[svn] Improve OpenSSL autodetection.

Published in <sxsitbcon7w.fsf@florida.arsdigita.de>.
2024-07-03 16:38:41 -04:00 · 2001-12-12 00:30:03 -08:00 · 2001-12-12 00:30:03 -08:00 · b0ab325703
commit b0ab325703
parent aa76fd748c
2 changed files with 120 additions and 62 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
 2001-12-12  Hrvoje Niksic  <hniksic@arsdigita.com>
 	* configure.in: Autodetect SSL.  Check for SSL includes too.
 2001-12-11  Hrvoje Niksic  <hniksic@arsdigita.com>
 	* config.sub: Ditto.
--- a/configure.in
+++ b/configure.in
@ -46,7 +46,8 @@ AC_ARG_WITH(socks,
 [AC_DEFINE(HAVE_SOCKS)])
 AC_ARG_WITH(ssl,
-[  --with-ssl[=SSL_ROOT]   link with libssl [in SSL_ROOT/lib] for https: support])
+[  --with-ssl[=SSL-ROOT]   link with SSL support [default=auto]
  --without-ssl           disable SSL autodetection])
 AC_ARG_ENABLE(opie,
 [  --disable-opie          disable support for opie or s/key FTP login],
@ -215,25 +216,53 @@ then
  AC_CHECK_LIB(socks, Rconnect)
 fi
-dnl If --with-ssl was specified, make sure we can link with the
+dnl $with_ssl can be one of:
-dnl OpenSSL libs.  We should probably auto-detect this by default.
+dnl  - empty string or "auto", meaning autodetect SSL and use it if found.
 dnl  - "yes", meaning link with SSL or bail out.
 dnl  - "no", meaning don't link with SSL.
 dnl  - anything else, meaning use that as the SSL root, and bail out
 dnl    if it fails.
-if test x"$with_ssl" != x -a x"$with_ssl" != x"no"; then
+if test x"$with_ssl" = x; then
  dnl Canonicalize unspecified with-ssl setting to "auto".  This
  dnl implements the "auto-detect by default" feature.  If you want to
  dnl change this to "ignore SSL by default", change "auto" to "no".
  with_ssl=auto
 fi
 dnl Detection of OpenSSL is much hairier than the detection of other
 dnl libraries because OpenSSL can be compiled as a third-party
 dnl library, which means it will not be found without additional
 dnl linker magic.  It would be really nice to rework this check into
 dnl an AC_DEFUN so that we can reuse it for other third-party
 dnl libraries.
 if test x"$with_ssl" != x"no"; then
  wget_force_ssl=no
  if test x"$with_ssl" = x"yes"; then
-    dnl OpenSSL's default install location is "/usr/local/ssl".  We also
+    wget_force_ssl=yes
    dnl allow /usr/local for regular-style install, and /usr for Linux
    dnl stuff.
    ssl_all_roots="default /usr/local/ssl /usr/local /opt"
  else
    dnl Root has been kindly provided by the user.
    ssl_all_roots=$with_ssl
  fi
  if test x"$with_ssl" = x"yes" || test x"$with_ssl" = x"auto"; then
    dnl OpenSSL's root was not specified, so we have to guess.  First
    dnl try the system default location, then "/usr/local/ssl" (where
    dnl OpenSSL installs by default), then "/usr/local" (traditional
    dnl choice for installation root), then "/opt".
    ssl_all_roots="system-default /usr/local/ssl /usr/local /opt"
  else
    dnl Root has been specified by the user.
    ssl_all_roots=$with_ssl
    wget_force_ssl=yes
  fi
  wget_save_CC=$CC
  wget_save_LIBS=$LIBS
  wget_save_LDFLAGS=$LDFLAGS
-  wget_save_CC=$CC
+  wget_save_CPPFLAGS=$CPPFLAGS
-  dnl Use libtool for OpenSSL tests to handle the "-R<rpath>" option.
+  dnl Use libtool for OpenSSL tests so we can specify "-R<rpath>"
  dnl without having to know how the linker handles it.
