From df3ca59116bff161c0fa44b1af7915dc8c1da20e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 11 Dec 2004 18:47:22 +0000 Subject: [PATCH] Dan Fandrich: Here's a stab at a consolidation of the SSL detection heuristics into configure. Source files aren't changed by this patch, except for setup.h and the various config*.h files. Within the configure script, OPENSSL_ENABLED is used to determine if SSL is being used or not, and outside configure, USE_SSLEAY means the same thing; this could be even further unified some day. Now, when SSL is not detected, configure skips the various checks that are dependent on SSL, speeding up the configure process and avoiding complications with cross compiles. I also updated all the architecture- specific config files I could see, but I couldn't test them. --- configure.ac | 115 +++++++++++++++----------- curl-config.in | 8 +- lib/Makefile.netware | 1 + lib/config-amigaos.h | 3 + lib/config-riscos.h | 3 - lib/config-vms.h | 7 +- lib/config.dj | 1 + lib/setup.h | 17 ---- packages/vms/config-vms.h_with_ssl | 7 +- packages/vms/config-vms.h_without_ssl | 7 +- src/config-riscos.h | 5 +- 11 files changed, 93 insertions(+), 81 deletions(-) diff --git a/configure.ac b/configure.ac index b204653d9..d7f4c1f45 100644 --- a/configure.ac +++ b/configure.ac @@ -433,35 +433,6 @@ AC_HELP_STRING([--disable-nonblocking],[Disable non-blocking socket detection]), CURL_CHECK_NONBLOCKING_SOCKET ]) -dnl ********************************************************************** -dnl Check for the random seed preferences -dnl ********************************************************************** - -AC_ARG_WITH(egd-socket, -AC_HELP_STRING([--with-egd-socket=FILE], - [Entropy Gathering Daemon socket pathname]), - [ EGD_SOCKET="$withval" ] -) -if test -n "$EGD_SOCKET" ; then - AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", - [your Entropy Gathering Daemon socket pathname] ) -fi - -dnl Check for user-specified random device -AC_ARG_WITH(random, -AC_HELP_STRING([--with-random=FILE],[read randomness from FILE (default=/dev/urandom)]), - [ RANDOM_FILE="$withval" ], - [ - dnl Check for random device - AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) - ] -) -if test -n "$RANDOM_FILE" ; then - AC_SUBST(RANDOM_FILE) - AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", - [a suitable file to read random data from]) -fi - dnl ********************************************************************** dnl Check if the operating system allows programs to write to their own argv[] dnl ********************************************************************** @@ -781,7 +752,10 @@ else ]) - if test "$HAVECRYPTO" = "yes"; then + if test X"$HAVECRYPTO" != X"yes"; then + AC_MSG_WARN([crypto lib was not found; SSL will be disabled]) + + else dnl This is only reasonable to do if crypto actually is there: check for dnl SSL libs NOTE: it is important to do this AFTER the crypto lib @@ -815,27 +789,44 @@ else else AC_MSG_RESULT(yes) fi - fi + else - dnl Check for SSLeay headers - AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ - openssl/pem.h openssl/ssl.h openssl/err.h, - curl_ssl_msg="enabled" - OPENSSL_ENABLED=1) - - if test $ac_cv_header_openssl_x509_h = no; then - AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h, + dnl Have the libraries--check for SSLeay/OpenSSL headers + AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ + openssl/pem.h openssl/ssl.h openssl/err.h, curl_ssl_msg="enabled" - OPENSSL_ENABLED=1) + OPENSSL_ENABLED=1 + AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) + + if test $ac_cv_header_openssl_x509_h = no; then + AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h, + curl_ssl_msg="enabled" + OPENSSL_ENABLED=1) + fi fi + USE_SSLEAY="$OPENSSL_ENABLED" + AC_DEFINE_UNQUOTED(USE_SSLEAY, $USE_SSLEAY, [if SSL is enabled]) + AC_SUBST(USE_SSLEAY) + AC_SUBST(USE_OPENSSL) + + if