tst_match]) |
| 275 | if test "$tst_match" != "yes"; then |
| 276 | AC_MSG_WARN([$tst_warns]) |
| 277 | fi |
| 278 | ]) |
Elliott Hughes | 34dd5f4 | 2021-08-10 13:01:18 -0700 | [diff] [blame] | 279 | |
| 280 | dnl ********************************************************************** |
| 281 | dnl Check for OpenSSL libraries and headers |
| 282 | dnl ********************************************************************** |
| 283 | |
| 284 | AC_DEFUN([CURL_WITH_OPENSSL], [ |
| 285 | if test "x$OPT_OPENSSL" != xno; then |
| 286 | ssl_msg= |
| 287 | |
| 288 | dnl backup the pre-ssl variables |
| 289 | CLEANLDFLAGS="$LDFLAGS" |
| 290 | CLEANCPPFLAGS="$CPPFLAGS" |
| 291 | CLEANLIBS="$LIBS" |
| 292 | |
| 293 | dnl This is for Msys/Mingw |
| 294 | case $host in |
| 295 | *-*-msys* | *-*-mingw*) |
| 296 | AC_MSG_CHECKING([for gdi32]) |
| 297 | my_ac_save_LIBS=$LIBS |
| 298 | LIBS="-lgdi32 $LIBS" |
| 299 | AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ |
| 300 | #include <windef.h> |
| 301 | #include <wingdi.h> |
| 302 | ]], |
| 303 | [[ |
| 304 | GdiFlush(); |
| 305 | ]])], |
| 306 | [ dnl worked! |
| 307 | AC_MSG_RESULT([yes])], |
| 308 | [ dnl failed, restore LIBS |
| 309 | LIBS=$my_ac_save_LIBS |
| 310 | AC_MSG_RESULT(no)] |
| 311 | ) |
| 312 | ;; |
| 313 | esac |
| 314 | |
| 315 | case "$OPT_OPENSSL" in |
| 316 | yes) |
| 317 | dnl --with-openssl (without path) used |
| 318 | PKGTEST="yes" |
| 319 | PREFIX_OPENSSL= |
| 320 | ;; |
| 321 | *) |
| 322 | dnl check the given --with-openssl spot |
| 323 | PKGTEST="no" |
| 324 | PREFIX_OPENSSL=$OPT_OPENSSL |
| 325 | |
| 326 | dnl Try pkg-config even when cross-compiling. Since we |
| 327 | dnl specify PKG_CONFIG_LIBDIR we're only looking where |
| 328 | dnl the user told us to look |
| 329 | OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig" |
| 330 | if test -f "$OPENSSL_PCDIR/openssl.pc"; then |
| 331 | AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) |
| 332 | PKGTEST="yes" |
| 333 | elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then |
| 334 | AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!]) |
| 335 | fi |
| 336 | |
| 337 | dnl in case pkg-config comes up empty, use what we got |
| 338 | dnl via --with-openssl |
| 339 | LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" |
| 340 | if test "$PREFIX_OPENSSL" != "/usr" ; then |
| 341 | SSL_LDFLAGS="-L$LIB_OPENSSL" |
| 342 | SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include" |
| 343 | fi |
| 344 | SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl" |
| 345 | ;; |
| 346 | esac |
| 347 | |
| 348 | if test "$PKGTEST" = "yes"; then |
| 349 | |
| 350 | CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR]) |
| 351 | |
| 352 | if test "$PKGCONFIG" != "no" ; then |
| 353 | SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl |
| 354 | $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` |
| 355 | |
| 356 | SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl |
| 357 | $PKGCONFIG --libs-only-L openssl 2>/dev/null` |
| 358 | |
| 359 | SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl |
| 360 | $PKGCONFIG --cflags-only-I openssl 2>/dev/null` |
| 361 | |
| 362 | AC_SUBST(SSL_LIBS) |
| 363 | AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) |
| 364 | AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) |
| 365 | AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) |
| 366 | |