  CC="$SHELL ./libtool $CC"
  dnl Unfortunately, as of this writing (OpenSSL 0.9.6), the libcrypto
@ -244,13 +273,13 @@ if test x"$with_ssl" != x -a x"$with_ssl" != x"no"; then
  AC_CHECK_LIB(dl,dlopen)
  AC_CHECK_LIB(dl,shl_load)
-  ssl_linked=no
+  ssl_success=no
  dnl Now try to find SSL libraries in each of the likely SSL roots.
  for ssl_root in $ssl_all_roots
  do
-    if test x"$ssl_root" = xdefault; then
+    if test x"$ssl_root" = x"system-default"; then
-      dnl Try the default library locations.
+      dnl Try the default include and library locations.
      SSL_INCLUDES=
    else
      dnl Try this specific root.
@ -260,10 +289,30 @@ if test x"$with_ssl" != x -a x"$with_ssl" != x"no"; then
      LDFLAGS="-L$ssl_root/lib -R$ssl_root/lib $wget_save_LDFLAGS"
    fi
    ssl_link_failure=no
    AC_MSG_RESULT(["Looking for SSL libraries in $ssl_root"])
    dnl Check whether the compiler can find the include files.  On
    dnl some systems Gcc finds libraries in /usr/local/lib, but fails
    dnl to find the includes in /usr/local/include.
    ssl_found_includes=no
    CPPFLAGS="$SSL_INCLUDES $wget_save_CPPFLAGS"
    AC_MSG_CHECKING(["for includes"])
    AC_TRY_CPP([#include <openssl/ssl.h>
 #include <openssl/rsa.h>
 ],
      AC_MSG_RESULT("found"); ssl_found_includes=yes,
      AC_MSG_RESULT("not found")
    )
    if test x"$ssl_found_includes" = xno; then
      continue
    fi
    ssl_link_failure=no
    dnl Make sure that the checks don't run afoul of the cache.  It
    dnl would be nicer to temporarily turn off the cache, but
    dnl apparently Autoconf doesn't allow that.
@ -278,69 +327,74 @@ if test x"$with_ssl" != x -a x"$with_ssl" != x"no"; then
    AC_CHECK_LIB(crypto, RSA_new, , ssl_link_failure=yes)
    AC_CHECK_LIB(ssl, SSL_new, , ssl_link_failure=yes)
-    dnl If ssl_link_failure is still no, the libraries link.  But we
+    if test x"$ssl_link_failure" = xyes; then
-    dnl still need to check if the program linked with those libraries
+      dnl One or both libs failed to link.
-    dnl under these settings with run.  On some systems (Solaris), Gcc
+      continue
-    dnl adds -L/usr/local/lib to the linking line, but fails to add
+    fi
-    dnl -R/usr/local/lib, thus creating executables that link, but
+
-    dnl fail to run.
+    dnl The libraries link.  But we still need to check if the program
    dnl linked with those libraries under these settings with run.  On
    dnl some systems (Solaris), Gcc adds -L/usr/local/lib to the
    dnl linking line, but fails to add -R/usr/local/lib, thus creating
    dnl executables that link, but fail to run.
    dnl If we are cross-compiling, just assume that working linkage
    dnl implies working executable.
-    if test x"$ssl_link_failure" = xno; then
+    ssl_run_failure=no
-      dnl Now try to run the thing.
+
-      AC_MSG_CHECKING("whether SSL libs are resolved at runtime")
+    AC_MSG_CHECKING("whether SSL libs are resolved at runtime")
-      AC_TRY_RUN([
+    AC_TRY_RUN([
 int RSA_new();
 int SSL_new();
 main(){return 0;}
 ],
-	AC_MSG_RESULT("yes"),
+      AC_MSG_RESULT("yes"),
-	AC_MSG_RESULT("no"); ssl_link_failure=yes,
+      AC_MSG_RESULT("no"); ssl_run_failure=yes,
-	AC_MSG_RESULT("cross"))
+      AC_MSG_RESULT("cross")
-    fi
+    )
-    if test x"$ssl_link_failure" = xno; then
+    if test x"$ssl_run_failure" = xno; then
-      dnl This echo doesn't look right, but I'm not sure what to use
+      ssl_success=yes
      dnl instead.