test X"$OPT_SSL" != Xoff && + test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) + fi + fi + + +dnl ********************************************************************** +dnl Check for the CA bundle +dnl ********************************************************************** + + if test X"$OPENSSL_ENABLED" = X"1"; then dnl If the ENGINE library seems to be around, check for the OpenSSL engine dnl header, it is kind of "separated" from the main SSL check AC_CHECK_FUNC(ENGINE_init, [ AC_CHECK_HEADERS(openssl/engine.h) ]) - AC_SUBST(OPENSSL_ENABLED) - AC_MSG_CHECKING([CA cert bundle install path]) AC_ARG_WITH(ca-bundle, @@ -869,10 +860,7 @@ AC_HELP_STRING([--without-ca-bundle], [Don't install the CA bundle]), fi - if test X"$OPT_SSL" != Xoff && - test "$OPENSSL_ENABLED" != "1"; then - AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) - elif test "$OPENSSL_ENABLED" = "1"; then + if test "$OPENSSL_ENABLED" = "1"; then dnl when the ssl shared libs were found in a path that the run-time linker dnl doesn't search through, we need to add it to LD_LIBRARY_PATH to dnl prevent further configure tests to fail due to this @@ -884,6 +872,38 @@ fi AM_CONDITIONAL(CABUNDLE, test x$ca != xno) +dnl ********************************************************************** +dnl Check for the random seed preferences +dnl ********************************************************************** + +if test X"$OPENSSL_ENABLED" = X"1"; then + AC_ARG_WITH(egd-socket, + AC_HELP_STRING([--with-egd-socket=FILE], + [Entropy Gathering Daemon socket pathname]), + [ EGD_SOCKET="$withval" ] + ) + if test -n "$EGD_SOCKET" ; then + AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", + [your Entropy Gathering Daemon socket pathname] ) + fi + + dnl Check for user-specified random device + AC_ARG_WITH(random, + AC_HELP_STRING([--with-random=FILE], + [read randomness from FILE (default=/dev/urandom)]), + [ RANDOM_FILE="$withval" ], + [ + dnl Check for random device + AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) + ] + ) + if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then + AC_SUBST(RANDOM_FILE) + AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", + [a suitable file to read random data from]) + fi +fi + dnl ********************************************************************** dnl Check for the presence of ZLIB libraries and headers dnl ********************************************************************** @@ -1560,7 +1580,8 @@ AC_CONFIG_FILES([Makefile \ packages/EPM/curl.list \ packages/EPM/Makefile \ packages/vms/Makefile \ - curl-config + curl-config \ + libcurl.pc ]) AC_OUTPUT diff --git a/curl-config.in b/curl-config.in index bc8a0128c..ef780273f 100644 --- a/curl-config.in +++ b/curl-config.in @@ -45,19 +45,19 @@ while test $# -gt 0; do case "$1" in --ca) - echo @CURL_CA_BUNDLE@ + echo "@CURL_CA_BUNDLE@" ;; --cc) - echo @CC@ + echo "@CC@" ;; --prefix) - echo $prefix + echo "$prefix" ;; --feature) - if test "@OPENSSL_ENABLED@" = "1"; then + if test "@USE_SSLEAY@" = "1"; then echo "SSL" fi if test "@KRB4_ENABLED@" = "1"; then diff --git a/lib/Makefile.netware b/lib/Makefile.netware index b7554cabb..35c7932ce 100644 --- a/lib/Makefile.netware +++ b/lib/Makefile.netware @@ -353,6 +353,7 @@ ifdef ZLIB_PATH endif ifdef SSL @echo $(DL)#define USE_SSLEAY 1$(DL) >> $@ + @echo $(DL)#define USE_OPENSSL 1$(DL) >> $@ @echo $(DL)#define HAVE_OPENSSL_X509_H 1$(DL) >> $@ @echo $(DL)#define HAVE_OPENSSL_SSL_H 1$(DL) >> $@ @echo $(DL)#define HAVE_OPENSSL_RSA_H 1$(DL) >> $@ diff --git a/lib/config-amigaos.h b/lib/config-amigaos.h index 5d617fe16..387adebf7 100644 --- a/lib/config-amigaos.h +++ b/lib/config-amigaos.h @@ -55,6 +55,9 @@ #define HAVE_WRITABLE_ARGV 1 #define HAVE_ZLIB_H 1 +#define USE_OPENSSL 1 +#define USE_SSLEAY 1 + #define OS "AmigaOS" #define PACKAGE "curl" diff --git