| 367 | LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'` |
| 368 | |
| 369 | dnl use the values pkg-config reported. This is here |
| 370 | dnl instead of below with CPPFLAGS and LDFLAGS because we only |
| 371 | dnl learn about this via pkg-config. If we only have |
| 372 | dnl the argument to --with-openssl we don't know what |
| 373 | dnl additional libs may be necessary. Hope that we |
| 374 | dnl don't need any. |
| 375 | LIBS="$SSL_LIBS $LIBS" |
| 376 | fi |
| 377 | fi |
| 378 | |
| 379 | dnl finally, set flags to use SSL |
| 380 | CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS" |
| 381 | LDFLAGS="$LDFLAGS $SSL_LDFLAGS" |
| 382 | |
| 383 | AC_CHECK_LIB(crypto, HMAC_Update,[ |
| 384 | HAVECRYPTO="yes" |
| 385 | LIBS="-lcrypto $LIBS" |
| 386 | ],[ |
| 387 | if test -n "$LIB_OPENSSL" ; then |
| 388 | LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" |
| 389 | fi |
| 390 | if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then |
| 391 | # only set this if pkg-config wasn't used |
| 392 | CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" |
| 393 | fi |
| 394 | # Linking previously failed, try extra paths from --with-openssl or |
| 395 | # pkg-config. Use a different function name to avoid reusing the earlier |
| 396 | # cached result. |
| 397 | AC_CHECK_LIB(crypto, HMAC_Init_ex,[ |
| 398 | HAVECRYPTO="yes" |
| 399 | LIBS="-lcrypto $LIBS"], [ |
| 400 | |
| 401 | dnl still no, but what about with -ldl? |
| 402 | AC_MSG_CHECKING([OpenSSL linking with -ldl]) |
| 403 | LIBS="$CLEANLIBS -lcrypto -ldl" |
| 404 | AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ |
| 405 | #include <openssl/err.h> |
| 406 | ]], [[ |
| 407 | ERR_clear_error(); |
| 408 | ]]) ], |
| 409 | [ |
| 410 | AC_MSG_RESULT(yes) |
| 411 | HAVECRYPTO="yes" |
| 412 | ], |
| 413 | [ |
| 414 | AC_MSG_RESULT(no) |
| 415 | dnl ok, so what about both -ldl and -lpthread? |
| 416 | dnl This may be necessary for static libraries. |
| 417 | |
| 418 | AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread]) |
| 419 | LIBS="$CLEANLIBS -lcrypto -ldl -lpthread" |
| 420 | AC_LINK_IFELSE([ |
| 421 | AC_LANG_PROGRAM([[ |
| 422 | #include <openssl/err.h> |
| 423 | ]], [[ |
| 424 | ERR_clear_error(); |
| 425 | ]])], |
| 426 | [ |
| 427 | AC_MSG_RESULT(yes) |
| 428 | HAVECRYPTO="yes" |
| 429 | ], |
| 430 | [ |
| 431 | AC_MSG_RESULT(no) |
| 432 | LDFLAGS="$CLEANLDFLAGS" |
| 433 | CPPFLAGS="$CLEANCPPFLAGS" |
| 434 | LIBS="$CLEANLIBS" |
| 435 | |
| 436 | ]) |
| 437 | |
| 438 | ]) |
| 439 | |
| 440 | ]) |
| 441 | ]) |
| 442 | |
| 443 | if test X"$HAVECRYPTO" = X"yes"; then |
| 444 | dnl This is only reasonable to do if crypto actually is there: check for |
| 445 | dnl SSL libs NOTE: it is important to do this AFTER the crypto lib |
| 446 | |
| 447 | AC_CHECK_LIB(ssl, SSL_connect) |
| 448 | |
| 449 | if test "$ac_cv_lib_ssl_SSL_connect" != yes; then |
| 450 | dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff |
| 451 | AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); |
| 452 | OLIBS=$LIBS |
| 453 | LIBS="-lRSAglue -lrsaref $LIBS" |
| 454 | AC_CHECK_LIB(ssl, SSL_connect) |
| 455 | if test "$ac_cv_lib_ssl_SSL_connect" != yes; then |
| 456 | dnl still no SSL_connect |
| 457 | AC_MSG_RESULT(no) |
| 458 | LIBS=$OLIBS |
| 459 | else |
| 460 | AC_MSG_RESULT(yes) |
| 461 | fi |
| 462 | |
| 463 | else |
| 464 | |
| 465 | dnl Have the libraries--check for OpenSSL headers |