      AC_MSG_RESULT("Compiling in support for SSL in $ssl_root")
      AC_DEFINE(HAVE_SSL)
      AC_SUBST(SSL_INCLUDES)
      SSL_OBJ='gen_sslfunc$o'
      AC_SUBST(SSL_OBJ)
      ssl_linked=yes
      break
    fi
  done
-  if test x"$ssl_linked" = xno; then
+  if test x"$ssl_success" = xyes; then
-    LD_FLAGS=$wget_save_LDFLAGS
+    dnl AC_MSG_RESULT doesn't look right here, but I'm not sure what
    dnl to use instead.
    AC_MSG_RESULT("Compiling in support for SSL in $ssl_root")
    AC_DEFINE(HAVE_SSL)
    AC_SUBST(SSL_INCLUDES)
    SSL_OBJ='gen_sslfunc$o'
    AC_SUBST(SSL_OBJ)
  else
    LDFLAGS=$wget_save_LDFLAGS
    LIBS=$wget_save_LIBS
-    dnl Perhaps we should abort here.  Dan argues that configure
+    dnl If linking with SSL was forced rather than auto-detected, then
-    dnl scripts shouldn't abort out of principle, but on the other
+    dnl bail out if SSL failed.
-    dnl hand remember that the user explicitly requested linking with
+    if test x"$wget_force_ssl" = x"yes"; then
-    dnl SSL.
+      exec >&2
-
+      echo "ERROR: Failed to find OpenSSL libraries."
-    dnl IMHO there should be a way to specify whether SSL should be
+      exit 2
-    dnl avoided, auto-detected, or required, defaulting to
+    fi
    dnl `autodetect'.  Only in the `require' mode the script would
    dnl abort if SSL is not found.
    echo
    echo "WARNING: Failed to link with OpenSSL libraries in $ssl_root/lib."
    echo "         Wget will be built without support for https://... URLs."
    echo
  fi
  dnl Restore the compiler setting.
  CC=$wget_save_CC
  dnl Restore the CPPFLAGS.  Do this regardless of whether linking
  dnl with SSL succeeded -- SSL includes will be handled using
  dnl @SSL_INCLUDES@.
  CPPFLAGS=$wget_save_CPPFLAGS
 fi
 dnl
 dnl Find an md5 implementation.
 dnl
-if test x$wget_need_md5 = xyes
+if test x"$wget_need_md5" = xyes
 then
  MD5_OBJ='gen-md5$o'
@ -350,7 +404,7 @@ then
  dnl something simple like "MD5Update" because there are a number of
  dnl MD5 implementations that use that name.  md5_calc is, hopefully,
  dnl specific to the Solaris MD5 library.
-  if test x$found_md5 = xno; then
+  if test x"$found_md5" = xno; then
    AC_CHECK_LIB(md5, md5_calc, [
      AC_DEFINE(HAVE_SOLARIS_MD5)
      LIBS="-lmd5 $LIBS"
@ -360,15 +414,15 @@ then
  dnl Then see if we're linking OpenSSL anyway; if yes, use its md5
  dnl implementation.
-  if test x$found_md5 = xno; then
+  if test x"$found_md5" = xno; then
-    if test x$ssl_linked = xyes; then
+    if test x"$ssl_success" = xyes; then
      AC_DEFINE(HAVE_OPENSSL_MD5)
      found_md5=yes
    fi
  fi
-  dnl If none of the above worked, use the builtin one.
+  dnl If none of the above worked, use the one we ship with Wget.
-  if test x$found_md5 = xno; then
+  if test x"$found_md5" = xno; then
    AC_DEFINE(HAVE_BUILTIN_MD5)
    found_md5=yes
    MD5_OBJ="$MD5_OBJ gnu-md5\$o"