a/lib/config-riscos.h b/lib/config-riscos.h index e6e44b0e3..85dec3ea4 100644 --- a/lib/config-riscos.h +++ b/lib/config-riscos.h @@ -53,9 +53,6 @@ /* Define this to your Entropy Gathering Daemon socket pathname */ #undef EGD_SOCKET -/* Define if you have a working OpenSSL installation */ -#undef OPENSSL_ENABLED - /* Set to explicitly specify we don't want to use thread-safe functions */ #define DISABLED_THREADSAFE diff --git a/lib/config-vms.h b/lib/config-vms.h index 83751073d..c9f931f5a 100755 --- a/lib/config-vms.h +++ b/lib/config-vms.h @@ -343,8 +343,11 @@ /* Define if you have the getpass function. */ #undef HAVE_GETPASS -/* Define if you have a working OpenSSL installation */ -#define OPENSSL_ENABLED 1 +/* if OpenSSL is in use */ +#define USE_OPENSSL 1 + +/* if SSL is enabled */ +#define USE_SSLEAY 1 /* Define if you have the `dlopen' function. */ #undef HAVE_DLOPEN diff --git a/lib/config.dj b/lib/config.dj index bfcf9f68c..f2d38d3da 100644 --- a/lib/config.dj +++ b/lib/config.dj @@ -90,6 +90,7 @@ #define HAVE_LIBSSL 1 #define HAVE_LIBCRYPTO 1 #define OPENSSL_NO_KRB5 1 + #define USE_OPENSSL 1 #endif /* Because djgpp <= 2.03 doesn't have snprintf() etc. diff --git a/lib/setup.h b/lib/setup.h index 1c088575c..8530f0224 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -113,23 +113,6 @@ typedef unsigned char bool; #include #endif -#if defined(HAVE_X509_H) && defined(HAVE_SSL_H) && defined(HAVE_RSA_H) && \ -defined(HAVE_PEM_H) && defined(HAVE_ERR_H) && defined(HAVE_CRYPTO_H) && \ -defined(HAVE_LIBSSL) && defined(HAVE_LIBCRYPTO) - /* the six important includes files all exist and so do both libs, - defined SSLeay usage */ -#define USE_SSLEAY 1 -#endif -#if defined(HAVE_OPENSSL_X509_H) && defined(HAVE_OPENSSL_SSL_H) && \ -defined(HAVE_OPENSSL_RSA_H) && defined(HAVE_OPENSSL_PEM_H) && \ -defined(HAVE_OPENSSL_ERR_H) && defined(HAVE_OPENSSL_CRYPTO_H) && \ -defined(HAVE_LIBSSL) && defined(HAVE_LIBCRYPTO) - /* the six important includes files all exist and so do both libs, - defined SSLeay usage */ -#define USE_SSLEAY 1 -#define USE_OPENSSL 1 -#endif - #ifndef STDC_HEADERS /* no standard C headers! */ #include #endif diff --git a/packages/vms/config-vms.h_with_ssl b/packages/vms/config-vms.h_with_ssl index e47acbe61..e3bc60dac 100755 --- a/packages/vms/config-vms.h_with_ssl +++ b/packages/vms/config-vms.h_with_ssl @@ -123,8 +123,11 @@ /* OpenSSL section starts here */ /* Define if you have a working OpenSSL installation */ -#define OPENSSL_ENABLED 1 -#ifdef OPENSSL_ENABLED +#define USE_SSLEAY 1 +#ifdef USE_SSLEAY + +/* if OpenSSL is in use */ +#define USE_OPENSSL 1 /* Define if you have the crypto library (-lcrypto). */ #define HAVE_LIBCRYPTO 1 diff --git a/packages/vms/config-vms.h_without_ssl b/packages/vms/config-vms.h_without_ssl index 5b87c1dd2..d7649bb83 100755 --- a/packages/vms/config-vms.h_without_ssl +++ b/packages/vms/config-vms.h_without_ssl @@ -123,8 +123,11 @@ /* OpenSSL section starts here */ /* Define if you have a working OpenSSL installation */ -#undef OPENSSL_ENABLED -#ifdef OPENSSL_ENABLED +#undef USE_SSLEAY +#ifdef USE_SSLEAY + +/* if OpenSSL is in use */ +#define USE_OPENSSL 1 /* Define if you have the crypto library (-lcrypto). */ #define HAVE_LIBCRYPTO 1 diff --git a/src/config-riscos.h b/src/config-riscos.h index 46de289b9..166021421 100644 --- a/src/config-riscos.h +++ b/src/config-riscos.h @@ -39,7 +39,7 @@ #undef NEED_REENTRANT /* Define if you have the Kerberos4 libraries (including -ldes) */ -#undef KRB4 +#undef HAVE_KRB4 /* Define if you want to enable IPv6 support */ #undef ENABLE_IPV6 @@ -56,9 +56,6 @@ /* Define this to your Entropy Gathering Daemon socket pathname */ #undef EGD_SOCKET -/* Define if you have a working OpenSSL installation */ -#undef OPENSSL_ENABLED - /* Set to explicitly specify we don't want to use thread-safe functions */ #define DISABLED_THREADSAFE