| 466 | AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ |
| 467 | openssl/pem.h openssl/ssl.h openssl/err.h, |
| 468 | ssl_msg="OpenSSL" |
| 469 | test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes |
| 470 | OPENSSL_ENABLED=1 |
| 471 | AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) |
| 472 | |
| 473 | if test $ac_cv_header_openssl_x509_h = no; then |
| 474 | dnl we don't use the "action" part of the AC_CHECK_HEADERS macro |
| 475 | dnl since 'err.h' might in fact find a krb4 header with the same |
| 476 | dnl name |
| 477 | AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h) |
| 478 | |
| 479 | if test $ac_cv_header_x509_h = yes && |
| 480 | test $ac_cv_header_crypto_h = yes && |
| 481 | test $ac_cv_header_ssl_h = yes; then |
| 482 | dnl three matches |
| 483 | ssl_msg="OpenSSL" |
| 484 | OPENSSL_ENABLED=1 |
| 485 | fi |
| 486 | fi |
| 487 | fi |
| 488 | |
| 489 | if test X"$OPENSSL_ENABLED" != X"1"; then |
| 490 | LIBS="$CLEANLIBS" |
| 491 | fi |
| 492 | |
| 493 | if test X"$OPT_OPENSSL" != Xoff && |
| 494 | test "$OPENSSL_ENABLED" != "1"; then |
| 495 | AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) |
| 496 | fi |
| 497 | fi |
| 498 | |
| 499 | if test X"$OPENSSL_ENABLED" = X"1"; then |
| 500 | dnl These can only exist if OpenSSL exists |
| 501 | dnl OpenSSL_version is introduced in 3.0.0 |
| 502 | |
| 503 | AC_CHECK_FUNCS( RAND_egd \ |
| 504 | SSLv2_client_method \ |
| 505 | OpenSSL_version ) |
| 506 | |
| 507 | AC_MSG_CHECKING([for BoringSSL]) |
| 508 | AC_COMPILE_IFELSE([ |
| 509 | AC_LANG_PROGRAM([[ |
| 510 | #include <openssl/base.h> |
| 511 | ]],[[ |
| 512 | #ifndef OPENSSL_IS_BORINGSSL |
| 513 | #error not boringssl |
| 514 | #endif |
| 515 | ]]) |
| 516 | ],[ |
| 517 | AC_MSG_RESULT([yes]) |
| 518 | AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, |
| 519 | [Define to 1 if using BoringSSL.]) |
| 520 | ssl_msg="BoringSSL" |
| 521 | ],[ |
| 522 | AC_MSG_RESULT([no]) |
| 523 | ]) |
| 524 | |
| 525 | AC_MSG_CHECKING([for libressl]) |
| 526 | AC_COMPILE_IFELSE([ |
| 527 | AC_LANG_PROGRAM([[ |
| 528 | #include <openssl/opensslv.h> |
| 529 | ]],[[ |
| 530 | int dummy = LIBRESSL_VERSION_NUMBER; |
| 531 | ]]) |
| 532 | ],[ |
| 533 | AC_MSG_RESULT([yes]) |
| 534 | AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, |
| 535 | [Define to 1 if using libressl.]) |
| 536 | ssl_msg="libressl" |
| 537 | ],[ |
| 538 | AC_MSG_RESULT([no]) |
| 539 | ]) |
| 540 | |
| 541 | AC_MSG_CHECKING([for OpenSSL >= v3]) |
| 542 | AC_COMPILE_IFELSE([ |
| 543 | AC_LANG_PROGRAM([[ |
| 544 | #include <openssl/opensslv.h> |
| 545 | ]],[[ |
| 546 | #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) |
| 547 | return 0; |
| 548 | #else |
| 549 | #error older than 3 |
| 550 | #endif |
| 551 | ]]) |
| 552 | ],[ |
| 553 | AC_MSG_RESULT([yes]) |
| 554 | AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1, |
| 555 | [Define to 1 if using OpenSSL 3 or later.]) |
| 556 | dnl OpenSSLv3 marks the DES functions deprecated but we have no |
| 557 | dnl replacements (yet) so tell the compiler to not warn for them |
| 558 | dnl |
| 559 | dnl Ask OpenSSL to suppress the warnings. |
| 560 | CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED" |
| 561 | ssl_msg="OpenSSL v3+" |
| 562 | ],[ |
| 563 | AC_MSG_RESULT([no]) |
| 564 | ]) |
| 565 | fi |
| 566 | |
| 567 | if test "$OPENSSL_ENABLED" = "1"; then |
| 568 | if test -n "$LIB_OPENSSL"; then |
| 569 | dnl when the ssl shared libs were found in a path that the run-time |
| 570 | dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH |
| 571 | dnl to prevent further configure tests to fail due to this |
| 572 | if test "x$cross_compiling" != "xyes"; then |
| 573 | CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL" |
| 574 | export CURL_LIBRARY_PATH |
| 575 | AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH]) |
| 576 | fi |
| 577 | fi |
| 578 | CURL_CHECK_OPENSSL_API |
| 579 | check_for_ca_bundle=1 |
| 580 | fi |
| 581 | |
| 582 | test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" |
| 583 | fi |
| 584 | |
| 585 | if test X"$OPT_OPENSSL" != Xno && |
| 586 | test "$OPENSSL_ENABLED" != "1"; then |
| 587 | AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL]) |
| 588 | AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) |
| 589 | AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected]) |
| 590 | fi |
| 591 | |
| 592 | dnl ********************************************************************** |
| 593 | dnl Check for the random seed preferences |
| 594 | dnl ********************************************************************** |
| 595 | |
| 596 | if test X"$OPENSSL_ENABLED" = X"1"; then |
| 597 | AC_ARG_WITH(egd-socket, |
| 598 | AS_HELP_STRING([--with-egd-socket=FILE], |
| 599 | [Entropy Gathering Daemon socket pathname]), |
| 600 | [ EGD_SOCKET="$withval" ] |
| 601 | ) |
| 602 | if test -n "$EGD_SOCKET" ; then |
| 603 | AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", |
| 604 | [your Entropy Gathering Daemon socket pathname] ) |
| 605 | fi |
| 606 | |
| 607 | dnl Check for user-specified random device |
| 608 | AC_ARG_WITH(random, |
| 609 | AS_HELP_STRING([--with-random=FILE], |
| 610 | [read randomness from FILE (default=/dev/urandom)]), |
| 611 | [ RANDOM_FILE="$withval" ], |
| 612 | [ |
| 613 | if test x$cross_compiling != xyes; then |
| 614 | dnl Check for random device |
| 615 | AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) |
| 616 | else |
| 617 | AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling]) |
| 618 | fi |
| 619 | ] |
| 620 | ) |
| 621 | if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then |
| 622 | AC_SUBST(RANDOM_FILE) |
| 623 | AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", |
| 624 | [a suitable file to read random data from]) |
| 625 | fi |
| 626 | fi |
| 627 | |
| 628 | dnl --- |
| 629 | dnl We require OpenSSL with SRP support. |
| 630 | dnl --- |
| 631 | if test "$OPENSSL_ENABLED" = "1"; then |
| 632 | AC_CHECK_LIB(crypto, SRP_Calc_client_key, |
| 633 | [ |
| 634 | AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) |
| 635 | AC_SUBST(HAVE_OPENSSL_SRP, [1]) |
| 636 | ]) |
| 637 | fi |
| 638 | |
| 639 | dnl --- |
| 640 | dnl Whether the OpenSSL configuration will be loaded automatically |
| 641 | dnl --- |
| 642 | if test X"$OPENSSL_ENABLED" = X"1"; then |
| 643 | AC_ARG_ENABLE(openssl-auto-load-config, |
| 644 | AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration]) |
| 645 | AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]), |
| 646 | [ if test X"$enableval" = X"no"; then |
| 647 | AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled]) |
| 648 | AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically]) |
| 649 | fi |
| 650 | ]) |
| 651 | fi |
| 652 | |
| 653 | ]) |